Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Schrift erscheint grün und doppelt unterstrichen, der Computer ist sehr langsam, viel Werbung (https://www.trojaner-board.de/155364-schrift-erscheint-gruen-doppelt-unterstrichen-computer-sehr-langsam-viel-werbung.html)

Machiavelli 18.06.2014 22:15
Ich warte auf Schritt 4.

Br.Pirminius 18.06.2014 22:19
Den habe ich gemacht, aber was weiter? Sie hatten mir dazu keine weiteren Anweisungen gegeben.

Machiavelli 18.06.2014 22:21
Poste bitte die Logs davon.

Br.Pirminius 18.06.2014 22:25
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-06-2014
Ran by Br. Pirminius Seber at 2014-06-18 21:54:47 Run:1
Running from C:\Users\Br. Pirminius Seber\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\Run: [iLivid] => C:\Users\Br. Pirminius Seber\AppData\Local\iLivid\iLivid.exe [6827008 2013-09-09] (Bandoo Media Inc.)
HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\MountPoints2: F - F:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\MountPoints2: {6990a982-fa63-11e1-9c64-b888e31620a2} - F:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\MountPoints2: {7788dee7-f745-11e1-9ecd-b888e31620a2} - F:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\MountPoints2: {7788def6-f745-11e1-9ecd-b888e31620a2} - F:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\MountPoints2: {7788df31-f745-11e1-9ecd-b888e31620a2} - F:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\MountPoints2: {c40c67f7-12a4-11e2-9840-74e543436fc5} - F:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\MountPoints2: {d6e0105c-6e9f-11e2-8ff2-b888e31620a2} - F:\autorun.exe
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found
ProxyServer: http=:;https=:
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = WebSearches
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = WebSearches
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396034803&from=tugs&uid=TOSHIBAXMK5075GSX_52BJCFG5TXX52BJCFG5T&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = WebSearches
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = WebSearches
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396034803&from=tugs&uid=TOSHIBAXMK5075GSX_52BJCFG5TXX52BJCFG5T&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396034803&from=tugs&uid=TOSHIBAXMK5075GSX_52BJCFG5TXX52BJCFG5T&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = WebSearches
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = WebSearches
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396034803&from=tugs&uid=TOSHIBAXMK5075GSX_52BJCFG5TXX52BJCFG5T&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe WebSearches
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120902183624.dll No File
BHO-x32: Caramava - {1e50bbda-c15a-47d5-9853-d829ff890664} - C:\Program Files (x86)\Caramava\Caramavabho.dll No File
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120902183624.dll No File
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist)
Winsock: Catalog9 02 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist)
Winsock: Catalog9 03 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist)
Winsock: Catalog9 04 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist)
Winsock: Catalog9 15 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist)
Winsock: Catalog9-x64 01 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Winsock: Catalog9-x64 02 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Winsock: Catalog9-x64 03 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Winsock: Catalog9-x64 04 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Winsock: Catalog9-x64 15 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
FF DefaultSearchEngine: webssearches
R2 SecureAssist; C:\Program Files\SupraSavings\SecureAssist.exe [1558032 2014-03-12] (SecureAssist) [File not signed]
S2 Update Caramava; "C:\Program Files (x86)\Caramava\updateCaramava.exe" [X]
S2 Util Caramava; "C:\Program Files (x86)\Caramava\bin\utilCaramava.exe" [X]
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-03-29] (StdLib)
2014-06-18 15:26 - 2014-03-28 21:26 - 00000334 _____ () C:\Windows\Tasks\SaveSense.job
2014-06-18 14:49 - 2014-03-28 20:14 - 00002576 _____ () C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-4.job
2014-06-18 14:49 - 2014-03-28 20:14 - 00001896 _____ () C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-5.job
2014-06-18 14:49 - 2014-03-28 20:14 - 00001892 _____ () C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-5.job
2014-06-18 14:49 - 2014-03-28 20:14 - 00001792 _____ () C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-1.job
2014-06-18 14:49 - 2014-03-28 20:14 - 00001786 _____ () C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-1.job
2014-06-18 14:49 - 2014-03-28 20:14 - 00001720 _____ () C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-2.job
2014-06-18 14:49 - 2014-03-28 20:14 - 00001716 _____ () C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-2.job
2014-06-18 14:49 - 2014-03-28 20:13 - 00003468 _____ () C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-3.job
2014-06-18 14:49 - 2014-03-28 20:13 - 00003466 _____ () C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-3.job
2014-06-18 14:49 - 2014-03-28 20:13 - 00002578 _____ () C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-4.job
2014-06-18 13:45 - 2013-10-30 19:29 - 00000000 ____D () C:\Users\Br. Pirminius Seber\AppData\Local\iLivid
2014-06-18 13:42 - 2014-03-28 21:29 - 00000000 ____D () C:\Users\Br. Pirminius Seber\AppData\Local\Tuguu_SL
2014-06-18 13:42 - 2014-03-28 21:28 - 00000000 ____D () C:\Users\Br. Pirminius Seber\AppData\Roaming\SupTab
2014-06-18 13:42 - 2014-03-28 21:27 - 00000000 ____D () C:\Program Files\suprasavings
2014-06-18 12:59 - 2014-06-17 20:44 - 00000000 ____D () C:\Program Files (x86)\ConstaSurf
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\25829-656347-openoffice.exe
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\BackupSetup.exe
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\cabex.dll
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Caramava_bs.exe
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\FixMyRegistry.exe
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\instloffer.exe
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\mfc80.dll
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\mfc80u.dll
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\mfcm80.dll
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\mfcm80u.dll
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\msvcm80.dll
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\msvcp80.dll
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\msvcr80.dll
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\OSU.exe
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\PCSpeedMaximizer.exe
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Quarantine.exe
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Somoto_23_03_2014(delay).exe
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\SpeedUpMyComputer.exe
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\speedupmypc.exe
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\SpOrder.dll
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\stubhelper.dll
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\unelevate.exe
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Uninstaller.exe
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\VersionUpdater.exe
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\WtgDriverInstallX.dll
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\WTGXMLUtil.dll
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\WtgZip.dll
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\ytai_ytareg_setup.exe
Task: {02723420-C324-4033-9D54-D1C58B5C2B9C} - System32\Tasks\ShopperPro => C:\Program Files (x86)\ShopperPro\ShopperPro.exe <==== ATTENTION
Task: {2E72B586-D272-4CF0-81BA-04BEF39AFCC9} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.35.1.155\jsdrv.exe <==== ATTENTION
Task: {3CF585E3-A203-43CB-BBF1-C608B9FF06B5} - System32\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-2 => C:\Program Files (x86)\iWebar\7c82d588-f306-4366-8f8b-71f85e442eb4-2.exe <==== ATTENTION
Task: {40ABC68F-87ED-4C69-A56E-4E4D95F35835} - System32\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-1 => C:\Program Files (x86)\iWebar\iWebar-codedownloader.exe <==== ATTENTION
Task: {7216ABB7-626D-42B9-A692-CAEFFCB1CCFA} - System32\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-3 => C:\Program Files (x86)\Sense\10496340-28c0-47c5-8c23-0aac03e48614-3.exe <==== ATTENTION
Task: {7BD09033-2839-46D8-8D10-5BA7EE0958DF} - System32\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-2 => C:\Program Files (x86)\Sense\10496340-28c0-47c5-8c23-0aac03e48614-2.exe <==== ATTENTION
Task: {89AE3122-54EC-4511-9EDF-EE89B28AD869} - System32\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-4 => C:\Program Files (x86)\iWebar\7c82d588-f306-4366-8f8b-71f85e442eb4-4.exe <==== ATTENTION
Task: {8D04FCCB-254B-4A93-BA8B-EF46881055C6} - System32\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-1 => C:\Program Files (x86)\Sense\Sense-codedownloader.exe <==== ATTENTION
Task: {94CD2741-56EF-4B90-A3AD-04F59638ABBF} - System32\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-5 => C:\Program Files (x86)\iWebar\7c82d588-f306-4366-8f8b-71f85e442eb4-5.exe <==== ATTENTION
Task: {B2FF1A69-6E16-4126-AC47-61057E9D47E3} - System32\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-4 => C:\Program Files (x86)\Sense\10496340-28c0-47c5-8c23-0aac03e48614-4.exe <==== ATTENTION
Task: {B8B9E4A1-5F54-4687-8149-92E7BA6FB3DD} - System32\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-3 => C:\Program Files (x86)\iWebar\7c82d588-f306-4366-8f8b-71f85e442eb4-3.exe <==== ATTENTION
Task: {BBBB4417-70D0-46D0-83D2-28D2D628C9DE} - System32\Tasks\SaveSense => C:\Users\BRD788~1.PIR\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {CC767EAC-B4BE-4F97-9067-BDDC780B074B} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe <==== ATTENTION
Task: {FFFBD286-540E-4859-830C-C5FFE98DDE93} - System32\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-5 => C:\Program Files (x86)\Sense\10496340-28c0-47c5-8c23-0aac03e48614-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-1.job => C:\Program Files (x86)\Sense\Sense-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-2.job => C:\Program Files (x86)\Sense\10496340-28c0-47c5-8c23-0aac03e48614-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-3.job => C:\Program Files (x86)\Sense\10496340-28c0-47c5-8c23-0aac03e48614-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-4.job => C:\Program Files (x86)\Sense\10496340-28c0-47c5-8c23-0aac03e48614-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-5.job => C:\Program Files (x86)\Sense\10496340-28c0-47c5-8c23-0aac03e48614-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-1.job => C:\Program Files (x86)\iWebar\iWebar-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-2.job => C:\Program Files (x86)\iWebar\7c82d588-f306-4366-8f8b-71f85e442eb4-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-3.job => C:\Program Files (x86)\iWebar\7c82d588-f306-4366-8f8b-71f85e442eb4-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-4.job => C:\Program Files (x86)\iWebar\7c82d588-f306-4366-8f8b-71f85e442eb4-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-5.job => C:\Program Files (x86)\iWebar\7c82d588-f306-4366-8f8b-71f85e442eb4-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\SaveSense.job => C:\Users\BRD788~1.PIR\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:AD022376
cmd: netsh winsock reset

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\Software\Microsoft\Windows\CurrentVersion\Run\\iLivid => value deleted successfully.
'HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-3090635963-4145032168-3900013317-1001'=> Key not found.
'HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6990a982-fa63-11e1-9c64-b888e31620a2}' => Key deleted successfully.
'HKCR\CLSID\{6990a982-fa63-11e1-9c64-b888e31620a2}'=> Key not found.
'HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7788dee7-f745-11e1-9ecd-b888e31620a2}' => Key deleted successfully.
'HKCR\CLSID\{7788dee7-f745-11e1-9ecd-b888e31620a2}'=> Key not found.
'HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7788def6-f745-11e1-9ecd-b888e31620a2}' => Key deleted successfully.
'HKCR\CLSID\{7788def6-f745-11e1-9ecd-b888e31620a2}'=> Key not found.
'HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7788df31-f745-11e1-9ecd-b888e31620a2}' => Key deleted successfully.
'HKCR\CLSID\{7788df31-f745-11e1-9ecd-b888e31620a2}'=> Key not found.
'HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c40c67f7-12a4-11e2-9840-74e543436fc5}' => Key deleted successfully.
'HKCR\CLSID\{c40c67f7-12a4-11e2-9840-74e543436fc5}'=> Key not found.
'HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6e0105c-6e9f-11e2-8ff2-b888e31620a2}' => Key deleted successfully.
'HKCR\CLSID\{d6e0105c-6e9f-11e2-8ff2-b888e31620a2}'=> Key not found.
"C:\PROGRA~2\SupTab\SEARCH~2.DLL" => Value Data removed successfully.
"C:\PROGRA~2\SupTab\SEARCH~1.DLL" => Value Data removed successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}' => Key deleted successfully.
'HKCR\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}' => Key deleted successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e50bbda-c15a-47d5-9853-d829ff890664}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{1e50bbda-c15a-47d5-9853-d829ff890664}' => Key deleted successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}' => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
'HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}' => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
'HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
'HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}'=> Key not found.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000015 => Deleted successfully.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000015 => Deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
SecureAssist => Service stopped successfully.
SecureAssist => Service deleted successfully.
Update Caramava => Service deleted successfully.
Util Caramava => Service deleted successfully.
wStLibG64 => Service stopped successfully.
wStLibG64 => Service deleted successfully.
C:\Windows\Tasks\SaveSense.job => Moved successfully.
C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-4.job => Moved successfully.
C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-5.job => Moved successfully.
C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-5.job => Moved successfully.
C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-1.job => Moved successfully.
C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-1.job => Moved successfully.
C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-2.job => Moved successfully.
C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-2.job => Moved successfully.
C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-3.job => Moved successfully.
C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-3.job => Moved successfully.
C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-4.job => Moved successfully.
"C:\Users\Br. Pirminius Seber\AppData\Local\iLivid" => File/Directory not found.
C:\Users\Br. Pirminius Seber\AppData\Local\Tuguu_SL => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Roaming\SupTab => Moved successfully.
C:\Program Files\suprasavings => Moved successfully.
C:\Program Files (x86)\ConstaSurf => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\25829-656347-openoffice.exe => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\cabex.dll => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Caramava_bs.exe => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\FixMyRegistry.exe => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\instloffer.exe => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\mfc80.dll => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\mfc80u.dll => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\mfcm80.dll => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\mfcm80u.dll => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\msvcm80.dll => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\msvcp80.dll => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\msvcr80.dll => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\OSU.exe => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\PCSpeedMaximizer.exe => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Somoto_23_03_2014(delay).exe => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\SpeedUpMyComputer.exe => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\speedupmypc.exe => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\SpOrder.dll => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\stubhelper.dll => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\unelevate.exe => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Uninstaller.exe => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\VersionUpdater.exe => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\WtgDriverInstallX.dll => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\WTGXMLUtil.dll => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\WtgZip.dll => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\ytai_ytareg_setup.exe => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{02723420-C324-4033-9D54-D1C58B5C2B9C}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02723420-C324-4033-9D54-D1C58B5C2B9C}' => Key deleted successfully.
C:\Windows\System32\Tasks\ShopperPro => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperPro' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2E72B586-D272-4CF0-81BA-04BEF39AFCC9}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E72B586-D272-4CF0-81BA-04BEF39AFCC9}' => Key deleted successfully.
C:\Windows\System32\Tasks\SPDriver => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPDriver' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3CF585E3-A203-43CB-BBF1-C608B9FF06B5}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CF585E3-A203-43CB-BBF1-C608B9FF06B5}' => Key deleted successfully.
C:\Windows\System32\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-2 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7c82d588-f306-4366-8f8b-71f85e442eb4-2' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{40ABC68F-87ED-4C69-A56E-4E4D95F35835}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40ABC68F-87ED-4C69-A56E-4E4D95F35835}' => Key deleted successfully.
C:\Windows\System32\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-1 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7c82d588-f306-4366-8f8b-71f85e442eb4-1' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7216ABB7-626D-42B9-A692-CAEFFCB1CCFA}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7216ABB7-626D-42B9-A692-CAEFFCB1CCFA}' => Key deleted successfully.
C:\Windows\System32\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-3 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\10496340-28c0-47c5-8c23-0aac03e48614-3' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7BD09033-2839-46D8-8D10-5BA7EE0958DF}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BD09033-2839-46D8-8D10-5BA7EE0958DF}' => Key deleted successfully.
C:\Windows\System32\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-2 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\10496340-28c0-47c5-8c23-0aac03e48614-2' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{89AE3122-54EC-4511-9EDF-EE89B28AD869}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89AE3122-54EC-4511-9EDF-EE89B28AD869}' => Key deleted successfully.
C:\Windows\System32\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-4 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7c82d588-f306-4366-8f8b-71f85e442eb4-4' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8D04FCCB-254B-4A93-BA8B-EF46881055C6}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D04FCCB-254B-4A93-BA8B-EF46881055C6}' => Key deleted successfully.
C:\Windows\System32\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-1 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\10496340-28c0-47c5-8c23-0aac03e48614-1' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{94CD2741-56EF-4B90-A3AD-04F59638ABBF}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94CD2741-56EF-4B90-A3AD-04F59638ABBF}' => Key deleted successfully.
C:\Windows\System32\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-5 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7c82d588-f306-4366-8f8b-71f85e442eb4-5' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B2FF1A69-6E16-4126-AC47-61057E9D47E3}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2FF1A69-6E16-4126-AC47-61057E9D47E3}' => Key deleted successfully.
C:\Windows\System32\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-4 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\10496340-28c0-47c5-8c23-0aac03e48614-4' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B8B9E4A1-5F54-4687-8149-92E7BA6FB3DD}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8B9E4A1-5F54-4687-8149-92E7BA6FB3DD}' => Key deleted successfully.
C:\Windows\System32\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-3 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7c82d588-f306-4366-8f8b-71f85e442eb4-3' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BBBB4417-70D0-46D0-83D2-28D2D628C9DE}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBBB4417-70D0-46D0-83D2-28D2D628C9DE}' => Key deleted successfully.
C:\Windows\System32\Tasks\SaveSense => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SaveSense' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CC767EAC-B4BE-4F97-9067-BDDC780B074B}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC767EAC-B4BE-4F97-9067-BDDC780B074B}' => Key deleted successfully.
C:\Windows\System32\Tasks\ShopperProJSUpd => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperProJSUpd' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FFFBD286-540E-4859-830C-C5FFE98DDE93}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFFBD286-540E-4859-830C-C5FFE98DDE93}' => Key deleted successfully.
C:\Windows\System32\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-5 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\10496340-28c0-47c5-8c23-0aac03e48614-5' => Key deleted successfully.
C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-1.job not found.
C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-2.job not found.
C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-3.job not found.
C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-4.job not found.
C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-5.job not found.
C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-1.job not found.
C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-2.job not found.
C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-3.job not found.
C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-4.job not found.
C:\Windows\Tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-5.job not found.
C:\Windows\Tasks\SaveSense.job not found.
C:\ProgramData\TEMP => ":AD022376" ADS removed successfully.

========= netsh winsock reset =========

Die Initialisierungsfunktion InitHelperDll in NSHHTTP.DLL konnte nicht gestartet werden. Fehlercode 10107

Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.


========= End of CMD: =========


==== End of Fixlog ====

Machiavelli 19.06.2014 08:26
Ne, ich brauche ja die FRST.txt und die Addition.txt

Br.Pirminius 22.06.2014 22:39
Es tut mir leid, ich weiß es nicht, das ist das einzige, was ich kriege.

Machiavelli 23.06.2014 06:01
http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.

Poste die Logs in die nächste Antwort.

Br.Pirminius 23.06.2014 13:46
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by Br. Pirminius Seber (administrator) on BRUDERPIRMINIUS on 23-06-2014 14:42:56
Running from C:\Users\Br. Pirminius Seber\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-07-27] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1409424 2011-06-29] (Nero AG)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-03-03] (TOSHIBA)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-15] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-16] (AVAST Software)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-05-09] (RealNetworks, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\Run: [Facebook Update] => C:\Users\Br. Pirminius Seber\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-28] (Facebook Inc.)
HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\MountPoints2: F - F:\.\Autorun.exe AUTORUN=1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk
ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)
Startup: C:\Users\Br. Pirminius Seber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Kopie 1).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Kopie 1).lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Br. Pirminius Seber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.9.17 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.9.17 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Br. Pirminius Seber\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: GMX MailCheck - C:\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default\Extensions\toolbar@gmx.net.xpi [2013-03-21]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-07]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-09]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default\extensions\quick_start@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-09]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (avast! Online Security) - C:\Users\Br. Pirminius Seber\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-18]
CHR Extension: (RealPlayer Downloader) - C:\Users\Br. Pirminius Seber\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-06-18]
CHR Extension: (Google Wallet) - C:\Users\Br. Pirminius Seber\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-16]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-04-06]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Br. Pirminius Seber\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-04-06]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-16] (AVAST Software)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-27] (Realsil Microelectronics Inc.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-05-09] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-04-07] () [File not signed]
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-16] ()
S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [117248 2012-09-06] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [121600 2012-09-06] (Huawei Technologies Co., Ltd.) [File not signed]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-18 21:35 - 2014-06-18 21:44 - 00000000 ____D () C:\Users\Br. Pirminius Seber\Downloads\FRST-OlderVersion
2014-06-18 15:29 - 2014-06-18 21:35 - 02082304 _____ (Farbar) C:\Users\Br. Pirminius Seber\Downloads\FRST64.exe
2014-06-18 15:25 - 2014-06-18 15:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 15:19 - 2014-06-18 15:19 - 00003876 _____ () C:\Users\Br. Pirminius Seber\Desktop\JRT.txt
2014-06-18 15:10 - 2014-06-18 15:10 - 00000000 ____D () C:\Windows\ERUNT
2014-06-18 15:09 - 2014-06-18 15:10 - 01016261 _____ (Thisisu) C:\Users\Br. Pirminius Seber\Downloads\JRT.exe
2014-06-18 15:04 - 2014-06-18 15:04 - 00057486 _____ () C:\Users\Br. Pirminius Seber\Desktop\mbam.txt
2014-06-18 14:08 - 2014-06-18 14:25 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-18 14:08 - 2014-06-18 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-18 14:08 - 2014-06-18 14:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-18 14:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-18 14:08 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-18 14:08 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-18 13:52 - 2014-06-18 14:05 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Br. Pirminius Seber\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-18 13:04 - 2014-06-18 13:04 - 00000000 __SHD () C:\Users\Br. Pirminius Seber\AppData\Local\EmieUserList
2014-06-18 13:04 - 2014-06-18 13:04 - 00000000 __SHD () C:\Users\Br. Pirminius Seber\AppData\Local\EmieSiteList
2014-06-18 12:55 - 2014-06-18 13:00 - 00000000 ____D () C:\AdwCleaner
2014-06-17 22:21 - 2014-06-18 15:34 - 00029690 _____ () C:\Users\Br. Pirminius Seber\Downloads\Addition.txt
2014-06-17 22:20 - 2014-06-18 15:34 - 00054298 _____ () C:\Users\Br. Pirminius Seber\Downloads\FRST.txt
2014-06-17 22:19 - 2014-06-23 14:43 - 00000000 ____D () C:\FRST
2014-06-16 20:04 - 2014-06-16 20:04 - 00014814 _____ () C:\Users\Br. Pirminius Seber\Documents\Organistendienste St. Marien Zehlendorf April bis Juli 2014.odt
2014-06-16 12:18 - 2014-06-16 12:18 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-16 12:18 - 2014-06-16 12:18 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-12 16:46 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 16:46 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 16:46 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 16:46 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 16:46 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 16:46 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 16:46 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 16:46 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 16:46 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 16:46 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 16:46 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 16:46 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 16:46 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 16:46 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 16:46 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 16:46 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 16:46 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 16:46 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 16:46 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 16:46 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 16:46 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 16:46 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 16:46 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 16:46 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 16:46 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 16:46 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 16:46 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 16:46 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 16:46 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 16:46 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 16:46 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 16:46 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 16:46 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 16:46 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 16:46 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 16:46 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 16:46 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 16:46 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 16:46 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 16:46 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 16:46 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 16:46 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 16:46 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 16:46 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 16:46 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 16:46 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 16:46 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 16:46 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 16:46 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 16:46 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 16:46 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-12 16:46 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 16:46 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 16:46 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 16:46 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 16:46 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 16:46 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 16:46 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 16:46 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 16:46 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 16:46 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 16:46 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 16:46 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 16:45 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 16:44 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 16:44 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

==================== One Month Modified Files and Folders =======

2014-06-23 14:43 - 2014-06-17 22:19 - 00000000 ____D () C:\FRST
2014-06-23 14:43 - 2009-07-14 06:45 - 00024912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-23 14:43 - 2009-07-14 06:45 - 00024912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-23 14:39 - 2012-06-19 11:12 - 01557655 _____ () C:\Windows\WindowsUpdate.log
2014-06-23 14:38 - 2011-07-27 10:59 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-23 14:35 - 2013-02-25 21:54 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-06-23 14:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-23 14:35 - 2009-07-14 06:51 - 00084037 _____ () C:\Windows\setupact.log
2014-06-23 02:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-06-23 02:15 - 2012-09-02 15:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-23 02:14 - 2011-07-27 10:59 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-23 02:01 - 2012-12-20 14:01 - 00000284 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2014-06-23 01:37 - 2012-09-04 16:02 - 00049435 _____ () C:\Users\Br. Pirminius Seber\Documents\Hochkirchliche St.-Johannes-Bruderschaft - Gliederliste.odt
2014-06-23 01:27 - 2012-09-28 13:22 - 00000984 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090635963-4145032168-3900013317-1001UA.job
2014-06-22 23:31 - 2012-09-02 12:41 - 00000000 ____D () C:\Users\Br. Pirminius Seber\AppData\Roaming\TOSHIBA Online Product Information
2014-06-22 23:25 - 2012-10-07 00:33 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-22 23:24 - 2012-09-02 14:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-18 21:44 - 2014-06-18 21:35 - 00000000 ____D () C:\Users\Br. Pirminius Seber\Downloads\FRST-OlderVersion
2014-06-18 21:35 - 2014-06-18 15:29 - 02082304 _____ (Farbar) C:\Users\Br. Pirminius Seber\Downloads\FRST64.exe
2014-06-18 20:52 - 2010-11-21 05:47 - 00231336 _____ () C:\Windows\PFRO.log
2014-06-18 15:34 - 2014-06-17 22:21 - 00029690 _____ () C:\Users\Br. Pirminius Seber\Downloads\Addition.txt
2014-06-18 15:34 - 2014-06-17 22:20 - 00054298 _____ () C:\Users\Br. Pirminius Seber\Downloads\FRST.txt
2014-06-18 15:25 - 2014-06-18 15:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 15:19 - 2014-06-18 15:19 - 00003876 _____ () C:\Users\Br. Pirminius Seber\Desktop\JRT.txt
2014-06-18 15:10 - 2014-06-18 15:10 - 00000000 ____D () C:\Windows\ERUNT
2014-06-18 15:10 - 2014-06-18 15:09 - 01016261 _____ (Thisisu) C:\Users\Br. Pirminius Seber\Downloads\JRT.exe
2014-06-18 15:04 - 2014-06-18 15:04 - 00057486 _____ () C:\Users\Br. Pirminius Seber\Desktop\mbam.txt
2014-06-18 15:01 - 2014-03-29 03:13 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-18 14:49 - 2012-12-27 13:09 - 00003382 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3090635963-4145032168-3900013317-1001
2014-06-18 14:49 - 2012-12-27 13:09 - 00003276 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3090635963-4145032168-3900013317-1001
2014-06-18 14:48 - 2010-11-21 09:00 - 00000000 ____D () C:\Windows\ShellNew
2014-06-18 14:25 - 2014-06-18 14:08 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-18 14:25 - 2014-06-18 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-18 14:25 - 2014-06-18 14:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-18 14:18 - 2014-05-19 16:21 - 00003404 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3090635963-4145032168-3900013317-1001
2014-06-18 14:18 - 2014-03-28 20:30 - 00003298 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3090635963-4145032168-3900013317-1001
2014-06-18 14:05 - 2014-06-18 13:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Br. Pirminius Seber\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-18 13:49 - 2012-10-07 00:34 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-18 13:44 - 2012-09-02 12:07 - 00000000 ____D () C:\Users\Br. Pirminius Seber
2014-06-18 13:42 - 2012-09-05 00:41 - 00000000 ____D () C:\Users\Br. Pirminius Seber\Downloads\SJB - geographische Verteilung (außer Ost)-Dateien
2014-06-18 13:42 - 2012-09-02 15:51 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-18 13:42 - 2011-07-27 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-18 13:42 - 2010-11-21 09:00 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-18 13:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-18 13:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-06-18 13:41 - 2012-11-23 03:04 - 00000000 ____D () C:\ProgramData\Real
2014-06-18 13:04 - 2014-06-18 13:04 - 00000000 __SHD () C:\Users\Br. Pirminius Seber\AppData\Local\EmieUserList
2014-06-18 13:04 - 2014-06-18 13:04 - 00000000 __SHD () C:\Users\Br. Pirminius Seber\AppData\Local\EmieSiteList
2014-06-18 13:00 - 2014-06-18 12:55 - 00000000 ____D () C:\AdwCleaner
2014-06-16 20:04 - 2014-06-16 20:04 - 00014814 _____ () C:\Users\Br. Pirminius Seber\Documents\Organistendienste St. Marien Zehlendorf April bis Juli 2014.odt
2014-06-16 18:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-16 13:27 - 2012-09-28 13:22 - 00000962 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090635963-4145032168-3900013317-1001Core.job
2014-06-16 12:19 - 2012-10-07 00:38 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-16 12:19 - 2012-10-07 00:38 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-16 12:18 - 2014-06-16 12:18 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-16 12:18 - 2014-06-16 12:18 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-16 12:18 - 2013-03-19 23:12 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-16 12:18 - 2013-03-19 23:12 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-16 12:18 - 2012-10-07 00:33 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-16 12:18 - 2012-10-07 00:33 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-13 22:35 - 2011-07-27 10:59 - 00002356 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-13 02:01 - 2014-05-07 01:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-08 11:13 - 2014-06-12 16:44 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-12 16:44 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-05 21:26 - 2012-11-24 04:20 - 00018915 _____ () C:\Users\Br. Pirminius Seber\Documents\Hochkirchliche St.-Johannes-Bruderschaft - Namenstage.odt
2014-06-05 12:42 - 2014-01-27 23:02 - 00014877 _____ () C:\Users\Br. Pirminius Seber\Documents\Organistendienste St. Marien Zehlendorf April bis Juni 2014.odt
2014-05-30 12:21 - 2014-06-12 16:45 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-12 16:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-12 16:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-12 16:46 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-12 16:46 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-12 16:46 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-12 16:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-12 16:46 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-12 16:46 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-12 16:46 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-12 16:46 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-12 16:46 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-12 16:46 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-12 16:46 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-12 16:46 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-12 16:46 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-12 16:46 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-12 16:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-12 16:46 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-12 16:46 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-12 16:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-12 16:46 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-12 16:46 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-12 16:46 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-12 16:46 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-12 16:46 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-12 16:46 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-12 16:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-12 16:46 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-12 16:46 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-12 16:46 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-12 16:46 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-12 16:46 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-12 16:46 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-12 16:46 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-12 16:46 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-12 16:46 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-12 16:46 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-12 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-12 16:46 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-12 16:46 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-12 16:46 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-12 16:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-12 16:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-12 16:46 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-12 16:46 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-12 16:46 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-12 16:46 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-12 16:46 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-12 16:46 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-12 16:46 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-12 16:46 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-19 01:34

==================== End Of Log ============================
--- --- ---

--- --- ---


FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-06-2014
Ran by Br. Pirminius Seber at 2014-06-23 14:43:53
Running from C:\Users\Br. Pirminius Seber\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
High-Definition Video Playback (x32 Version: 7.3.10900.8.0 - Nero AG) Hidden
HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät (HKLM\...\{61ADDE9C-3AE6-46FC-9127-DFFF637AED03}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Hilfe (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Java Auto Updater (x32 Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.8 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10900.8.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10400.2.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.12700.0.7 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10300.1.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.15100.59.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{2063D199-D79F-471A-9019-9E647296394D}) (Version: 10.6.10300 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
NeroKwikMedia Help (CHM) (x32 Version: 10.6.10900 - Nero AG) Hidden
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
RealDownloader (x32 Version: 17.0.9 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.9 - RealNetworks)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SupraSavings (Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.01.00 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.1.10.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 2.1.10.64 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM-x32\...\{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}) (Version: 8.0.38 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.11C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.30C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.30C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.11 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA)
TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.1.1.4 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.5 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.10C - TOSHIBA CORPORATION) Hidden
TOSHIBA Supervisorkennwort (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.10C - TOSHIBA CORPORATION)
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.19.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.19.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.1.5 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.1.5 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}) (Version: 1.0.4 - TOSHIBA CORPORATION)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )
TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Utility Common Driver (x32 Version: 1.0.52.2C - TOSHIBA) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

21-05-2014 18:28:15 Windows Update
05-06-2014 10:08:21 Windows Update
10-06-2014 14:25:48 Windows Update
13-06-2014 00:01:18 Windows Update
16-06-2014 10:13:39 avast! antivirus system restore point
17-06-2014 15:31:01 Windows Update
18-06-2014 11:39:01 Wiederherstellungsvorgang
18-06-2014 11:44:04 avast! antivirus system restore point
18-06-2014 11:49:48 Windows Update
22-06-2014 21:30:22 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {00861946-591E-4280-A18C-28971A50D87F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3090635963-4145032168-3900013317-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {06AAD3C0-96D5-45EB-96E0-F4D999110471} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3090635963-4145032168-3900013317-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {39453143-C890-4E73-B425-DD43C80766D3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3090635963-4145032168-3900013317-1001UA => C:\Users\Br. Pirminius Seber\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-28] (Facebook Inc.)
Task: {5BEA0EB2-19DB-4E1C-AF8D-90C45DE99150} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3090635963-4145032168-3900013317-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {5F459C19-110D-40F7-B927-7F3BC56FF8FF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-16] (AVAST Software)
Task: {7D9C35AF-D8F1-4275-8B58-1A5B0A1DE3BD} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3090635963-4145032168-3900013317-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-04-06] (RealNetworks, Inc.)
Task: {9027BC15-68ED-4BF8-9258-0432480EDC5B} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {96BD8039-57AF-4010-A67B-B98537FAFB52} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-27] (Google Inc.)
Task: {BB28F385-CB84-451E-9245-DA859554C905} - System32\Tasks\{93CF5D12-ADD9-4933-AE8A-EBCB6D15719F} => C:\Program Files (x86)\1&amp;1 Surf-Stick\UIMain.exe
Task: {C031F401-D170-471B-A47C-39591E3B8CDA} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3090635963-4145032168-3900013317-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {D77EB404-188A-4315-A436-D63E23453434} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3090635963-4145032168-3900013317-1001Core => C:\Users\Br. Pirminius Seber\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-28] (Facebook Inc.)
Task: {DD88F62D-C58A-458E-AE8A-54539D6A368E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-18] (Adobe Systems Incorporated)
Task: {EFCCC7CD-08FE-44A2-8C79-0CA153CCE1C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-27] (Google Inc.)
Task: {F201AE44-C9F1-439B-B9A1-FC8DD0475121} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3090635963-4145032168-3900013317-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {F9FCFF82-C0AA-4A06-BE08-4A2FE39223C8} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION)
Task: {FABB902B-7C9F-428D-802A-28406F71842F} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3090635963-4145032168-3900013317-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090635963-4145032168-3900013317-1001Core.job => C:\Users\Br. Pirminius Seber\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090635963-4145032168-3900013317-1001UA.job => C:\Users\Br. Pirminius Seber\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe

==================== Loaded Modules (whitelisted) =============

2014-04-06 23:00 - 2014-04-06 23:00 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-04-07 03:06 - 2014-04-07 03:06 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2011-03-03 23:21 - 2011-03-03 23:21 - 03420584 _____ () C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll
2010-04-07 16:07 - 2010-04-07 16:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 13:26 - 2009-11-03 13:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2011-07-27 10:29 - 2010-08-31 15:21 - 00017272 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-12 19:08 - 2009-03-12 19:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 16:38 - 2009-07-25 16:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2011-07-27 10:40 - 2011-02-22 11:16 - 00559104 _____ () C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\de\Humphrey.resources.dll
2011-07-27 10:58 - 2011-12-15 15:56 - 00022400 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\de\TosDILangPack.resources.dll
2011-07-27 10:58 - 2011-12-15 15:55 - 00063360 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIInternal.XmlSerializers.dll
2010-02-05 17:44 - 2010-02-05 17:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-06-22 23:27 - 2014-06-22 23:27 - 02783744 _____ () C:\Program Files\AVAST Software\Avast\defs\14062201\algo.dll
2014-06-23 14:36 - 2014-06-23 14:36 - 02783744 _____ () C:\Program Files\AVAST Software\Avast\defs\14062300\algo.dll
2014-05-09 18:24 - 2014-05-09 18:24 - 00859224 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2014-02-16 00:36 - 2014-02-16 00:36 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-18 15:25 - 2014-06-18 15:25 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-18 21:16 - 2014-05-18 21:16 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2014 02:37:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2014 00:53:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/22/2014 11:26:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2014 01:36:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/18/2014 10:00:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: bcc

Startzeit: 01cf8b272ba4eaae

Endzeit: 70

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 1ff0ada8-f723-11e3-a6b4-b888e31620a2

Error: (06/18/2014 09:54:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xf98
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (06/18/2014 09:33:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 16.6.2014.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1bd0

Startzeit: 01cf8b2bf0e0bc67

Endzeit: 7

Anwendungspfad: C:\Users\Br. Pirminius Seber\Downloads\FRST64.exe

Berichts-ID: 6b3f0853-f71f-11e3-a6b4-b888e31620a2

Error: (06/18/2014 09:31:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 16.6.2014.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1d50

Startzeit: 01cf8b2bbfcefb78

Endzeit: 5

Anwendungspfad: C:\Users\Br. Pirminius Seber\Downloads\FRST64.exe

Berichts-ID: 125913f9-f71f-11e3-a6b4-b888e31620a2

Error: (06/18/2014 08:54:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/19/2014 01:52:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (06/19/2014 01:52:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (06/19/2014 01:52:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (06/19/2014 01:52:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (06/19/2014 01:52:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (06/19/2014 01:52:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (06/19/2014 01:52:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (06/19/2014 01:51:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (06/19/2014 01:51:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (06/19/2014 01:51:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3


Microsoft Office Sessions:
=========================
Error: (06/23/2014 02:37:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2014 00:53:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe

Error: (06/22/2014 11:26:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2014 01:36:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe

Error: (06/18/2014 10:00:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567bcc01cf8b272ba4eaae70C:\Windows\Explorer.EXE1ff0ada8-f723-11e3-a6b4-b888e31620a2

Error: (06/18/2014 09:54:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141bf9801cf8b2920db0d80C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll6ba35d6b-f722-11e3-a6b4-b888e31620a2

Error: (06/18/2014 09:33:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe16.6.2014.01bd001cf8b2bf0e0bc677C:\Users\Br. Pirminius Seber\Downloads\FRST64.exe6b3f0853-f71f-11e3-a6b4-b888e31620a2

Error: (06/18/2014 09:31:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe16.6.2014.01d5001cf8b2bbfcefb785C:\Users\Br. Pirminius Seber\Downloads\FRST64.exe125913f9-f71f-11e3-a6b4-b888e31620a2

Error: (06/18/2014 08:54:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 3890.67 MB
Available physical RAM: 2117.39 MB
Total Pagefile: 7779.52 MB
Available Pagefile: 5743.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:232.88 GB) (Free:186.03 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.49 GB) (Free:224.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 9E527146)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

Machiavelli 23.06.2014 15:03
Schritt 1: FRST Fix

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\MountPoints2: F - F:\.\Autorun.exe AUTORUN=1

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 2: FRST Scan

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.

Schritt 3: ESET


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 4: Frage

Wie läuft Dein PC?

Br.Pirminius 23.06.2014 18:08
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014
Ran by Br. Pirminius Seber at 2014-06-23 18:56:10 Run:2
Running from C:\Users\Br. Pirminius Seber\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\MountPoints2: F - F:\.\Autorun.exe AUTORUN=1
*****************

'HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-3090635963-4145032168-3900013317-1001'=> Key not found.

==== End of Fixlog ====


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by Br. Pirminius Seber (administrator) on BRUDERPIRMINIUS on 23-06-2014 18:58:30
Running from C:\Users\Br. Pirminius Seber\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-07-27] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1409424 2011-06-29] (Nero AG)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-03-03] (TOSHIBA)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-15] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-16] (AVAST Software)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-05-09] (RealNetworks, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\Run: [Facebook Update] => C:\Users\Br. Pirminius Seber\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-28] (Facebook Inc.)
HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\MountPoints2: F - F:\.\Autorun.exe AUTORUN=1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk
ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)
Startup: C:\Users\Br. Pirminius Seber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Kopie 1).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Kopie 1).lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Br. Pirminius Seber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.9.17 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.9.17 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Br. Pirminius Seber\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: GMX MailCheck - C:\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default\Extensions\toolbar@gmx.net.xpi [2013-03-21]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-07]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-09]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default\extensions\quick_start@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-09]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (avast! Online Security) - C:\Users\Br. Pirminius Seber\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-18]
CHR Extension: (RealPlayer Downloader) - C:\Users\Br. Pirminius Seber\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-06-18]
CHR Extension: (Google Wallet) - C:\Users\Br. Pirminius Seber\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-16]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-04-06]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Br. Pirminius Seber\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-04-06]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-16] (AVAST Software)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-27] (Realsil Microelectronics Inc.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-05-09] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-04-07] () [File not signed]
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-16] ()
S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [117248 2012-09-06] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [121600 2012-09-06] (Huawei Technologies Co., Ltd.) [File not signed]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-18 21:35 - 2014-06-18 21:44 - 00000000 ____D () C:\Users\Br. Pirminius Seber\Downloads\FRST-OlderVersion
2014-06-18 15:29 - 2014-06-18 21:35 - 02082304 _____ (Farbar) C:\Users\Br. Pirminius Seber\Downloads\FRST64.exe
2014-06-18 15:25 - 2014-06-18 15:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 15:19 - 2014-06-18 15:19 - 00003876 _____ () C:\Users\Br. Pirminius Seber\Desktop\JRT.txt
2014-06-18 15:10 - 2014-06-18 15:10 - 00000000 ____D () C:\Windows\ERUNT
2014-06-18 15:09 - 2014-06-18 15:10 - 01016261 _____ (Thisisu) C:\Users\Br. Pirminius Seber\Downloads\JRT.exe
2014-06-18 15:04 - 2014-06-18 15:04 - 00057486 _____ () C:\Users\Br. Pirminius Seber\Desktop\mbam.txt
2014-06-18 14:08 - 2014-06-18 14:25 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-18 14:08 - 2014-06-18 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-18 14:08 - 2014-06-18 14:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-18 14:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-18 14:08 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-18 14:08 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-18 13:52 - 2014-06-18 14:05 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Br. Pirminius Seber\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-18 13:04 - 2014-06-18 13:04 - 00000000 __SHD () C:\Users\Br. Pirminius Seber\AppData\Local\EmieUserList
2014-06-18 13:04 - 2014-06-18 13:04 - 00000000 __SHD () C:\Users\Br. Pirminius Seber\AppData\Local\EmieSiteList
2014-06-18 12:55 - 2014-06-18 13:00 - 00000000 ____D () C:\AdwCleaner
2014-06-17 22:21 - 2014-06-18 15:34 - 00029690 _____ () C:\Users\Br. Pirminius Seber\Downloads\Addition.txt
2014-06-17 22:20 - 2014-06-18 15:34 - 00054298 _____ () C:\Users\Br. Pirminius Seber\Downloads\FRST.txt
2014-06-17 22:19 - 2014-06-23 18:58 - 00000000 ____D () C:\FRST
2014-06-16 20:04 - 2014-06-16 20:04 - 00014814 _____ () C:\Users\Br. Pirminius Seber\Documents\Organistendienste St. Marien Zehlendorf April bis Juli 2014.odt
2014-06-16 12:18 - 2014-06-16 12:18 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-16 12:18 - 2014-06-16 12:18 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-12 16:46 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 16:46 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 16:46 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 16:46 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 16:46 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 16:46 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 16:46 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 16:46 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 16:46 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 16:46 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 16:46 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 16:46 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 16:46 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 16:46 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 16:46 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 16:46 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 16:46 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 16:46 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 16:46 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 16:46 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 16:46 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 16:46 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 16:46 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 16:46 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 16:46 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 16:46 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 16:46 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 16:46 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 16:46 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 16:46 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 16:46 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 16:46 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 16:46 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 16:46 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 16:46 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 16:46 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 16:46 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 16:46 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 16:46 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 16:46 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 16:46 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 16:46 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 16:46 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 16:46 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 16:46 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 16:46 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 16:46 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 16:46 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 16:46 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 16:46 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 16:46 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-12 16:46 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 16:46 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 16:46 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 16:46 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 16:46 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 16:46 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 16:46 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 16:46 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 16:46 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 16:46 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 16:46 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 16:46 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 16:45 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 16:44 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 16:44 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

==================== One Month Modified Files and Folders =======

2014-06-23 18:58 - 2014-06-17 22:19 - 00000000 ____D () C:\FRST
2014-06-23 18:58 - 2012-06-19 11:12 - 01570441 _____ () C:\Windows\WindowsUpdate.log
2014-06-23 18:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-06-23 18:48 - 2012-12-20 14:01 - 00000284 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2014-06-23 18:48 - 2012-09-28 13:22 - 00000984 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090635963-4145032168-3900013317-1001UA.job
2014-06-23 18:48 - 2012-09-02 15:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-23 18:48 - 2011-07-27 10:59 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-23 14:43 - 2009-07-14 06:45 - 00024912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-23 14:43 - 2009-07-14 06:45 - 00024912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-23 14:38 - 2011-07-27 10:59 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-23 14:35 - 2013-02-25 21:54 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-06-23 14:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-23 14:35 - 2009-07-14 06:51 - 00084037 _____ () C:\Windows\setupact.log
2014-06-23 01:37 - 2012-09-04 16:02 - 00049435 _____ () C:\Users\Br. Pirminius Seber\Documents\Hochkirchliche St.-Johannes-Bruderschaft - Gliederliste.odt
2014-06-22 23:31 - 2012-09-02 12:41 - 00000000 ____D () C:\Users\Br. Pirminius Seber\AppData\Roaming\TOSHIBA Online Product Information
2014-06-22 23:25 - 2012-10-07 00:33 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-22 23:24 - 2012-09-02 14:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-18 21:44 - 2014-06-18 21:35 - 00000000 ____D () C:\Users\Br. Pirminius Seber\Downloads\FRST-OlderVersion
2014-06-18 21:35 - 2014-06-18 15:29 - 02082304 _____ (Farbar) C:\Users\Br. Pirminius Seber\Downloads\FRST64.exe
2014-06-18 20:52 - 2010-11-21 05:47 - 00231336 _____ () C:\Windows\PFRO.log
2014-06-18 15:34 - 2014-06-17 22:21 - 00029690 _____ () C:\Users\Br. Pirminius Seber\Downloads\Addition.txt
2014-06-18 15:34 - 2014-06-17 22:20 - 00054298 _____ () C:\Users\Br. Pirminius Seber\Downloads\FRST.txt
2014-06-18 15:25 - 2014-06-18 15:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 15:19 - 2014-06-18 15:19 - 00003876 _____ () C:\Users\Br. Pirminius Seber\Desktop\JRT.txt
2014-06-18 15:10 - 2014-06-18 15:10 - 00000000 ____D () C:\Windows\ERUNT
2014-06-18 15:10 - 2014-06-18 15:09 - 01016261 _____ (Thisisu) C:\Users\Br. Pirminius Seber\Downloads\JRT.exe
2014-06-18 15:04 - 2014-06-18 15:04 - 00057486 _____ () C:\Users\Br. Pirminius Seber\Desktop\mbam.txt
2014-06-18 15:01 - 2014-03-29 03:13 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-18 14:49 - 2012-12-27 13:09 - 00003382 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3090635963-4145032168-3900013317-1001
2014-06-18 14:49 - 2012-12-27 13:09 - 00003276 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3090635963-4145032168-3900013317-1001
2014-06-18 14:48 - 2010-11-21 09:00 - 00000000 ____D () C:\Windows\ShellNew
2014-06-18 14:25 - 2014-06-18 14:08 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-18 14:25 - 2014-06-18 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-18 14:25 - 2014-06-18 14:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-18 14:18 - 2014-05-19 16:21 - 00003404 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3090635963-4145032168-3900013317-1001
2014-06-18 14:18 - 2014-03-28 20:30 - 00003298 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3090635963-4145032168-3900013317-1001
2014-06-18 14:05 - 2014-06-18 13:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Br. Pirminius Seber\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-18 13:49 - 2012-10-07 00:34 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-18 13:44 - 2012-09-02 12:07 - 00000000 ____D () C:\Users\Br. Pirminius Seber
2014-06-18 13:42 - 2012-09-05 00:41 - 00000000 ____D () C:\Users\Br. Pirminius Seber\Downloads\SJB - geographische Verteilung (außer Ost)-Dateien
2014-06-18 13:42 - 2012-09-02 15:51 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-18 13:42 - 2011-07-27 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-18 13:42 - 2010-11-21 09:00 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-18 13:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-18 13:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-06-18 13:41 - 2012-11-23 03:04 - 00000000 ____D () C:\ProgramData\Real
2014-06-18 13:04 - 2014-06-18 13:04 - 00000000 __SHD () C:\Users\Br. Pirminius Seber\AppData\Local\EmieUserList
2014-06-18 13:04 - 2014-06-18 13:04 - 00000000 __SHD () C:\Users\Br. Pirminius Seber\AppData\Local\EmieSiteList
2014-06-18 13:00 - 2014-06-18 12:55 - 00000000 ____D () C:\AdwCleaner
2014-06-16 20:04 - 2014-06-16 20:04 - 00014814 _____ () C:\Users\Br. Pirminius Seber\Documents\Organistendienste St. Marien Zehlendorf April bis Juli 2014.odt
2014-06-16 18:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-16 13:27 - 2012-09-28 13:22 - 00000962 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090635963-4145032168-3900013317-1001Core.job
2014-06-16 12:19 - 2012-10-07 00:38 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-16 12:19 - 2012-10-07 00:38 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-16 12:18 - 2014-06-16 12:18 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-16 12:18 - 2014-06-16 12:18 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-16 12:18 - 2013-03-19 23:12 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-16 12:18 - 2013-03-19 23:12 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-16 12:18 - 2012-10-07 00:33 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-16 12:18 - 2012-10-07 00:33 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-13 22:35 - 2011-07-27 10:59 - 00002356 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-13 02:01 - 2014-05-07 01:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-08 11:13 - 2014-06-12 16:44 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-12 16:44 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-05 21:26 - 2012-11-24 04:20 - 00018915 _____ () C:\Users\Br. Pirminius Seber\Documents\Hochkirchliche St.-Johannes-Bruderschaft - Namenstage.odt
2014-06-05 12:42 - 2014-01-27 23:02 - 00014877 _____ () C:\Users\Br. Pirminius Seber\Documents\Organistendienste St. Marien Zehlendorf April bis Juni 2014.odt
2014-05-30 12:21 - 2014-06-12 16:45 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-12 16:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-12 16:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-12 16:46 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-12 16:46 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-12 16:46 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-12 16:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-12 16:46 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-12 16:46 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-12 16:46 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-12 16:46 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-12 16:46 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-12 16:46 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-12 16:46 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-12 16:46 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-12 16:46 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-12 16:46 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-12 16:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-12 16:46 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-12 16:46 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-12 16:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-12 16:46 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-12 16:46 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-12 16:46 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-12 16:46 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-12 16:46 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-12 16:46 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-12 16:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-12 16:46 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-12 16:46 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-12 16:46 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-12 16:46 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-12 16:46 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-12 16:46 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-12 16:46 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-12 16:46 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-12 16:46 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-12 16:46 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-12 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-12 16:46 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-12 16:46 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-12 16:46 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-12 16:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-12 16:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-12 16:46 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-12 16:46 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-12 16:46 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-12 16:46 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-12 16:46 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-12 16:46 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-12 16:46 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-12 16:46 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-19 01:34

==================== End Of Log ============================
--- --- ---

--- --- ---
FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-06-2014
Ran by Br. Pirminius Seber at 2014-06-23 18:59:27
Running from C:\Users\Br. Pirminius Seber\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
High-Definition Video Playback (x32 Version: 7.3.10900.8.0 - Nero AG) Hidden
HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät (HKLM\...\{61ADDE9C-3AE6-46FC-9127-DFFF637AED03}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Hilfe (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Java Auto Updater (x32 Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.8 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10900.8.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10400.2.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.12700.0.7 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10300.1.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.15100.59.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{2063D199-D79F-471A-9019-9E647296394D}) (Version: 10.6.10300 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
NeroKwikMedia Help (CHM) (x32 Version: 10.6.10900 - Nero AG) Hidden
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
RealDownloader (x32 Version: 17.0.9 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.9 - RealNetworks)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SupraSavings (Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.01.00 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.1.10.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 2.1.10.64 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM-x32\...\{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}) (Version: 8.0.38 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.11C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.30C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.30C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.11 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA)
TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.1.1.4 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.5 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.10C - TOSHIBA CORPORATION) Hidden
TOSHIBA Supervisorkennwort (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.10C - TOSHIBA CORPORATION)
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.19.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.19.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.1.5 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.1.5 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}) (Version: 1.0.4 - TOSHIBA CORPORATION)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )
TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Utility Common Driver (x32 Version: 1.0.52.2C - TOSHIBA) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

21-05-2014 18:28:15 Windows Update
05-06-2014 10:08:21 Windows Update
10-06-2014 14:25:48 Windows Update
13-06-2014 00:01:18 Windows Update
16-06-2014 10:13:39 avast! antivirus system restore point
17-06-2014 15:31:01 Windows Update
18-06-2014 11:39:01 Wiederherstellungsvorgang
18-06-2014 11:44:04 avast! antivirus system restore point
18-06-2014 11:49:48 Windows Update
22-06-2014 21:30:22 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {00861946-591E-4280-A18C-28971A50D87F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3090635963-4145032168-3900013317-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {06AAD3C0-96D5-45EB-96E0-F4D999110471} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3090635963-4145032168-3900013317-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {39453143-C890-4E73-B425-DD43C80766D3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3090635963-4145032168-3900013317-1001UA => C:\Users\Br. Pirminius Seber\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-28] (Facebook Inc.)
Task: {5BEA0EB2-19DB-4E1C-AF8D-90C45DE99150} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3090635963-4145032168-3900013317-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {5F459C19-110D-40F7-B927-7F3BC56FF8FF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-16] (AVAST Software)
Task: {7D9C35AF-D8F1-4275-8B58-1A5B0A1DE3BD} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3090635963-4145032168-3900013317-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-04-06] (RealNetworks, Inc.)
Task: {9027BC15-68ED-4BF8-9258-0432480EDC5B} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {96BD8039-57AF-4010-A67B-B98537FAFB52} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-27] (Google Inc.)
Task: {BB28F385-CB84-451E-9245-DA859554C905} - System32\Tasks\{93CF5D12-ADD9-4933-AE8A-EBCB6D15719F} => C:\Program Files (x86)\1&amp;1 Surf-Stick\UIMain.exe
Task: {C031F401-D170-471B-A47C-39591E3B8CDA} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3090635963-4145032168-3900013317-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {D77EB404-188A-4315-A436-D63E23453434} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3090635963-4145032168-3900013317-1001Core => C:\Users\Br. Pirminius Seber\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-28] (Facebook Inc.)
Task: {DD88F62D-C58A-458E-AE8A-54539D6A368E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-18] (Adobe Systems Incorporated)
Task: {EFCCC7CD-08FE-44A2-8C79-0CA153CCE1C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-27] (Google Inc.)
Task: {F201AE44-C9F1-439B-B9A1-FC8DD0475121} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3090635963-4145032168-3900013317-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {F9FCFF82-C0AA-4A06-BE08-4A2FE39223C8} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION)
Task: {FABB902B-7C9F-428D-802A-28406F71842F} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3090635963-4145032168-3900013317-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090635963-4145032168-3900013317-1001Core.job => C:\Users\Br. Pirminius Seber\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090635963-4145032168-3900013317-1001UA.job => C:\Users\Br. Pirminius Seber\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe

==================== Loaded Modules (whitelisted) =============

2014-04-06 23:00 - 2014-04-06 23:00 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-04-07 03:06 - 2014-04-07 03:06 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2011-03-03 23:21 - 2011-03-03 23:21 - 03420584 _____ () C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll
2010-04-07 16:07 - 2010-04-07 16:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 13:26 - 2009-11-03 13:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2011-07-27 10:29 - 2010-08-31 15:21 - 00017272 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-12 19:08 - 2009-03-12 19:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 16:38 - 2009-07-25 16:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2011-07-27 10:40 - 2011-02-22 11:16 - 00559104 _____ () C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\de\Humphrey.resources.dll
2011-07-27 10:58 - 2011-12-15 15:56 - 00022400 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\de\TosDILangPack.resources.dll
2011-07-27 10:58 - 2011-12-15 15:55 - 00063360 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIInternal.XmlSerializers.dll
2010-02-05 17:44 - 2010-02-05 17:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-06-22 23:27 - 2014-06-22 23:27 - 02783744 _____ () C:\Program Files\AVAST Software\Avast\defs\14062201\algo.dll
2014-06-23 14:36 - 2014-06-23 14:36 - 02783744 _____ () C:\Program Files\AVAST Software\Avast\defs\14062300\algo.dll
2014-05-09 18:24 - 2014-05-09 18:24 - 00859224 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2014-02-16 00:36 - 2014-02-16 00:36 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-18 15:25 - 2014-06-18 15:25 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-18 21:16 - 2014-05-18 21:16 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2014 02:37:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2014 00:53:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/22/2014 11:26:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2014 01:36:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/18/2014 10:00:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: bcc

Startzeit: 01cf8b272ba4eaae

Endzeit: 70

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 1ff0ada8-f723-11e3-a6b4-b888e31620a2

Error: (06/18/2014 09:54:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xf98
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (06/18/2014 09:33:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 16.6.2014.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1bd0

Startzeit: 01cf8b2bf0e0bc67

Endzeit: 7

Anwendungspfad: C:\Users\Br. Pirminius Seber\Downloads\FRST64.exe

Berichts-ID: 6b3f0853-f71f-11e3-a6b4-b888e31620a2

Error: (06/18/2014 09:31:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 16.6.2014.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1d50

Startzeit: 01cf8b2bbfcefb78

Endzeit: 5

Anwendungspfad: C:\Users\Br. Pirminius Seber\Downloads\FRST64.exe

Berichts-ID: 125913f9-f71f-11e3-a6b4-b888e31620a2

Error: (06/18/2014 08:54:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/19/2014 01:52:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (06/19/2014 01:52:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (06/19/2014 01:52:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (06/19/2014 01:52:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (06/19/2014 01:52:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (06/19/2014 01:52:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (06/19/2014 01:52:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (06/19/2014 01:51:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (06/19/2014 01:51:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (06/19/2014 01:51:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecureAssist" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3


Microsoft Office Sessions:
=========================
Error: (06/23/2014 02:37:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2014 00:53:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe

Error: (06/22/2014 11:26:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2014 01:36:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe

Error: (06/18/2014 10:00:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567bcc01cf8b272ba4eaae70C:\Windows\Explorer.EXE1ff0ada8-f723-11e3-a6b4-b888e31620a2

Error: (06/18/2014 09:54:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141bf9801cf8b2920db0d80C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll6ba35d6b-f722-11e3-a6b4-b888e31620a2

Error: (06/18/2014 09:33:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe16.6.2014.01bd001cf8b2bf0e0bc677C:\Users\Br. Pirminius Seber\Downloads\FRST64.exe6b3f0853-f71f-11e3-a6b4-b888e31620a2

Error: (06/18/2014 09:31:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe16.6.2014.01d5001cf8b2bbfcefb785C:\Users\Br. Pirminius Seber\Downloads\FRST64.exe125913f9-f71f-11e3-a6b4-b888e31620a2

Error: (06/18/2014 08:54:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 55%
Total physical RAM: 3890.67 MB
Available physical RAM: 1736.09 MB
Total Pagefile: 7779.52 MB
Available Pagefile: 5199.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:232.88 GB) (Free:186.01 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.49 GB) (Free:224.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 9E527146)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

Machiavelli 23.06.2014 18:25
OK ich warte auf weitere Logs.

Br.Pirminius 23.06.2014 19:28
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=9f3d10344ed7b8438cffa75a191559c4
# engine=18843
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-23 06:18:15
# local_time=2014-06-23 08:18:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 87 455487 167967985 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 74814 155177345 0 0
# scanned=159088
# found=53
# cleaned=0
# scan_time=3811
sh=44A7956A5D046523ABEDE48F6073E90961AAC364 ft=1 fh=7006f955c1e9646d vn="Variante von MSIL/Adware.iBryte.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowserSafeguard\uninstall.BrowserSafeguard.exe.vir"
sh=07EE6B2AF931FA381DE38B845181C8A12F092C1A ft=1 fh=a5c2abfedbc93267 vn="Variante von Win32/BrowseFox.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConstaSurf\ConstaSurfBHO.dll.vir"
sh=FA9D2CA31C755D0F5A81AE72A3CCB51EE989BAA4 ft=1 fh=05c404252e66b822 vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConstaSurf\updateConstaSurf.exe.vir"
sh=63FFFBF7FA1F7DC08E3EAF79A6A28823FD3AEC47 ft=1 fh=598a7e1eeccac04b vn="Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConstaSurf\bin\ConstaSurf.BrowserAdapter.exe.vir"
sh=D55371162E7AC08458FC1AC581B44FC5A6FF053F ft=1 fh=3b3d92f7237ca1af vn="Variante von Win64/BrowseFox.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConstaSurf\bin\ConstaSurf.PurBrowse64.exe.vir"
sh=DC16A1153D3F88CBFAF13D0E863833C537037600 ft=1 fh=e1707a6df3f3b19b vn="Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConstaSurf\bin\ConstaSurfBAApp.dll.vir"
sh=FA9D2CA31C755D0F5A81AE72A3CCB51EE989BAA4 ft=1 fh=05c404252e66b822 vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConstaSurf\bin\utilConstaSurf.exe.vir"
sh=EDE61E449BEDDA5DDD605A395496D49703F573F9 ft=1 fh=8b21ad2fcf9602e3 vn="Variante von Win32/BrowseFox.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConstaSurf\bin\{0782648b-1717-4fef-ac58-8cb3ce03adb3}.dll.vir"
sh=E4C197DC89A0611542EA828724C5D1EC585580B9 ft=1 fh=d63ea59554f3e16a vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.Bromon.dll.vir"
sh=B04C191760E311310E614768EA151FE0892B750D ft=1 fh=fc6b5dbd9b3b3f44 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.BroStats.dll.vir"
sh=9EDB59531A9FA3C3D37E57FF56EEC6D448C5C650 ft=1 fh=2c8832b93e9ac067 vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.BrowserAdapterS.dll.vir"
sh=05EADA5D6C46530C679C6A80FB8FBF9E2B21E0D7 ft=1 fh=b33ddd491724e59f vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.CompatibilityChecker.dll.vir"
sh=9C4EAB8D84EFB47BE6E31100B31CBE23F8DFA9EC ft=1 fh=81149872a0603674 vn="Variante von MSIL/BrowseFox.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.FFUpdate.dll.vir"
sh=35A23CE4F5641DC402C1A22CAB99044C6B9CAA55 ft=1 fh=4d0c1233abec05c4 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.IEUpdate.dll.vir"
sh=A4D08D7A58951F22EBFE9A9D121855EE345E56F7 ft=1 fh=edd95934e1ec67b0 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.PurBrowseG.dll.vir"
sh=CED05266ECDC6547AFB0B18E7AB4DBCCA5535FB9 ft=1 fh=2791e6518558f99b vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exe.vir"
sh=81FBC911F6F39943B5A508257ED317C6A388CA54 ft=1 fh=f881a71255879118 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=6F4FD559E82ECD0E9BF238374A8AE7763D9AF88F ft=1 fh=0fe3e64a55eab364 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=09975ED04166B761DC1CED0B15BAE6D37DCC0560 ft=1 fh=919d2464905062de vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=CC7735B51ACFC778DAFCE7B9C25798C1149059CA ft=1 fh=bdcf262ba56c13e6 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=E07AC00C609A9096EFEDCF5839D77AD91C96BD2D ft=1 fh=a44174895411af10 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=3AE79DE1D9A3C56075DB1B53DF9D7880AE03A5F6 ft=1 fh=bd390a3911fc5a39 vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=0F00EB8310C851AAD8AE9C7C17EF5F0D81617D3A ft=1 fh=1090c94a8e08b65e vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=2ADB3F435305E66F52A44D4E6509661F8B5BA47A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Br. Pirminius Seber\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.249_0\extensionData\plugins\91.js.vir"
sh=DC2F44E408378C231AFA4D5E0BC65855573FA17D ft=1 fh=576bb7911dc12d10 vn="Variante von Win32/Toolbar.SearchSuite.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Br. Pirminius Seber\AppData\Local\iLivid\Helper.dll.vir"
sh=93578A0F21346F205CD6A11CE02BD58ABB98EE11 ft=1 fh=f2d1349e4484dc5e vn="Variante von Win32/Toolbar.SearchSuite.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Br. Pirminius Seber\AppData\Local\iLivid\Uninstall.exe.vir"
sh=9949E2AA700EA8DC0CFEE91198AC53800C6BD0D6 ft=1 fh=aa0558f6d40a46cb vn="Variante von Win32/DealPly.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Br. Pirminius Seber\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe.vir"
sh=E082854FA3F7C89221E44406EA71086403E834E7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default\Extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\91.js.vir"
sh=AFFB7478306D0BAF1CBC2C646B61FB39DD4AB1FA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Br. Pirminius Seber\AppData\Roaming\Mozilla\Firefox\Profiles\2x0a1rkf.default\Extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\91.js.vir"
sh=B8E6BA69D75149795E4283A8A484B694CC50C001 ft=1 fh=7690bee84a2cb28f vn="Win32/VOPackage.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Br. Pirminius Seber\AppData\Roaming\VOPackage\Uninstall.exe.vir"
sh=44ED55CB1079D34027CB77CD62248064FF5A0A09 ft=1 fh=3916453e74289c7d vn="Win32/VOPackage.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Br. Pirminius Seber\AppData\Roaming\VOPackage\VOPackage.exe.vir"
sh=312B4326F089F044FEFE73A81FD94223E3F36410 ft=1 fh=789dc111d976203c vn="Variante von Win32/VOPackage.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Br. Pirminius Seber\AppData\Roaming\VOPackage\VOsrv.exe.vir"
sh=CCBAAB1EB050FA9CAB112ABED57872373467F2D4 ft=1 fh=fa50e357e61e53d8 vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Br. Pirminius Seber\AppData\Local\Temp\PCSpeedMaximizer.exe.xBAD"
sh=668865374E1866E82174D7683B968CEC3527691A ft=1 fh=d8f6daf83def6dca vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Br. Pirminius Seber\AppData\Local\Temp\speedupmypc.exe.xBAD"
sh=990A77ECC18BC46820C2354D3726F20FAAC791E9 ft=0 fh=0000000000000000 vn="Variante von Win32/AdWare.Adpeak.I Anwendung" ac=I fn="C:\temp\t.msi"
sh=3B155C78095C8F4A7851112D14C35A8128113C2C ft=1 fh=1de3c52b009f0bf0 vn="Variante von Win32/SpeedBit.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Installer\Install_10128\ytai.exe"
sh=3B155C78095C8F4A7851112D14C35A8128113C2C ft=1 fh=1de3c52b009f0bf0 vn="Variante von Win32/SpeedBit.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Installer\Install_19196\ytai.exe"
sh=3B155C78095C8F4A7851112D14C35A8128113C2C ft=1 fh=1de3c52b009f0bf0 vn="Variante von Win32/SpeedBit.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Installer\Install_32603\ytai.exe"
sh=8E5D0DDD88C86A467E04B9323475029CD80A66D8 ft=1 fh=f12484e4e350440f vn="Variante von Win32/BrowseFox.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FNEW0LN\Setup[1].exe"
sh=B2141692BDF56352A137D83E9EC73D05C423D2E5 ft=1 fh=e9e99cb68f1bf246 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FNEW0LN\SpeedUpMyPC-standalone-setup[1].exe"
sh=19CA6B0692A041B3DA02EC0BA7B8D970CFC61F15 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Temp\MsiToExe.SetupExtension.msi"
sh=8398427DEE8FECAF5BC25B22C826FC2DC6DF9747 ft=1 fh=81c159dc949cee29 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Temp\nsg653B.tmp"
sh=ACC1C7D6CD8420D4EA46A35522AFC0F096B77CCD ft=1 fh=54c2a27e7a7711bf vn="Variante von Win32/Injected.F Trojaner" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Temp\nsi3A76.tmp"
sh=939C16ADE15384AA65A71E9DD19E53ABBBDC344C ft=1 fh=96b3e5887a7711bf vn="Variante von Win32/Injected.F Trojaner" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Temp\nsq433E.tmp"
sh=BBAC352F257862DF68413AE710544A318DD2A091 ft=1 fh=c7ae4474b5cb8b84 vn="Variante von Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Uninstall.exe582819.del"
sh=D2EAFFAD45CC86DE6E07E9D8E42440CD25DA5754 ft=1 fh=855d8e396d7ffddb vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Temp\0967d265-08c9-4fb3-929e-9662bc5292a5\software\Cloud_Backup_Setup.exe"
sh=BBAC352F257862DF68413AE710544A318DD2A091 ft=1 fh=c7ae4474b5cb8b84 vn="Variante von Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Temp\580542.Uninstall\Uninstall.exe"
sh=DE7457A095FE26A437AE65ABFF603EBC7041B29A ft=1 fh=21434bd82dbff710 vn="Variante von Win32/Packed.ScrambleWrapper.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Install_11175\sense.exe"
sh=ADEA6F0F89F9B4A6BDCFF42C4E4AD7DA93D3B724 ft=1 fh=9219e53dcc10c3ae vn="Variante von Win32/Packed.ScrambleWrapper.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Install_18125\iwebar.exe"
sh=3B155C78095C8F4A7851112D14C35A8128113C2C ft=1 fh=1de3c52b009f0bf0 vn="Variante von Win32/SpeedBit.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Install_26552\ytai.exe"
sh=DEA5116E65880CCB22EC504C4C4CC7E0A1FE65B2 ft=1 fh=f49a059729fb3b71 vn="Win32/Toolbar.Babylon evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Br. Pirminius Seber\Downloads\installer_openoffice_Deutsch.exe"
sh=BBAC352F257862DF68413AE710544A318DD2A091 ft=1 fh=c7ae4474b5cb8b84 vn="Variante von Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Br. Pirminius Seber\Downloads\VideoPlayerSetup.exe"
sh=146F0A6C10435A26DB5100D044452322EE84FCFE ft=1 fh=314a90aba3c22b66 vn="Variante von MSIL/Adware.Proxomoto.F Anwendung" ac=I fn="C:\Windows\Microsoft\System Update kb77600\WindowsUpdater.exe"

Der Laptop funktioniert bislang wieder sehr gut.

Machiavelli 23.06.2014 19:36
Schritt 1: FRST Fix

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\Br. Pirminius Seber\AppData\Local\Installer
C:\Users\Br. Pirminius Seber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FNEW0LN
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\MsiToExe.SetupExtension.msi
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\nsg653B.tmp
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\nsi3A76.tmp
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\nsq433E.tmp
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Uninstall.exe582819.del
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\0967d265-08c9-4fb3-929e-9662bc5292a5\software\Cloud_Backup_Setup.exe
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\580542.Uninstall\Uninstall.exe
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Install_11175
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Install_18125
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Install_26552
C:\Users\Br. Pirminius Seber\Downloads\installer_openoffice_Deutsch.exe
C:\Users\Br. Pirminius Seber\Downloads\VideoPlayerSetup.exe
C:\Windows\Microsoft\System Update kb77600
HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\MountPoints2: F - F:\.\Autorun.exe AUTORUN=1

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 2: Datenträgerbereinigung

Datenträgerbereinigung
  • Gehe auf das Windowsstartsymbol
  • Gebe im Suchfeld Datenträgerrereinigung ein
  • Setze den Haken zusätzlich bei Temporäre Dateien
  • Bestätige mit OK
  • Bestätige dass du die Dateien unwiderruflich löschen möchtest

Br.Pirminius 23.06.2014 19:45
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014
Ran by Br. Pirminius Seber at 2014-06-23 20:45:15 Run:3
Running from C:\Users\Br. Pirminius Seber\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Br. Pirminius Seber\AppData\Local\Installer
C:\Users\Br. Pirminius Seber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FNEW0LN
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\MsiToExe.SetupExtension.msi
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\nsg653B.tmp
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\nsi3A76.tmp
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\nsq433E.tmp
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Uninstall.exe582819.del
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\0967d265-08c9-4fb3-929e-9662bc5292a5\software\Cloud_Backup_Setup.exe
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\580542.Uninstall\Uninstall.exe
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Install_11175
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Install_18125
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Install_26552
C:\Users\Br. Pirminius Seber\Downloads\installer_openoffice_Deutsch.exe
C:\Users\Br. Pirminius Seber\Downloads\VideoPlayerSetup.exe
C:\Windows\Microsoft\System Update kb77600
HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\...\MountPoints2: F - F:\.\Autorun.exe AUTORUN=1

*****************

C:\Users\Br. Pirminius Seber\AppData\Local\Installer => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FNEW0LN => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\MsiToExe.SetupExtension.msi => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\nsg653B.tmp => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\nsi3A76.tmp => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\nsq433E.tmp => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Uninstall.exe582819.del => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\0967d265-08c9-4fb3-929e-9662bc5292a5\software\Cloud_Backup_Setup.exe => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\580542.Uninstall\Uninstall.exe => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Install_11175 => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Install_18125 => Moved successfully.
C:\Users\Br. Pirminius Seber\AppData\Local\Temp\Install_26552 => Moved successfully.
C:\Users\Br. Pirminius Seber\Downloads\installer_openoffice_Deutsch.exe => Moved successfully.
C:\Users\Br. Pirminius Seber\Downloads\VideoPlayerSetup.exe => Moved successfully.
C:\Windows\Microsoft\System Update kb77600 => Moved successfully.
'HKU\S-1-5-21-3090635963-4145032168-3900013317-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-3090635963-4145032168-3900013317-1001'=> Key not found.

==== End of Fixlog ====

Machiavelli 23.06.2014 19:48
Hallo,
nach meiner Erkenntnis, ist Dein PC soweit sauber. :abklatsch:

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du mir Feedback geben willst, kannst Du es hier gerne tun: Lob, Kritik und Wünsche - Trojaner-Board


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )


Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:06 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132