Mbam.txt
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 23.02.2015
Suchlauf-Zeit: 17:09:38
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.4.1028
Malware Datenbank: v2015.02.23.04
Rootkit Datenbank: v2015.02.22.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: marku_000
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 409389
Verstrichene Zeit: 35 Min, 15 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert
Prozesse: 2
PUP.Optional.RollAround.A, C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugincontainer.exe, 5016, Löschen bei Neustart, [b22e28f90d7d280ec4a631643bc8ff01]
PUP.Optional.RollAround.A, C:\Program Files (x86)\Common Files\2a617352-d396-46a3-a71b-5d89535356cf\updater.exe, 10232, Löschen bei Neustart, [cc14b36e3852023476f4890c3ac9ed13]
Module: 0
(Keine schädliche Elemente erkannt)
Registrierungsschlüssel: 10
PUP.Optional.RollAround.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{83c0e288-8fa0-43d3-acc7-c1e839d85abc}, In Quarantäne, [38a853ce53378da9dbd813f5fb0812ee],
PUP.Optional.RollAround.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{506DDB16-455A-4746-AD77-D23228955FD3}, In Quarantäne, [38a853ce53378da9dbd813f5fb0812ee],
PUP.Optional.RollAround.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{22E9CC7A-04B2-4558-A993-763395274E42}, In Quarantäne, [38a853ce53378da9dbd813f5fb0812ee],
PUP.Optional.RollAround.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{22E9CC7A-04B2-4558-A993-763395274E42}, In Quarantäne, [38a853ce53378da9dbd813f5fb0812ee],
PUP.Optional.RollAround.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{506DDB16-455A-4746-AD77-D23228955FD3}, In Quarantäne, [38a853ce53378da9dbd813f5fb0812ee],
PUP.Optional.RollAround.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{83C0E288-8FA0-43D3-ACC7-C1E839D85ABC}, In Quarantäne, [38a853ce53378da9dbd813f5fb0812ee],
PUP.Optional.RollAround.A, HKLM\SOFTWARE\WOW6432NODE\RollAround, In Quarantäne, [ac34061b3159092d9ce3ddb8e91adc24],
PUP.Optional.RollAround.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Service Mgr RollAround, In Quarantäne, [b22e28f90d7d280ec4a631643bc8ff01],
PUP.Optional.RollAround.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Mgr RollAround, In Quarantäne, [cc14b36e3852023476f4890c3ac9ed13],
PUP.Optional.RollAround.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Roll Around, In Quarantäne, [a7394cd596f467cf2c3d157f72919769],
Registrierungswerte: 0
(Keine schädliche Elemente erkannt)
Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)
Ordner: 10
PUP.Optional.OpenCandy, C:\Users\marku_000\AppData\Roaming\OpenCandy, In Quarantäne, [ac34cc55dcaefb3bcbe3bd9e8c77f808],
PUP.Optional.OpenCandy, C:\Users\marku_000\AppData\Roaming\OpenCandy\86963B021BD6409BA4F3947ACFBE73F8, In Quarantäne, [ac34cc55dcaefb3bcbe3bd9e8c77f808],
PUP.Optional.RollAround.A, C:\Program Files (x86)\Roll Around, In Quarantäne, [a7394cd596f467cf2c3d157f72919769],
PUP.Optional.RollAround.A, C:\Program Files (x86)\Roll Around\Extensions, In Quarantäne, [a7394cd596f467cf2c3d157f72919769],
PUP.Optional.RollAround.A, C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf, Löschen bei Neustart, [e000051c4545f83ea1e901930af928d8],
PUP.Optional.RollAround.A, C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugincontainer, In Quarantäne, [e000051c4545f83ea1e901930af928d8],
PUP.Optional.RollAround.A, C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins, In Quarantäne, [e000051c4545f83ea1e901930af928d8],
PUP.Optional.RollAround.A, C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\3, In Quarantäne, [e000051c4545f83ea1e901930af928d8],
PUP.Optional.RollAround.A, C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\5, In Quarantäne, [e000051c4545f83ea1e901930af928d8],
PUP.Optional.RollAround.A, C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\8, In Quarantäne, [e000051c4545f83ea1e901930af928d8],
Dateien: 13
PUP.Optional.RollAround.A, C:\Program Files (x86)\Roll Around\Extensions\83c0e288-8fa0-43d3-acc7-c1e839d85abc.dll, In Quarantäne, [38a853ce53378da9dbd813f5fb0812ee],
PUP.Optional.OpenCandy, C:\Users\marku_000\AppData\Local\Temp\is-6MCCA.tmp\OCSetupHlp.dll, In Quarantäne, [17c9b26f2862f5419ee9926031d4bb45],
PUP.Optional.OpenCandy, C:\Users\marku_000\AppData\Local\Temp\is-CODAC.tmp\OCSetupHlp.dll, In Quarantäne, [855b65bcb5d582b4ed9af4feb74e52ae],
PUP.Optional.RollAround.A, C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugincontainer.exe, Löschen bei Neustart, [b22e28f90d7d280ec4a631643bc8ff01],
PUP.Optional.RollAround.A, C:\Program Files (x86)\Common Files\2a617352-d396-46a3-a71b-5d89535356cf\updater.exe, Löschen bei Neustart, [cc14b36e3852023476f4890c3ac9ed13],
PUP.Optional.OpenCandy, C:\Users\marku_000\AppData\Roaming\OpenCandy\86963B021BD6409BA4F3947ACFBE73F8\du.exe, In Quarantäne, [ac34cc55dcaefb3bcbe3bd9e8c77f808],
PUP.Optional.OpenCandy, C:\Users\marku_000\AppData\Roaming\OpenCandy\86963B021BD6409BA4F3947ACFBE73F8\setup0213.exe, In Quarantäne, [ac34cc55dcaefb3bcbe3bd9e8c77f808],
PUP.Optional.RollAround.A, C:\Program Files (x86)\Roll Around\7za.exe, In Quarantäne, [a7394cd596f467cf2c3d157f72919769],
PUP.Optional.RollAround.A, C:\Program Files (x86)\Roll Around\Uninstaller.exe, In Quarantäne, [a7394cd596f467cf2c3d157f72919769],
PUP.Optional.RollAround.A, C:\Program Files (x86)\Roll Around\Extensions\{bec0d06e-c92d-48a7-bc8b-4f7ee342b2ad}.xpi, In Quarantäne, [a7394cd596f467cf2c3d157f72919769],
PUP.Optional.RollAround.A, C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugincontainer.bak, In Quarantäne, [e000051c4545f83ea1e901930af928d8],
PUP.Optional.RollAround.A, C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\temp, In Quarantäne, [e000051c4545f83ea1e901930af928d8],
PUP.Optional.RollAround.A, C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\3\a34d4a2b-7447-4110-b227-f32d4e563118.dll, In Quarantäne, [e000051c4545f83ea1e901930af928d8],
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end)
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 23.02.2015
Suchlauf-Zeit: 17:09:38
Logdatei: mbam2.txt
Administrator: Ja
Version: 2.00.4.1028
Malware Datenbank: v2015.02.23.04
Rootkit Datenbank: v2015.02.22.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: marku_000
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 409389
Verstrichene Zeit: 35 Min, 15 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert
Prozesse: 2
PUP.Optional.RollAround.A, C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugincontainer.exe, 5016, Löschen bei Neustart, [b22e28f90d7d280ec4a631643bc8ff01]
PUP.Optional.RollAround.A, C:\Program Files (x86)\Common Files\2a617352-d396-46a3-a71b-5d89535356cf\updater.exe, 10232, Löschen bei Neustart, [cc14b36e3852023476f4890c3ac9ed13]
Module: 0
(Keine schädliche Elemente erkannt)
Registrierungsschlüssel: 10
PUP.Optional.RollAround.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{83c0e288-8fa0-43d3-acc7-c1e839d85abc}, In Quarantäne, [38a853ce53378da9dbd813f5fb0812ee],
PUP.Optional.RollAround.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{506DDB16-455A-4746-AD77-D23228955FD3}, In Quarantäne, [38a853ce53378da9dbd813f5fb0812ee],
PUP.Optional.RollAround.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{22E9CC7A-04B2-4558-A993-763395274E42}, In Quarantäne, [38a853ce53378da9dbd813f5fb0812ee],
PUP.Optional.RollAround.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{22E9CC7A-04B2-4558-A993-763395274E42}, In Quarantäne, [38a853ce53378da9dbd813f5fb0812ee],
PUP.Optional.RollAround.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{506DDB16-455A-4746-AD77-D23228955FD3}, In Quarantäne, [38a853ce53378da9dbd813f5fb0812ee],
PUP.Optional.RollAround.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{83C0E288-8FA0-43D3-ACC7-C1E839D85ABC}, In Quarantäne, [38a853ce53378da9dbd813f5fb0812ee],
PUP.Optional.RollAround.A, HKLM\SOFTWARE\WOW6432NODE\RollAround, In Quarantäne, [ac34061b3159092d9ce3ddb8e91adc24],
PUP.Optional.RollAround.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Service Mgr RollAround, In Quarantäne, [b22e28f90d7d280ec4a631643bc8ff01],
PUP.Optional.RollAround.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Mgr RollAround, In Quarantäne, [cc14b36e3852023476f4890c3ac9ed13],
PUP.Optional.RollAround.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Roll Around, In Quarantäne, [a7394cd596f467cf2c3d157f72919769],
Registrierungswerte: 0
(Keine schädliche Elemente erkannt)
Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)
Ordner: 10
PUP.Optional.OpenCandy, C:\Users\marku_000\AppData\Roaming\OpenCandy, In Quarantäne, [ac34cc55dcaefb3bcbe3bd9e8c77f808],
PUP.Optional.OpenCandy, C:\Users\marku_000\AppData\Roaming\OpenCandy\86963B021BD6409BA4F3947ACFBE73F8, In Quarantäne, [ac34cc55dcaefb3bcbe3bd9e8c77f808],
PUP.Optional.RollAround.A, C:\Program Files (x86)\Roll Around, In Quarantäne, [a7394cd596f467cf2c3d157f72919769],
PUP.Optional.RollAround.A, C:\Program Files (x86)\Roll Around\Extensions, In Quarantäne, [a7394cd596f467cf2c3d157f72919769],
PUP.Optional.RollAround.A, C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf, Löschen bei Neustart, [e000051c4545f83ea1e901930af928d8],
PUP.Optional.RollAround.A, C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugincontainer, In Quarantäne, [e000051c4545f83ea1e901930af928d8],
PUP.Optional.RollAround.A, C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins, In Quarantäne, [e000051c4545f83ea1e901930af928d8],
PUP.Optional.RollAround.A, C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\3, In Quarantäne, [e000051c4545f83ea1e901930af928d8],
PUP.Optional.RollAround.A, C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\5, In Quarantäne, [e000051c4545f83ea1e901930af928d8],
PUP.Optional.RollAround.A, C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\8, In Quarantäne, [e000051c4545f83ea1e901930af928d8],
Dateien: 13
PUP.Optional.RollAround.A, C:\Program Files (x86)\Roll Around\Extensions\83c0e288-8fa0-43d3-acc7-c1e839d85abc.dll, In Quarantäne, [38a853ce53378da9dbd813f5fb0812ee],
PUP.Optional.OpenCandy, C:\Users\marku_000\AppData\Local\Temp\is-6MCCA.tmp\OCSetupHlp.dll, In Quarantäne, [17c9b26f2862f5419ee9926031d4bb45],
PUP.Optional.OpenCandy, C:\Users\marku_000\AppData\Local\Temp\is-CODAC.tmp\OCSetupHlp.dll, In Quarantäne, [855b65bcb5d582b4ed9af4feb74e52ae],
PUP.Optional.RollAround.A, C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugincontainer.exe, Löschen bei Neustart, [b22e28f90d7d280ec4a631643bc8ff01],
PUP.Optional.RollAround.A, C:\Program Files (x86)\Common Files\2a617352-d396-46a3-a71b-5d89535356cf\updater.exe, Löschen bei Neustart, [cc14b36e3852023476f4890c3ac9ed13],
PUP.Optional.OpenCandy, C:\Users\marku_000\AppData\Roaming\OpenCandy\86963B021BD6409BA4F3947ACFBE73F8\du.exe, In Quarantäne, [ac34cc55dcaefb3bcbe3bd9e8c77f808],
PUP.Optional.OpenCandy, C:\Users\marku_000\AppData\Roaming\OpenCandy\86963B021BD6409BA4F3947ACFBE73F8\setup0213.exe, In Quarantäne, [ac34cc55dcaefb3bcbe3bd9e8c77f808],
PUP.Optional.RollAround.A, C:\Program Files (x86)\Roll Around\7za.exe, In Quarantäne, [a7394cd596f467cf2c3d157f72919769],
PUP.Optional.RollAround.A, C:\Program Files (x86)\Roll Around\Uninstaller.exe, In Quarantäne, [a7394cd596f467cf2c3d157f72919769],
PUP.Optional.RollAround.A, C:\Program Files (x86)\Roll Around\Extensions\{bec0d06e-c92d-48a7-bc8b-4f7ee342b2ad}.xpi, In Quarantäne, [a7394cd596f467cf2c3d157f72919769],
PUP.Optional.RollAround.A, C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugincontainer.bak, In Quarantäne, [e000051c4545f83ea1e901930af928d8],
PUP.Optional.RollAround.A, C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\temp, In Quarantäne, [e000051c4545f83ea1e901930af928d8],
PUP.Optional.RollAround.A, C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\3\a34d4a2b-7447-4110-b227-f32d4e563118.dll, In Quarantäne, [e000051c4545f83ea1e901930af928d8],
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end)
Habe 2 AnwProtokolle bekommen und gepostet. 35 Obj in Quarantäne verschoben. Code:
# AdwCleaner v4.111 - Bericht erstellt 23/02/2015 um 20:23:02
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-02-18.3 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : marku_000 - MARKUSPC
# Gestarted von : C:\Users\marku_000\Desktop\AdwCleaner_4.111.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\marku_000\AppData\Roaming\RHEng
Ordner Gelöscht : C:\Users\marku_000\AppData\Roaming\Mozilla\Firefox\Profiles\mhi4z7il.default-1422517580673\Extensions\sparpilot@sparpilot.com
Datei Gelöscht : C:\Users\MARKU_~1\AppData\Local\Temp\uninstaller.exe
Datei Gelöscht : C:\Users\marku_000\AppData\Roaming\Mozilla\Firefox\Profiles\mhi4z7il.default-1422517580673\user.js
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v35.0.1 (x86 de)
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [2016 Bytes] - [23/02/2015 20:19:21]
AdwCleaner[S0].txt - [1930 Bytes] - [23/02/2015 20:23:02]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1989 Bytes] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by marku_000 on 23.02.2015 at 21:04:53,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\marku_000\AppData\Roaming\xsmanager"
Failed to delete: [Folder] "C:\Program Files (x86)\xsmanager"
~~~ FireFox
Successfully deleted: [Folder] C:\Users\marku_000\AppData\Roaming\mozilla\firefox\profiles\mhi4z7il.default-1422517580673\extensions\toolbar@web.de
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.02.2015 at 21:06:45,95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2015
Ran by marku_000 (administrator) on MARKUSPC on 23-02-2015 21:10:33
Running from C:\Users\marku_000\Desktop
Loaded Profiles: marku_000 (Available profiles: marku_000)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
() C:\Windows\SysWOW64\SMITSC.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
() C:\Program Files (x86)\XSManager\WTGService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CANON INC.) C:\Windows\System32\CNAB4RPD.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-12-10] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2611112 2012-09-04] ()
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-20] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-01] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7148032 2012-10-31] (Pegatron Corporation)
HKLM-x32\...\Run: [TPUReg(x86)] => "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-02-12] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2821033868-2730095261-627831811-1004\...\Run: [Speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [44544 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-2821033868-2730095261-627831811-1004\...\MountPoints2: {8970e4e2-f394-11e3-becc-2016d88a63ab} - "D:\autorun.exe"
HKU\S-1-5-21-2821033868-2730095261-627831811-1004\...\MountPoints2: {8970ede2-f394-11e3-becc-2016d88a63ab} - "D:\AutoRun.exe"
HKU\S-1-5-21-2821033868-2730095261-627831811-1004\...\MountPoints2: {e1a3a3e0-ab98-11e4-befc-2016d88a63ab} - "D:\XSManagerinstallation.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP2900 Statusfenster.lnk
ShortcutTarget: Canon LBP2900 Statusfenster.lnk -> C:\Windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE (CANON INC.)
Startup: C:\Users\marku_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2821033868-2730095261-627831811-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
HKU\S-1-5-21-2821033868-2730095261-627831811-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2821033868-2730095261-627831811-1004 -> {DDAF7E93-82C2-4F8B-8D35-88F73768AED0} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DocumentExporterIE -> {e88d1d51-70d0-4a24-b58c-b509d39fdbb9} -> C:\Program Files\AssistMyTeam\Document Exporter for Internet Explorer\adxloader64.dll ()
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: DocumentExporterIE -> {e88d1d51-70d0-4a24-b58c-b509d39fdbb9} -> C:\Program Files\AssistMyTeam\Document Exporter for Internet Explorer\adxloader.dll ()
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - Document Exporter - {da153d37-a57e-4f22-a649-6aeef4a10c28} - C:\Program Files\AssistMyTeam\Document Exporter for Internet Explorer\adxloader64.dll ()
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Document Exporter - {da153d37-a57e-4f22-a649-6aeef4a10c28} - C:\Program Files\AssistMyTeam\Document Exporter for Internet Explorer\adxloader.dll ()
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\marku_000\AppData\Roaming\Mozilla\Firefox\Profiles\mhi4z7il.default-1422517580673
FF Homepage: hxxp://www.spiegel.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: DownloadHelper - C:\Users\marku_000\AppData\Roaming\Mozilla\Firefox\Profiles\mhi4z7il.default-1422517580673\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-01-29]
FF Extension: NoScript - C:\Users\marku_000\AppData\Roaming\Mozilla\Firefox\Profiles\mhi4z7il.default-1422517580673\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-31]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\marku_000\AppData\Roaming\Mozilla\Firefox\Profiles\mhi4z7il.default-1422517580673\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-02-14]
FF Extension: Roll Around - C:\Users\marku_000\AppData\Roaming\Mozilla\Firefox\Profiles\mhi4z7il.default-1422517580673\Extensions\{bec0d06e-c92d-48a7-bc8b-4f7ee342b2ad}.xpi [2015-02-21]
FF Extension: {c830e730-2c77-4a88-bb1f-b02499056653} - C:\Users\marku_000\AppData\Roaming\Mozilla\Firefox\Profiles\mhi4z7il.default-1422517580673\Extensions\{c830e730-2c77-4a88-bb1f-b02499056653}.xpi [2015-02-12]
FF Extension: Adblock Plus - C:\Users\marku_000\AppData\Roaming\Mozilla\Firefox\Profiles\mhi4z7il.default-1422517580673\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-31]
FF Extension: DownThemAll! - C:\Users\marku_000\AppData\Roaming\Mozilla\Firefox\Profiles\mhi4z7il.default-1422517580673\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-01-29]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-26]
FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-02-14]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR Profile: C:\Users\marku_000\AppData\Local\Google\Chrome\User Data\Default
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [807160 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [992048 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-04-12] (IvoSoft) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-07-20] (WildTangent)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [230240 2014-06-18] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
R2 SMITS; C:\Windows\SysWOW64\SMITSC.exe [13312 2014-03-06] () [File not signed]
R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329872 2013-04-15] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-02-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-02-12] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 cmnsusbser; C:\Windows\system32\DRIVERS\cmnsusbser.sys [126080 2015-02-05] (QUALCOMM Incorporated)
S3 cmntnet; C:\Windows\system32\DRIVERS\cmntnet.sys [141824 2015-02-05] (Wireless Data Device)
S3 cmnuusbser; C:\Windows\system32\DRIVERS\cmnuusbser.sys [123776 2015-02-05] (Wireless Device)
S3 FlashUSB; C:\Windows\System32\drivers\FlashUSB.sys [19968 2014-06-16] (Intel Mobile Communications)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-20] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-23 21:06 - 2015-02-23 21:06 - 00000932 _____ () C:\Users\marku_000\Desktop\JRT.txt
2015-02-23 21:02 - 2015-02-23 21:02 - 01388274 _____ (Thisisu) C:\Users\marku_000\Desktop\JRT.exe
2015-02-23 20:57 - 2015-02-23 20:57 - 00131072 ___HT () C:\Users\marku_000\Desktop\~backupoutlookal.pst.tmp
2015-02-23 20:57 - 2015-02-23 20:57 - 00131072 ___HT () C:\Users\marku_000\Desktop\~backupoutlook.pst.tmp
2015-02-23 20:18 - 2015-02-23 20:23 - 00000000 ____D () C:\AdwCleaner
2015-02-23 20:17 - 2015-02-23 20:17 - 02126848 _____ () C:\Users\marku_000\Desktop\AdwCleaner_4.111.exe
2015-02-23 17:58 - 2015-02-23 17:58 - 00006357 _____ () C:\Users\marku_000\Desktop\mbam2.txt
2015-02-23 17:57 - 2015-02-23 17:57 - 00006356 _____ () C:\Users\marku_000\Desktop\mbam.txt
2015-02-23 17:09 - 2015-02-23 17:50 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-23 17:09 - 2015-02-23 17:09 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-23 17:09 - 2015-02-23 17:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-23 17:09 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-23 17:09 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-23 17:09 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-23 17:06 - 2015-02-23 17:06 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\marku_000\Desktop\mbam-setup-2.0.4.1028(1).exe
2015-02-22 21:10 - 2015-02-23 21:11 - 00020125 _____ () C:\Users\marku_000\Desktop\FRST.txt
2015-02-22 21:10 - 2015-02-23 21:10 - 00000000 ____D () C:\FRST
2015-02-22 21:08 - 2015-02-22 21:08 - 02087424 _____ (Farbar) C:\Users\marku_000\Desktop\FRST64.exe
2015-02-21 12:51 - 2015-02-21 12:51 - 00001226 _____ () C:\Users\marku_000\Desktop\Any Video Converter.lnk
2015-02-21 12:50 - 2015-02-21 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvsoft
2015-02-21 12:50 - 2015-02-21 12:50 - 00000000 ____D () C:\Program Files (x86)\Anvsoft
2015-02-21 12:49 - 2015-02-21 12:49 - 34590640 _____ (Any-Video-Converter.com ) C:\Users\marku_000\Downloads\avc578-free.exe
2015-02-20 17:40 - 2015-02-20 17:50 - 00000000 ___RD () C:\Users\marku_000\Desktop\notebook
2015-02-14 23:09 - 2015-02-14 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-14 23:09 - 2015-02-14 23:09 - 00000000 ____D () C:\Program Files (x86)\WEB.DE MailCheck
2015-02-14 23:09 - 2015-02-14 23:09 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-02-14 23:08 - 2015-02-14 23:09 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-02-14 23:05 - 2015-02-14 23:09 - 00000000 ____D () C:\Users\marku_000\AppData\Roaming\DVDVideoSoft
2015-02-14 23:05 - 2015-02-14 23:05 - 03533024 _____ (DVDVideoSoft Ltd. ) C:\Users\marku_000\Downloads\FreeYouTube53Download.exe
2015-02-12 13:24 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-12 13:24 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-12 11:22 - 2015-02-12 11:22 - 00660440 _____ () C:\Users\marku_000\Downloads\StoryBoardPC_CB-DL-Manager.exe
2015-02-11 11:23 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 11:23 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 11:23 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 11:23 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 09:45 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 09:45 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 09:45 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 09:45 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 09:45 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 09:45 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 09:45 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 09:45 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 09:45 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 09:45 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 09:45 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 09:45 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 09:45 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 09:45 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 09:45 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 09:45 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 09:45 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 09:45 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 09:45 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 09:45 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 09:45 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 09:45 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 09:45 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 09:45 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 09:45 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 09:45 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 09:45 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-11 09:44 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 09:44 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 09:44 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 09:44 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 09:44 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 09:44 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 09:44 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 09:44 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 09:44 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 09:44 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 09:44 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 09:44 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 09:44 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 09:44 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 09:44 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 09:44 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 09:44 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 09:44 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 09:44 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 09:44 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 09:44 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 09:44 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 09:44 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 09:44 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 09:44 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 09:44 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 09:44 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 09:44 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 09:44 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 09:44 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 09:44 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 09:44 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 09:44 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 09:44 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-05 19:42 - 2015-02-23 21:05 - 00000000 ____D () C:\Program Files (x86)\XSManager
2015-02-05 19:42 - 2015-02-05 19:42 - 00159744 _____ (MobileBroadband.) C:\WINDOWS\system32\Drivers\MobileBroadbandDCWwan.sys
2015-02-05 19:42 - 2015-02-05 19:42 - 00141824 _____ (Wireless Data Device) C:\WINDOWS\system32\Drivers\cmntnet.sys
2015-02-05 19:42 - 2015-02-05 19:42 - 00133120 _____ (C-motech Co.,Ltd.) C:\WINDOWS\system32\Drivers\cm_netamd.sys
2015-02-05 19:42 - 2015-02-05 19:42 - 00123904 _____ (MobileBroadband.) C:\WINDOWS\system32\Drivers\MobileBroadbandDCser.sys
2015-02-05 19:42 - 2015-02-05 19:42 - 00123776 _____ (Wireless Device) C:\WINDOWS\system32\Drivers\cmnuusbser.sys
2015-02-05 19:42 - 2015-02-05 19:42 - 00118272 _____ (C-motech Co.,Ltd.) C:\WINDOWS\system32\Drivers\cm_seramd.sys
2015-02-05 19:42 - 2015-02-05 19:42 - 00112640 _____ (C-motech Co.,Ltd.) C:\WINDOWS\system32\Drivers\cm_net32.sys
2015-02-05 19:42 - 2015-02-05 19:42 - 00103680 _____ (C-motech Co.,Ltd.) C:\WINDOWS\system32\Drivers\cm_ser32.sys
2015-02-05 19:42 - 2015-02-05 19:42 - 00101056 _____ () C:\WINDOWS\system32\Drivers\dvb_nova_12mhz_b0.inp
2015-02-05 19:42 - 2015-02-05 19:42 - 00092456 _____ () C:\WINDOWS\system32\Drivers\isdbt_nova_12mhz_b0.inp
2015-02-05 19:42 - 2015-02-05 19:42 - 00079036 _____ () C:\WINDOWS\system32\Drivers\tdmb_nova_12mhz_b0.inp
2015-02-05 19:42 - 2015-02-05 19:42 - 00063648 _____ (Siano) C:\WINDOWS\system32\Drivers\smsbda.sys
2015-02-05 19:42 - 2015-02-05 19:42 - 00025088 _____ (Windows (R) Codename Longhorn DDK provider) C:\WINDOWS\system32\Drivers\MobileBroadbandDCUsb.sys
2015-02-05 19:42 - 2015-02-05 19:42 - 00001956 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\XSManager.lnk
2015-02-05 19:42 - 2015-02-05 19:42 - 00000040 _____ () C:\WINDOWS\system32\Drivers\smsbda.cfg
2015-02-05 19:42 - 2015-02-05 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSManager
2015-02-05 17:32 - 2015-02-23 20:35 - 00005150 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for MARKUSPC-marku_000 MarkusPC
2015-01-26 18:56 - 2015-02-14 23:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-23 21:06 - 2014-05-02 11:03 - 01142304 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-23 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-23 20:59 - 2013-09-17 19:41 - 08651776 _____ () C:\Users\marku_000\Desktop\backupoutlookal.pst
2015-02-23 20:59 - 2013-09-15 20:21 - 08905728 _____ () C:\Users\marku_000\Desktop\backupoutlook.pst
2015-02-23 20:57 - 2013-06-10 16:50 - 00000000 ____D () C:\Users\marku_000\Documents\Outlook-Dateien
2015-02-23 20:51 - 2013-06-10 22:45 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-23 20:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-23 20:45 - 2014-05-02 11:17 - 00000000 __RDO () C:\Users\marku_000\OneDrive
2015-02-23 20:44 - 2014-03-18 02:50 - 00209128 _____ () C:\WINDOWS\PFRO.log
2015-02-23 20:44 - 2013-08-22 15:46 - 00337827 _____ () C:\WINDOWS\setupact.log
2015-02-23 20:44 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-23 20:25 - 2013-06-10 15:44 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-23 20:23 - 2013-08-22 14:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-23 18:39 - 2013-06-10 14:50 - 00000000 ____D () C:\Users\marku_000\AppData\Local\Packages
2015-02-23 18:14 - 2013-06-10 15:03 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2821033868-2730095261-627831811-1004
2015-02-23 17:48 - 2013-01-15 08:57 - 00000000 ____D () C:\WINDOWS\OemDrv
2015-02-23 14:18 - 2014-03-18 11:03 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-23 14:18 - 2014-03-18 10:25 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-23 14:18 - 2014-03-18 10:25 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-22 20:34 - 2013-09-18 17:12 - 00000000 ____D () C:\Users\marku_000\Documents\Neue Dateien
2015-02-22 10:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-21 14:40 - 2014-01-10 20:54 - 00000000 ____D () C:\Users\marku_000\AppData\Roaming\vlc
2015-02-21 13:32 - 2013-10-02 20:29 - 00000000 ____D () C:\Users\marku_000\AppData\Roaming\dvdcss
2015-02-21 12:50 - 2014-09-07 18:54 - 00000000 ____D () C:\Users\marku_000\AppData\Roaming\Anvsoft
2015-02-20 17:55 - 2014-02-10 10:22 - 00000000 ____D () C:\Users\marku_000\Desktop\Goodtoknow
2015-02-20 17:55 - 2014-01-12 19:05 - 00000000 ____D () C:\Users\marku_000\Desktop\Facebook
2015-02-20 17:50 - 2014-01-29 23:37 - 00000000 ____D () C:\Users\marku_000\Desktop\Filmsites
2015-02-20 17:50 - 2014-01-27 21:43 - 00000000 ____D () C:\Users\marku_000\Desktop\Musiksites
2015-02-20 17:49 - 2013-09-21 19:59 - 00000000 ____D () C:\Users\marku_000\Desktop\emailadr+kontakte
2015-02-20 17:41 - 2014-01-03 11:24 - 00000000 ____D () C:\Users\marku_000\Desktop\Bilder2014
2015-02-20 17:40 - 2014-02-16 13:42 - 00000000 ____D () C:\Users\marku_000\Desktop\Ideas
2015-02-19 18:13 - 2013-12-01 12:22 - 09447424 ___SH () C:\Users\marku_000\Desktop\Thumbs.db
2015-02-19 17:34 - 2013-12-06 21:15 - 00107008 ___SH () C:\Users\marku_000\Downloads\Thumbs.db
2015-02-16 22:18 - 2013-09-15 22:14 - 00000000 ____D () C:\Users\marku_000\AppData\Roaming\Skype
2015-02-16 10:00 - 2014-09-24 16:01 - 00000000 ____D () C:\Users\marku_000\Documents\VIDEO_Archiv
2015-02-14 22:19 - 2013-09-08 20:52 - 00000000 ____D () C:\Users\marku_000\dwhelper
2015-02-13 11:28 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-13 11:27 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-12 11:25 - 2014-09-07 18:55 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-12 11:25 - 2014-09-07 18:55 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-12 10:30 - 2013-08-31 10:23 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 10:26 - 2013-06-10 14:09 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-12 10:24 - 2014-08-25 10:52 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-02-12 10:24 - 2014-08-25 10:52 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-02-12 10:24 - 2014-08-25 10:52 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-02-12 09:29 - 2014-02-04 23:48 - 00030208 ___SH () C:\Users\marku_000\Thumbs.db
2015-02-11 14:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-11 14:01 - 2013-08-22 15:44 - 00373472 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 09:56 - 2014-04-19 12:06 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-05 19:42 - 2014-06-16 10:40 - 00126080 _____ (QUALCOMM Incorporated) C:\WINDOWS\system32\Drivers\cmnsusbser.sys
2015-02-04 19:51 - 2013-06-10 22:45 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-31 10:58 - 2013-06-10 22:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-30 23:20 - 2014-08-28 20:09 - 00000000 ____D () C:\Users\marku_000\Documents\emWave
2015-01-28 20:34 - 2014-04-01 20:42 - 00000000 ____D () C:\Users\marku_000\Desktop\Fun
2015-01-26 20:26 - 2014-04-04 12:11 - 00000000 ____D () C:\Users\marku_000\Desktop\BYRON KATIE
==================== Files in the root of some directories =======
2014-03-27 00:13 - 2014-03-27 00:13 - 0000050 _____ () C:\Users\marku_000\AppData\Roaming\Camdata.ini
2014-03-27 00:13 - 2014-03-27 00:13 - 0000408 _____ () C:\Users\marku_000\AppData\Roaming\CamLayout.ini
2014-03-27 00:13 - 2014-03-27 00:13 - 0000408 _____ () C:\Users\marku_000\AppData\Roaming\CamShapes.ini
2014-03-26 21:46 - 2014-03-26 21:46 - 0004416 _____ () C:\Users\marku_000\AppData\Roaming\CamStudio.cfg
2013-09-21 19:55 - 2013-09-21 19:55 - 0028039 _____ () C:\Users\marku_000\AppData\Roaming\Durch Trennzeichen getrennte Werte.ADR
2013-09-21 19:53 - 2013-10-27 15:49 - 0012109 _____ () C:\Users\marku_000\AppData\Roaming\Durch Trennzeichen getrennte Werte.EML
2014-10-25 15:43 - 2014-10-25 15:43 - 0003584 _____ () C:\Users\marku_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-26 19:42 - 2014-06-26 19:42 - 0001337 _____ () C:\Users\marku_000\AppData\Local\recently-used.xbel
2013-10-21 17:10 - 2013-10-21 17:10 - 4456448 _____ () C:\ProgramData\ClassicShellSetup64_3_6_8.msi
Some content of TEMP:
====================
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationCore.dll
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationFramework.dll
C:\Users\ADMINI~1\AppData\Local\Temp\ReachFramework.dll
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationProvider.dll
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationTypes.dll
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsBase.dll
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsFormsIntegration.dll
C:\Users\Markus\AppData\Local\Temp\AskSLib.dll
C:\Users\marku_000\AppData\Local\Temp\avgnt.exe
C:\Users\marku_000\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\marku_000\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\marku_000\AppData\Local\Temp\FreeYouTubeDownload.exe
C:\Users\marku_000\AppData\Local\Temp\install_flashplayer13x32au_mssd_aaa_aih.exe
C:\Users\marku_000\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\marku_000\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\marku_000\AppData\Local\Temp\UninstallerGer.dll
C:\Users\marku_000\AppData\Local\Temp\UninstallerIta.dll
C:\Users\marku_000\AppData\Local\Temp\WtgDriverInstallX.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-23 18:14
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2015
Ran by marku_000 at 2015-02-23 21:11:20
Running from C:\Users\marku_000\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{C23F43A3-327E-2969-52F2-89ED83D99F48}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.624 - Avira)
Any Video Converter 5.7.8 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Atheros Bluetooth Filter Driver Package (HKLM\...\{026B819B-4D60-4C8B-892D-33A0D8666F60}) (Version: 2.0.0.3 - Atheros Communications)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Canon LBP2900 (HKLM\...\Canon LBP2900) (Version: - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Classic Shell (HKLM\...\{7F34ADBE-77C0-47A0-BBC6-B3DA16CE8E68}) (Version: 3.6.7 - IvoSoft)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
Direct Stream Recorder (remove only) (HKLM-x32\...\Direct Stream Recorder) (Version: - )
Document Exporter for Internet Explorer (HKLM\...\{3AD18E95-983D-4EA5-BAED-07F092393657}) (Version: 2.0.24 - AssistMyTeam)
DVDFab 9.1.6.8 (13/09/2014) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden
emWave Pro (HKLM-x32\...\emWave Pro3.3.0.7385) (Version: 3.3.0.7385 - Heartmath Inc.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Filmlexikon 2011 (HKLM-x32\...\InstallShield_{A57B2FA6-F6B7-43A1-B294-3E775F353ED1}) (Version: 1.00.0000 - USM)
Filmlexikon 2011 (x32 Version: 1.00.0000 - USM) Hidden
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free YouTube Download version 3.2.53.128 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.53.128 - DVDVideoSoft Ltd.)
GTS (HKLM-x32\...\{BFC587EC-E184-49F0-96B0-1658AE47F1D6}) (Version: 1.00.17 - vwd AG)
GTS (HKLM-x32\...\{D85BCA0B-9205-4C9F-A059-7F2FC77BC31F}) (Version: 1.00.17 - vwd AG)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33268) (Version: 3.6.1.33268.15 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Home and Business 2013 - de-de (HKLM\...\HomeBusinessRetail - de-de) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2821033868-2730095261-627831811-1004\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.10.00.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-2821033868-2730095261-627831811-1004\...\MyFreeCodec) (Version: - )
Nero 12 Essentials Toshiba (HKLM-x32\...\{2EF76291-8647-46F0-89D8-0AA8B72A5420}) (Version: 12.0.00600 - Nero AG)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.5000 - SRS Labs, Inc.)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.2 - Synaptics Incorporated)
TOSHIBA Blu-ray Disc Player (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 1.0.5.207 - Toshiba Corporation)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6626.6406 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
Toshiba Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 2.00.972 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.1.54043006 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0015 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.6.0 - Toshiba Europe GmbH)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 3.0.1.1739 - 1&1 Mail & Media GmbH)
Welcome App (Start-up experience) (x32 Version: 12.0.14000 - Nero AG) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.14 - WildTangent) Hidden
XSManager (HKLM-x32\...\XSManager) (Version: 3.2 - XSManager)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2821033868-2730095261-627831811-1004_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\marku_000\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2821033868-2730095261-627831811-1004_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\marku_000\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2821033868-2730095261-627831811-1004_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\marku_000\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2821033868-2730095261-627831811-1004_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\marku_000\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2821033868-2730095261-627831811-1004_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\marku_000\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
11-02-2015 09:54:44 Windows Update
13-02-2015 14:16:47 TuneUp Utilities 2014 wird entfernt
22-02-2015 18:24:17 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2014-12-13 10:50 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1E3219E9-9B05-4DC6-97DF-D3BFA604CA61} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {476553E5-CB3D-458F-94C3-7D518D8F79D5} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-07-18] (Toshiba Europe GmbH)
Task: {642FD3ED-1163-4200-9BE8-2447A9C933FE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A3E7193F-22D7-4B1E-B27A-BC2EFE7120C8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-12] (Microsoft Corporation)
Task: {CCCA8EBD-A4DC-4937-BF1A-513F3FAE3F2E} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {D392774B-45CB-4BF1-9F7E-D1F195DEAA8C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {F64E25B7-A980-462A-B394-2AAD54A6E590} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MARKUSPC-marku_000 MarkusPC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-01-06] (Microsoft Corporation)
Task: {F7BEAEC7-626A-4D18-89AA-780BCFEE234F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2011-10-13 23:38 - 2011-10-13 23:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2014-03-24 12:30 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-06-18 09:25 - 2014-06-18 09:25 - 00230240 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2014-04-19 12:08 - 2014-03-06 11:37 - 00013312 _____ () C:\Windows\SysWOW64\SMITSC.exe
2015-02-05 19:42 - 2013-04-15 17:40 - 00329872 ____N () C:\Program Files (x86)\XSManager\WTGService.exe
2012-09-04 23:19 - 2012-09-04 23:19 - 02611112 _____ () C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
2012-07-19 03:38 - 2012-07-19 03:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-19 03:38 - 2012-07-19 03:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-14 04:13 - 2012-08-14 04:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2013-01-15 08:32 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-11-15 12:19 - 2014-11-15 12:19 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-12-24 16:41 - 2015-01-06 10:36 - 01032352 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2015-01-26 18:56 - 2015-01-26 18:56 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\marku_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\marku_000\AppData\Roaming\Durch Trennzeichen getrennte Werte.EML:OECustomProperty
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2821033868-2730095261-627831811-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\marku_000\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKU\S-1-5-21-2821033868-2730095261-627831811-1004\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-2821033868-2730095261-627831811-1004\...\StartupApproved\Run: => "Speech Recognition"
==================== Accounts: =============================
Administrator (S-1-5-21-2821033868-2730095261-627831811-500 - Administrator - Disabled)
Gast (S-1-5-21-2821033868-2730095261-627831811-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2821033868-2730095261-627831811-1006 - Limited - Enabled)
marku_000 (S-1-5-21-2821033868-2730095261-627831811-1004 - Administrator - Enabled) => C:\Users\marku_000
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-02-13 19:34:01.543
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-13 19:34:01.506
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-13 19:34:01.469
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-13 19:33:15.338
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-13 19:33:15.298
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-13 19:33:15.261
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-13 19:33:14.164
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-13 19:33:14.010
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-13 19:33:13.856
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-13 19:33:13.641
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 27%
Total physical RAM: 8143.22 MB
Available physical RAM: 5903.38 MB
Total Pagefile: 9423.22 MB
Available Pagefile: 6714.14 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (TI31018700A) (Fixed) (Total:920.15 GB) (Free:792.76 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
FRST 32-Bit | FRST 64-Bit
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
