FRST.txt:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015
Ran by sandy (administrator) on SANDY-TOSHI on 04-03-2015 19:10:50
Running from C:\Users\sandy\Desktop
Loaded Profiles: sandy (Available profiles: sandy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Tablet Driver) C:\Windows\SysWOW64\WTClient.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-05-11] (Toshiba Europe GmbH)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505768 2010-05-25] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-07-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-15] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [WTClient] => C:\Windows\SysWOW64\WTClient.exe [32768 2009-08-20] (Tablet Driver)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe [61440 2006-09-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-02-25] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2990021915-2304927789-3911982604-1000\...\Run: [Google Update] => C:\Users\sandy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-03] (Google Inc.)
HKU\S-1-5-21-2990021915-2304927789-3911982604-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2990021915-2304927789-3911982604-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2990021915-2304927789-3911982604-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2990021915-2304927789-3911982604-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM -> {56D29AEA-DB7C-466D-86B2-25EE7D0A7D65} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {BB9BF943-36AC-46D3-B526-CAB3C8E8FBA2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000 -> DefaultScope {56D29AEA-DB7C-466D-86B2-25EE7D0A7D65} URL =
SearchScopes: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000 -> {0E61CED6-8623-48AC-8FF6-B73BA19BAEE7} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000 -> {56D29AEA-DB7C-466D-86B2-25EE7D0A7D65} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
DPF: HKLM-x32 {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx
DPF: HKLM-x32 {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx
DPF: HKLM-x32 {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///E:/components/wmvhdrating.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\sandy\AppData\Roaming\Mozilla\Firefox\Profiles\j8twzhfc.default-1394097801468
FF DefaultSearchEngine: LEO Eng-Deu
FF SelectedSearchEngine: LEO Eng-Deu
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2990021915-2304927789-3911982604-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\sandy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-2990021915-2304927789-3911982604-1000: @tools.google.com/Google Update;version=3 -> C:\Users\sandy\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2990021915-2304927789-3911982604-1000: @tools.google.com/Google Update;version=9 -> C:\Users\sandy\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: YouTube™ Flash® Player - C:\Users\sandy\AppData\Roaming\Mozilla\Firefox\Profiles\j8twzhfc.default-1394097801468\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2015-02-02]
FF Extension: Photobucket Uploader - C:\Users\sandy\AppData\Roaming\Mozilla\Firefox\Profiles\j8twzhfc.default-1394097801468\Extensions\pbupload@photobucket.com.xpi [2014-06-03]
FF Extension: YesScript - C:\Users\sandy\AppData\Roaming\Mozilla\Firefox\Profiles\j8twzhfc.default-1394097801468\Extensions\yesscript@userstyles.org.xpi [2014-06-06]
FF Extension: NoScript - C:\Users\sandy\AppData\Roaming\Mozilla\Firefox\Profiles\j8twzhfc.default-1394097801468\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-08]
FF Extension: Adblock Plus - C:\Users\sandy\AppData\Roaming\Mozilla\Firefox\Profiles\j8twzhfc.default-1394097801468\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-08]
Chrome:
=======
CHR Profile: C:\Users\sandy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-22]
CHR Extension: (Avira Browser Safety) - C:\Users\sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-09]
CHR Extension: (Google Wallet) - C:\Users\sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-22]
CHR Extension: (Minecraft Diamond Block) - C:\Users\sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgcgodlpmjclfncgiejflbkjigfhhkp [2014-12-03]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor5.0; C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-02-25] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992504 2015-02-25] (Avira Operations GmbH & Co. KG)
S3 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [81920 2008-06-13] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2723840 2008-06-13] (Firebird Project) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-27] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-05-11] (Toshiba Europe GmbH)
S4 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-07-04] (Vodafone) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [73728 2009-09-23] (Tablet Driver) [File not signed]
S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [277904 2014-01-09] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [228000 2014-01-09] (Protect Software GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-02-25] (Avira Operations GmbH & Co. KG)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-11-07] (Emsisoft GmbH)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-04] (Malwarebytes Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 ALSysIO; \??\C:\Users\sandy\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-04 19:10 - 2015-03-04 19:12 - 00019080 _____ () C:\Users\sandy\Desktop\FRST.txt
2015-03-04 19:10 - 2015-03-04 19:10 - 00000000 ____D () C:\FRST
2015-03-04 19:03 - 2015-03-04 19:03 - 02093056 _____ (Farbar) C:\Users\sandy\Desktop\FRST64.exe
2015-03-04 19:02 - 2015-03-04 19:03 - 00000000 ____D () C:\Users\sandy\Desktop\MÖP
2015-03-04 17:45 - 2015-03-04 17:45 - 00003544 ____N () C:\bootsqm.dat
2015-03-04 10:05 - 2015-03-04 10:02 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-04 10:01 - 2015-03-04 10:01 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\Avira
2015-03-04 09:59 - 2015-03-04 09:59 - 00002077 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-03-04 09:59 - 2015-03-04 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-04 09:58 - 2015-03-04 09:58 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-04 09:58 - 2015-02-25 17:53 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-04 09:58 - 2015-02-25 17:53 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-04 09:58 - 2015-02-25 17:53 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-03-04 09:07 - 2015-03-04 09:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-04 09:07 - 2015-03-04 09:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-04 09:07 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-04 09:07 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-04 09:07 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-03 22:15 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-03 22:15 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-03 22:15 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-03 22:15 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-03-02 14:49 - 2015-03-02 14:50 - 00000000 ___RD () C:\Users\sandy\Desktop\Bewerbung
2015-03-01 20:35 - 2015-03-01 20:35 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\JAM Software
2015-02-28 18:54 - 2015-02-28 18:54 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\Opera
2015-02-27 13:22 - 2015-03-02 21:58 - 00000000 ___RD () C:\Users\sandy\Desktop\Portfolio
2015-02-26 13:26 - 2015-03-02 17:18 - 00000000 ___RD () C:\Users\sandy\Desktop\Scan
2015-02-26 13:10 - 2015-03-03 13:57 - 00000000 ___RD () C:\Users\sandy\Desktop\Project
2015-02-26 13:10 - 2015-02-26 13:10 - 00000000 ___RD () C:\Users\sandy\Desktop\Literature
2015-02-26 12:57 - 2015-03-02 21:57 - 00000000 ___RD () C:\Users\sandy\Desktop\ART
2015-02-26 12:45 - 2015-03-01 19:01 - 00000000 ___RD () C:\Users\sandy\Desktop\Fundus
2015-02-25 18:39 - 2015-02-25 21:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-25 10:00 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 10:00 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-16 20:18 - 2015-02-27 14:24 - 00000000 ___RD () C:\Users\sandy\Desktop\Musik
2015-02-12 10:57 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 10:57 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 10:57 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 10:57 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 09:49 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 09:49 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 09:49 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 09:49 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 09:49 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 09:49 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 09:49 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 09:49 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 09:49 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 09:49 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 09:49 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 09:49 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 09:49 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 09:49 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 09:49 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 09:49 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 09:49 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 09:49 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 09:49 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 09:49 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 09:49 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 09:49 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 09:49 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 09:49 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 09:49 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 09:49 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 09:49 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 09:49 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 09:49 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 09:49 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 09:49 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 09:49 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 09:49 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 09:49 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 09:49 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 09:49 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 09:49 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 09:49 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 09:49 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 09:49 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 09:49 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 09:49 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 09:49 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 09:49 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 09:49 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 09:49 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 09:49 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 09:49 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 09:49 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 09:49 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 09:49 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 09:49 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 09:45 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 09:45 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 09:45 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 09:45 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 09:45 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 09:45 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 09:45 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 09:45 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 09:45 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 09:45 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 09:45 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 09:45 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 09:45 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 09:45 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 09:45 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 09:44 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 09:44 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 09:44 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 09:44 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 09:44 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 09:44 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 09:44 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 09:41 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 09:41 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 09:40 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 09:40 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 09:40 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 09:40 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 09:40 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 09:40 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 09:40 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 09:40 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 09:40 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 09:40 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 09:40 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 09:40 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 09:40 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 09:40 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 09:40 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 09:40 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 09:40 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 09:40 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 09:40 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 09:40 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 09:40 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 09:40 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 09:40 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 09:40 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 09:39 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 09:39 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 09:39 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 09:39 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 09:39 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 09:37 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 09:37 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 09:37 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 09:37 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 09:37 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 09:37 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 09:37 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 09:37 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 09:37 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 09:36 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 11:53 - 2015-02-10 11:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG MAKER VX Ace Lite
2015-02-09 10:58 - 2015-02-09 10:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CountdownTimer
2015-02-03 20:04 - 2015-02-03 20:04 - 00002096 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
2015-02-03 20:00 - 2015-02-03 20:00 - 00001126 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 5.0.lnk
2015-02-03 17:45 - 2015-02-03 17:45 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\Thunderbird
2015-02-03 17:45 - 2015-02-03 17:45 - 00000000 ____D () C:\Users\sandy\AppData\Local\Thunderbird
2015-02-03 11:50 - 2015-03-03 10:03 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\TIPP10
2015-02-03 11:50 - 2015-02-03 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TIPP10
2015-02-03 11:50 - 2015-02-03 11:50 - 00000000 ____D () C:\Program Files (x86)\Tipp10
2015-02-03 08:49 - 2015-02-03 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-03 08:48 - 2015-02-03 08:49 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-02-03 08:48 - 2015-02-03 08:48 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-02-02 22:18 - 2015-02-11 23:35 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-02 11:01 - 2015-03-04 19:10 - 00000000 ____D () C:\Users\sandy\Desktop\temp
2015-02-02 10:01 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-02-02 10:01 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-02-02 10:01 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-02-02 10:01 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-02-02 10:01 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-02-02 10:01 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-02-02 10:01 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-02-02 10:01 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-02-02 10:01 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-02-02 10:01 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-04 19:09 - 2014-04-28 09:12 - 00000000 ___RD () C:\Users\sandy\Desktop\Download
2015-03-04 19:02 - 2014-11-08 18:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-04 18:52 - 2010-10-18 16:02 - 02030125 _____ () C:\Windows\WindowsUpdate.log
2015-03-04 18:51 - 2014-06-25 11:23 - 00000000 ___RD () C:\Users\sandy\Desktop\Potpourri
2015-03-04 18:15 - 2014-07-03 08:12 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000UA.job
2015-03-04 17:55 - 2009-07-14 05:45 - 00019024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-04 17:55 - 2009-07-14 05:45 - 00019024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-04 17:46 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-04 17:46 - 2009-07-14 05:51 - 00207444 _____ () C:\Windows\setupact.log
2015-03-04 16:03 - 2010-12-31 20:35 - 41389568 ___SH () C:\Users\sandy\Desktop\Thumbs.db
2015-03-04 16:00 - 2010-10-18 16:13 - 00889862 _____ () C:\Windows\PFRO.log
2015-03-04 14:37 - 2012-06-14 19:26 - 00001138 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000UA.job
2015-03-04 11:31 - 2014-05-26 15:23 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1295CCAB-3554-4985-B317-5FB7B1201FBA}
2015-03-04 09:58 - 2013-08-01 09:48 - 00000000 ____D () C:\ProgramData\Avira
2015-03-04 09:15 - 2014-07-03 08:12 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000Core.job
2015-03-04 05:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-03-03 17:37 - 2012-06-14 19:26 - 00001116 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000Core.job
2015-03-03 15:12 - 2010-12-24 20:05 - 00000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2015-03-03 15:12 - 2010-12-24 20:05 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\CorelHomeOffice
2015-03-03 14:45 - 2013-02-08 23:45 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\Skype
2015-03-02 14:37 - 2009-07-14 18:58 - 00788626 _____ () C:\Windows\system32\perfh007.dat
2015-03-02 14:37 - 2009-07-14 18:58 - 00182438 _____ () C:\Windows\system32\perfc007.dat
2015-03-02 14:37 - 2009-07-14 06:13 - 01846800 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-02 10:19 - 2012-12-26 13:53 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-03-01 15:52 - 2011-01-04 19:03 - 00000000 ____D () C:\Users\sandy\AppData\Local\Paint.NET
2015-03-01 11:29 - 2013-10-25 16:30 - 00000000 ___RD () C:\Users\sandy\Desktop\Programme
2015-02-28 18:54 - 2010-12-24 19:33 - 00000000 ____D () C:\Users\sandy\AppData\Local\VirtualStore
2015-02-26 06:39 - 2012-10-07 18:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-25 20:17 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-02-24 11:01 - 2012-01-08 15:15 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\.minecraft
2015-02-24 10:09 - 2014-03-03 00:22 - 00000000 ____D () C:\Users\Public\Documents\My DAZ 3D Library
2015-02-21 21:38 - 2014-02-04 19:02 - 00000000 ___RD () C:\Users\sandy\Dropbox
2015-02-12 08:51 - 2009-07-14 05:45 - 00299472 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 23:35 - 2014-05-06 23:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 10:18 - 2014-04-08 23:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 10:03 - 2014-04-08 23:12 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-09 11:56 - 2014-11-08 19:20 - 00003011 _____ () C:\Windows\SecuniaPackage.log
2015-02-05 10:02 - 2014-11-08 18:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 10:02 - 2014-11-08 18:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 10:02 - 2014-11-08 18:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 09:10 - 2014-07-03 08:12 - 00004090 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000UA
2015-02-05 09:10 - 2014-07-03 08:12 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000Core
2015-02-04 13:46 - 2010-12-27 13:39 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\xVideoServiceThief
2015-02-03 22:44 - 2014-11-11 09:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-03 22:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-03 20:04 - 2010-12-24 19:34 - 00071736 _____ () C:\Users\sandy\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-03 20:04 - 2010-08-31 17:38 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-03 19:57 - 2010-12-24 22:59 - 00000209 _____ () C:\Windows\ODBCINST.INI
2015-02-03 08:49 - 2012-06-03 13:05 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\DVDVideoSoft
2015-02-03 08:04 - 2012-10-07 18:36 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-02 22:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-02 19:16 - 2011-05-21 20:40 - 00000000 ____D () C:\Users\sandy\AppData\Roaming\SoftGrid Client
==================== Files in the root of some directories =======
2013-01-06 10:38 - 2013-01-06 10:38 - 0036035 _____ () C:\Users\sandy\AppData\Roaming\fotobuch-cache7.xml
2013-01-06 10:38 - 2013-01-06 10:38 - 0389336 _____ () C:\Users\sandy\AppData\Roaming\fotobuch-tcache.xml
2013-01-06 10:38 - 2013-01-06 10:39 - 0001410 _____ () C:\Users\sandy\AppData\Roaming\fotobuch.xml
2013-07-27 23:23 - 2014-11-06 11:47 - 0000129 _____ () C:\Users\sandy\AppData\Roaming\WB.CFG
2013-06-16 11:24 - 2013-06-16 11:24 - 0000005 _____ () C:\Users\sandy\AppData\Roaming\WBPU-Q-TTL.DAT
2013-06-17 07:23 - 2013-06-22 09:31 - 0000005 _____ () C:\Users\sandy\AppData\Roaming\WBPU-Q2-TTL.DAT
2013-06-16 11:24 - 2014-01-26 08:31 - 0000005 _____ () C:\Users\sandy\AppData\Roaming\WBPU-TTL.DAT
2013-03-26 19:37 - 2013-03-26 19:37 - 0003584 _____ () C:\Users\sandy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-12-27 23:14 - 2010-12-27 23:14 - 0007605 _____ () C:\Users\sandy\AppData\Local\Resmon.ResmonCfg
2008-05-23 16:48 - 2008-05-23 16:48 - 0020270 _____ () C:\ProgramData\DeviceInstaller.xml
2008-06-23 12:02 - 2008-06-23 12:02 - 0097410 ____R () C:\ProgramData\DeviceManager.xml.rc4
2010-12-28 14:50 - 2010-12-30 11:27 - 0000541 _____ () C:\ProgramData\hpzinstall.log
2010-12-24 20:05 - 2015-03-03 15:12 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
Some content of TEMP:
====================
C:\Users\sandy\AppData\Local\Temp\avgnt.exe
C:\Users\sandy\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-31 18:05
==================== End Of Log ============================
--- --- ---
--- --- ---
Addition.txt: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015
Ran by sandy at 2015-03-04 19:13:13
Running from C:\Users\sandy\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop Elements 5.0 (HKLM-x32\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AGEIA PhysX v7.11.13 (HKLM-x32\...\{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}) (Version: 7.11.13 - AGEIA Technologies, Inc.)
Alice Madness Returns (HKLM-x32\...\{93A3AB24-36E8-41BA-80C6-CCEC237836DC}) (Version: 1.0.0.0 - Electronic Arts)
ATI Catalyst Install Manager (HKLM\...\{B6DB58D2-E7E8-5B0F-65F8-B76713C0AF75}) (Version: 3.0.786.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.650 - Avira)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414) (Version: - )
ccc-core-static (x32 Version: 2010.0727.2126.36625 - Ihr Firmenname) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
CLIP STUDIO PAINT (HKLM-x32\...\{E4F184C1-E62E-44F0-B142-AB6197490834}) (Version: 1.3.8 - CELSYS)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Home Office - IPM (x32 Version: 5.4 - Corel Corporation) Hidden
Corel Home Office - Launcher (x32 Version: 5.4 - Corel Corporation) Hidden
Corel Home Office - Templates1 (x32 Version: 5.4 - Your Company Name) Hidden
Corel Home Office (HKLM-x32\...\_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}) (Version: - Corel Corporation)
Corel Home Office (x32 Version: 5.4 - Corel Corporation) Hidden
CountdownTimer (HKLM-x32\...\{9F6FD613-2AE7-4C66-88E8-C54223367573}) (Version: 1.0.5 - Engineforce)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAZ Content Management Service (HKLM-x32\...\DAZ Content Management Service 4.8.1.7) (Version: 4.8.1.7 - DAZ 3D)
DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.0.1.115) (Version: 1.0.1.115 - DAZ 3D)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Dropbox (HKU\S-1-5-21-2990021915-2304927789-3911982604-1000\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden
Firebird 2.1.1.17910 (Win32) (HKLM-x32\...\FBDBServer_2_1_is1) (Version: 2.1.1.17910 - Firebird Project)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.)
Google Chrome (HKU\S-1-5-21-2990021915-2304927789-3911982604-1000\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
hp deskjet 5550 series (nur entfernen) (HKLM-x32\...\hp deskjet 5550 series) (Version: - )
hp print screen utility (HKLM-x32\...\hp print screen utility) (Version: - )
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Jewel Quest II (x32 Version: 2.2.0.82 - WildTangent) Hidden
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: 4.9.2 - LG Electronics)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Might and Magic® VI (HKLM-x32\...\Might and Magic® VI) (Version: - )
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyTube BigPack Internet Recorder 3 (HKLM-x32\...\{E37AC1FF-03EE-4AE3-0001-E55B0BCCABE0}) (Version: 3.0.9.903 - S.A.D.)
OpenSource Flash Video Splitter 1.0.0.5 (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
Paint.NET v3.5.6 (HKLM\...\{639673E9-D53F-44F4-A046-485C8A6ADA16}) (Version: 3.56.0 - dotPDN LLC)
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
ProtectDisc Helper Driver 10 (HKLM-x32\...\ProtectDisc Driver 10) (Version: 10.0.0.3 - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Rossmann Fotowelt Software 4.13 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net)
RPG MAKER VX Ace Lite (HKLM-x32\...\RPGVXAceLite_E_is1) (Version: 1.01b - Enterbrain)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
StuntRally (HKLM-x32\...\StuntRally) (Version: 1.1 - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version: - (c) 2006-2011, Tom Thielicke IT Solutions)
Tomb Raider: Anniversary 1.0 (HKLM-x32\...\Tomb Raider: Anniversary) (Version: - )
Tomb Raider: Legend 1.0 (HKLM-x32\...\Tomb Raider: Legend) (Version: - )
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.01.00 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{E0FAA369-B0E3-48B8-9447-4873103B0012}) (Version: 8.0.33 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.10C - Ihr Firmenname)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.27C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.11 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.09.0001 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Supervisorkennwort (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
Toshiba TEMPRO (HKLM-x32\...\{DBB7021A-3437-446F-ACE5-7261644A972C}) (Version: 3.33 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.14.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.16 - TOSHIBA Corporation)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: - )
TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden
upapp (HKLM-x32\...\{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}) (Version: 0.20.0000 - Hewlett-Packard)
Utility Common Driver (x32 Version: 1.0.52.2C - TOSHIBA) Hidden
Vodafone Mobile Connect Lite (HKLM-x32\...\{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}) (Version: 9.3.3.10523 - Vodafone)
WildTangent ORB Game Console (x32 Version: - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
yWriter5 (HKLM-x32\...\yWriter5_is1) (Version: - Spacejock Software)
Zuma Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\sandy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\sandy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\sandy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2990021915-2304927789-3911982604-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
08-11-2014 18:46:45 Ende der Bereinigung
08-11-2014 20:01:47 avast! antivirus system restore point
08-11-2014 21:03:39 avast! antivirus system restore point
08-11-2014 21:51:30 Removed Jables Adventure.
13-11-2014 10:00:23 Windows Update
20-11-2014 10:00:20 Windows Update
03-12-2014 11:15:48 Installed CLIP STUDIO PAINT
03-12-2014 14:21:48 Adobe Photoshop Elements 5.0 wird installiert
31-01-2015 18:13:05 Geplanter Prüfpunkt
01-02-2015 10:00:21 Windows Update
02-02-2015 10:00:26 Windows Update
03-02-2015 10:00:19 Windows Update
03-02-2015 19:56:56 Adobe Photoshop Elements 5.0 wird installiert
04-02-2015 10:00:18 Windows Update
09-02-2015 10:57:23 Installed CountdownTimer
11-02-2015 10:00:36 Windows Update
12-02-2015 22:56:01 Windows Update
25-02-2015 10:00:22 Windows Update
01-03-2015 11:27:46 Removed xVideoServiceThief
03-03-2015 23:13:42 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-11-05 16:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {02878DEA-46AA-42FA-A5BB-5A62089A3615} - System32\Tasks\{0EB315D0-ACB5-4115-9F00-DAF2DE266E5F} => D:\Bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
Task: {143498AB-4AAF-4D75-ADE4-B119DDE5B97D} - System32\Tasks\{60948FDD-FF8B-4A1A-9862-58745CDA102A} => D:\Vampire - The Masquerade Bloodlines\vampire.exe
Task: {15E172F0-C203-4191-910C-97D5D00D97AA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000Core => C:\Users\sandy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-03] (Google Inc.)
Task: {19DD82D1-3259-4E43-878B-25AF9D0DF632} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-06-03] (TOSHIBA CORPORATION)
Task: {1EE63007-6720-440B-B709-AA3DAE08E5DD} - System32\Tasks\{CB2921A1-7AA3-476F-A89C-6A556BBD567C} => pcalua.exe -a C:\Users\sandy\Desktop\Programme\OpenOfficePortable\OpenOfficeWriterPortable.exe -d C:\Users\sandy\Desktop\Programme\OpenOfficePortable
Task: {20B677DB-1A9D-43BC-9F81-375098987377} - System32\Tasks\{6E444F10-3212-45B4-8FB9-51352589F805} => D:\Bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
Task: {23A95DAA-AA68-4AFE-90CA-A9919EF02C38} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000Core => C:\Users\sandy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20] (Facebook Inc.)
Task: {3843AAC9-C990-4D1E-8DA1-BF0AE1CB2F58} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {414B773E-17B3-4568-BDF0-1CDE12FA4DC8} - System32\Tasks\{085C1A24-7BDF-4249-964E-5311A1988616} => E:\Support\AutoRun\AutoRun.exe
Task: {419C01D0-8721-4BFC-A3C6-22FA6103C99A} - System32\Tasks\{8DBF4F57-4509-42F1-868F-09BC8C3B7CC0} => D:\Vampire - The Masquerade Bloodlines\vampire.exe
Task: {4BE7C574-8626-46EB-83BC-31373DD16CD1} - System32\Tasks\{FE765164-514A-4DDE-89B2-CE92A2FFED6B} => D:\Bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
Task: {50390407-81D3-4AE7-A7F1-E546FC3C037E} - System32\Tasks\{A053FF43-97E0-45CB-A291-BA48E29D7870} => Firefox.exe hxxp://ui.skype.com/ui/0/6.21.0.104/de/abandoninstall?page=tsProgressBar
Task: {50897587-2D3C-4460-BF2A-1321A7233EE0} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {5FC924F4-9561-46FA-B32C-B62EFAEAEE2E} - System32\Tasks\{F5E0BD3C-E951-40C8-BADA-C37072759FD4} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}\setup.exe" -d "C:\Program Files (x86)\InstallShield Installation Information\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}"
Task: {77AEA1FD-14A8-4AD5-BCF6-EB869F742516} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000UA => C:\Users\sandy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20] (Facebook Inc.)
Task: {7947ADEF-3239-46E2-9148-23C6AD88BCC8} - System32\Tasks\{1CA0A19C-0578-4CC3-B3A6-F65048112E3E} => pcalua.exe -a C:\Users\sandy\Desktop\Programme\OpenOfficePortable\OpenOfficeCalcPortable.exe -d C:\Users\sandy\Desktop\Programme\OpenOfficePortable
Task: {7952071B-D277-4E12-8A50-F106B91F5D9B} - System32\Tasks\Tomb Raider - Underworld => C:\Program Files (x86)\Eidos\Tomb Raider - Underworld\TRU.exe
Task: {7B10BED2-E3A5-48D8-A8EA-4ECF989CE4E9} - System32\Tasks\{F54398D5-7EBA-4516-A009-97E3BB0F60B5} => C:\Program Files (x86)\Activision\Vampire - Bloodlines\vampire.exe
Task: {7FA4C4DD-C221-4B36-A83F-E7A4DF74335E} - System32\Tasks\{45C8487D-074A-42F5-8A1B-5B9882F60799} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.1.0.129.272&LastError=12002
Task: {9077F692-060B-42D0-BAAC-EA0526F726B2} - System32\Tasks\{151C426D-286B-3F19-3471-A60076084118} => C:\Users\sandy\AppData\Roaming\adobe\acrobat\9.0\collab\rvystmw.exe
Task: {9A65F8B5-DDAA-4615-9334-B99CF0C990D0} - System32\Tasks\{912ED8E0-2B36-4EAE-958C-0D89A02DC18F} => D:\Bioshock 2\SP\Builds\Binaries\Bioshock2.exe
Task: {9C7F1901-57CD-47C0-807C-8D3BB1F5802A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000UA => C:\Users\sandy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-03] (Google Inc.)
Task: {A51265C1-4C7B-4F2D-9980-DC8627211BD6} - System32\Tasks\{5A86E3CE-0782-411A-87AB-A4A4AD3D4C06} => D:\Bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
Task: {A8A210BA-B958-47FF-BD8F-C07CA32658E1} - System32\Tasks\{16E8E79F-514A-4585-BB09-4787CFCC0BBD} => Firefox.exe hxxp://ui.skype.com/ui/0/6.18.60.106/de/abandoninstall?page=tsMain
Task: {BB592FE7-09E8-4821-9556-C2737EB0F66D} - System32\Tasks\{FA25E002-9A37-4A7C-A03E-1304619F0EA4} => pcalua.exe -a E:\Autorun.exe -d E:\
Task: {C868513B-4C2C-4AD4-902B-685A0E8C6678} - System32\Tasks\{80748112-1ED5-45D3-A7AF-17DA2207CAAA} => pcalua.exe -a "D:\Fotopuzzle\Mein Foto-Puzzle.exe" -d D:\Fotopuzzle
Task: {E56CCA65-6B73-45CE-AD13-F44A900CFE95} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {E976C66F-634D-4E2E-ABB3-40465F3E2D27} - System32\Tasks\{5A7A36FD-FF41-41A2-AEEC-A53AD2D7C8C1} => pcalua.exe -a "C:\Users\sandy\Desktop\Programme ^-^\OpenOfficePortable\OpenOfficeBasePortable.exe" -d "C:\Users\sandy\Desktop\Programme ^-^\OpenOfficePortable"
Task: {F253352F-30D6-4174-A96B-8792580909A1} - System32\Tasks\{260E29CD-D312-414C-8752-8C24BF06633F} => D:\Bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
Task: {F75E59C6-7854-4E16-90B6-23DD5BDC6F59} - System32\Tasks\{62253F11-B7C4-40FF-9B51-07C2B4C5C9DD} => pcalua.exe -a E:\setup.exe -d E:\
Task: {F7F548A4-8125-401E-B8FA-6142C4EB4A47} - System32\Tasks\{CB67930E-5AF4-472C-B754-B80A828A6F13} => D:\Bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000Core.job => C:\Users\sandy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000UA.job => C:\Users\sandy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000Core.job => C:\Users\sandy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2990021915-2304927789-3911982604-1000UA.job => C:\Users\sandy\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2006-09-14 07:56 - 2006-09-14 07:56 - 00102400 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
2012-12-26 13:53 - 2010-04-05 20:55 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2010-04-07 15:07 - 2010-04-07 15:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 12:26 - 2009-11-03 12:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 13:15 - 2010-03-03 13:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 13:15 - 2010-03-03 13:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-08-31 17:31 - 2010-08-31 14:21 - 00017272 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-12 19:08 - 2009-03-12 19:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 15:38 - 2009-07-25 15:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-10-13 09:00 - 2009-10-13 09:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-07-27 20:25 - 2010-07-27 20:25 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-02-05 16:44 - 2010-02-05 16:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2009-09-11 18:10 - 2009-09-11 18:10 - 00266752 _____ () C:\Windows\system32\WinTab32.DLL
2009-09-11 18:10 - 2009-09-11 18:10 - 00200704 _____ () C:\Windows\SysWOW64\WinTab32.DLL
2015-02-03 08:04 - 2015-01-23 11:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2990021915-2304927789-3911982604-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\sandy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^sandy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: Facebook Update => "C:\Users\sandy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\sandy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: MobileConnect => %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
MSCONFIG\startupreg: WidgetAlarm => C:\Program Files (x86)\e-load\Tiefpreisalarm\Tiefpreisalarm.exe
==================== Accounts: =============================
Administrator (S-1-5-21-2990021915-2304927789-3911982604-500 - Administrator - Disabled)
Gast (S-1-5-21-2990021915-2304927789-3911982604-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2990021915-2304927789-3911982604-1002 - Limited - Enabled)
sandy (S-1-5-21-2990021915-2304927789-3911982604-1000 - Administrator - Enabled) => C:\Users\sandy
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/04/2015 05:39:43 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
at Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
at Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
at Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
at Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
at Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.Ser...
Error: (03/03/2015 05:40:41 PM) (Source: Google Update) (EventID: 20) (User: sandy-toshi)
Description: Network Request Error.
Error: 0x80072ee2. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
Error: (03/02/2015 08:15:39 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.NullReferenceException: Object reference not set to an instance of an object.
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (03/01/2015 08:28:15 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.NullReferenceException: Object reference not set to an instance of an object.
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (02/28/2015 08:39:20 PM) (Source: Google Update) (EventID: 20) (User: sandy-toshi)
Description: Network Request Error.
Error: 0x80040880. Http status code: 200.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072f78. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request ret
Error: (02/26/2015 06:41:52 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
at Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
at Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
at Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
at Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
at Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.Ser...
Error: (02/23/2015 07:50:14 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Das Zeitlimit für den Vorgang wurde erreicht.
Error: (02/22/2015 11:40:14 AM) (Source: Google Update) (EventID: 20) (User: sandy-toshi)
Description: Network Request Error.
Error: 0x80040880. Http status code: 200.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072f78. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request ret
Error: (02/22/2015 08:39:14 AM) (Source: Google Update) (EventID: 20) (User: sandy-toshi)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
Error: (02/22/2015 08:11:11 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
System errors:
=============
Error: (03/04/2015 04:07:35 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "WINDOWS" den Befehl "chkdsk" aus.
Error: (03/04/2015 04:07:29 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "WINDOWS" den Befehl "chkdsk" aus.
Error: (03/04/2015 04:07:21 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "WINDOWS" den Befehl "chkdsk" aus.
Error: (03/04/2015 04:02:17 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (03/04/2015 04:02:07 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{87690C63-67B0-4F14-AD02-05A74B7892BF}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (03/04/2015 03:12:30 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{87690C63-67B0-4F14-AD02-05A74B7892BF}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (03/04/2015 09:33:31 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%303.
Error: (03/04/2015 09:04:56 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%303.
Error: (03/04/2015 09:03:12 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%303.
Error: (03/04/2015 09:02:41 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%303.
Microsoft Office Sessions:
=========================
Error: (03/04/2015 05:39:43 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
at Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
at Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
at Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
at Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
at Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.Ser...
Error: (03/03/2015 05:40:41 PM) (Source: Google Update) (EventID: 20) (User: sandy-toshi)
Description: Network Request Error.
Error: 0x80072ee2. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
Error: (03/02/2015 08:15:39 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.NullReferenceException: Object reference not set to an instance of an object.
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (03/01/2015 08:28:15 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.NullReferenceException: Object reference not set to an instance of an object.
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (02/28/2015 08:39:20 PM) (Source: Google Update) (EventID: 20) (User: sandy-toshi)
Description: Network Request Error.
Error: 0x80040880. Http status code: 200.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072f78. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request ret
Error: (02/26/2015 06:41:52 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
at Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
at Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
at Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
at Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
at Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.Ser...
Error: (02/23/2015 07:50:14 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Das Zeitlimit für den Vorgang wurde erreicht.
Error: (02/22/2015 11:40:14 AM) (Source: Google Update) (EventID: 20) (User: sandy-toshi)
Description: Network Request Error.
Error: 0x80040880. Http status code: 200.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072f78. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request ret
Error: (02/22/2015 08:39:14 AM) (Source: Google Update) (EventID: 20) (User: sandy-toshi)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
Error: (02/22/2015 08:11:11 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
CodeIntegrity Errors:
===================================
Date: 2014-11-05 16:13:41.087
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-11-05 16:13:39.948
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: AMD Athlon(tm) II P340 Dual-Core Processor
Percentage of memory in use: 49%
Total physical RAM: 3835.69 MB
Available physical RAM: 1950.34 MB
Total Pagefile: 7669.57 MB
Available Pagefile: 5425.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (WINDOWS) (Fixed) (Total:149.04 GB) (Free:23.15 GB) NTFS
Drive d: (Data) (Fixed) (Total:148.65 GB) (Free:120.76 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 40FECE23)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=148.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
FRST 32-Bit | FRST 64-Bit