Windows8: Werbelinks im Text auf diversen Internetseiten

Kaint · 17.03.2014, 13:29

Hallo,

Ich hoffe mal ich bin hier richtig und man kann mir weiter helfen. Danke schonmal im voraus für alle die sich Zeit zum Lesen nehmen.
Ich kann leider nicht genau sagen wie lange das Problem bereits besteht, da es bisher nur auf wenigen Seiten aufgetreten ist und ich diese nicht oft besucht habe (zB tumblr)
Auf diesen Seiten werden einige wenig Wörter unterstrichen und ein grüner Kreis ist neben diesen zu sehen. Wenn man mit der Maus darüber fährt öffnet sich entweder ein kleines Feld, indem steht „Click to Continue > by Text-Enhance“ oder ein kleines Feld in dem Werbung angezeigt wird. Wenn gewünscht kann ich einen Screenshot nachreichen. (EDIT: Ich nutze den Browser Firefox, falls das wichtig ist)
Ich habe bereits überprüft, ob es sich um ein versehentlich installiertes Addon oder Programm handelt, konnte aber nicht finden und habe nun im Internet gelesen, dass es sich scheinbar um Adware handelt. Damit kann ich leider wenig anfangen. Mein Virenprogramm (AVG) und ein weiteres Programm (Emisoft Emergency Kit), dass vorgeschlagen wurde zur Überprüfung runterzuladen konnten nichts finden. Das erscheint mir doch etwas seltsam.

Wie vorgegeben habe ich die Scans (siehe Logfiles) laufen lassen. Beim letzten Scan (Gmer) kam zweimal die Fehlermeldung am Ende: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird“ Darüber stand einmal C:\WINDOWS\system32\config\sytem und einmal C:\Users\Miri\ntuser.dat
Ich hatte aber wie angegeben alle Programme beendet und Internet und Virenscanner ausgeschaltet.

Ich hoffe mir kann hier weitergeholfen werden, auch wenn ich nicht sehr viele Angaben machen konnte.

Vielen Dank

Kaint

cosinus · 17.03.2014, 16:42

Hi,

Logs bitte nicht in den Anhang

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Kaint · 17.03.2014, 18:02

Entschuldigung. Das habe ich nach dem ganzen Scannen wieder vergessen. Tut mir leid für die Umstände und danke fürs drauf hin weisen. Hier dann die Logfiles hoffentlich richtig.
Hab jetzt jedes File in einen Extra Code

deflogger_disable:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:40 on 17/03/2014 (Miri)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Miri (administrator) on WINGDING on 17-03-2014 12:45:21
Running from C:\Users\Miri\Desktop
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
() C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)
HKLM\...\Run: [LMADEmon] - C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe [952496 2012-09-07] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-14] (Synaptics Incorporated)
HKLM\...\Run: [InstallerLauncher] - "C:\Program Files\Bitdefender\Antivirus Free Edition\Install\setuplauncher.exe" /run:"C:\Program Files\Bitdefender\Antivirus Free Edition\Install\Installer.exe"
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-01] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaDynamicIconUtility] - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba)
HKLM-x32\...\Run: [TPUReg] - C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [6884352 2012-08-23] (Pegatron Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [LMADEmon] - C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe [952496 2012-09-07] ()
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1659703965-2282130268-2058980726-1001\...\Run: [Spotify Web Helper] - C:\Users\Miri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-04] (Spotify Ltd)
HKU\S-1-5-21-1659703965-2282130268-2058980726-1001\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-1659703965-2282130268-2058980726-1001\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-1659703965-2282130268-2058980726-1001\...\Run: [LMab1err] - C:\Program Files\Lexmark\ErrorApp\LMab1err.exe [645296 2012-08-07] ()
HKU\S-1-5-21-1659703965-2282130268-2058980726-1001\...\Run: [LMADEmon] - C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe [952496 2012-09-07] ()
HKU\S-1-5-21-1659703965-2282130268-2058980726-1001\...\Run: [AVG-Secure-Search-Update_1213b] - C:\Users\Miri\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=b4bdcd7fad7047d29d21a11d94fc8cce-6768baf0004c30faa8e78a910e0afa985fce73b6 /CMPID=1213b
HKU\S-1-5-21-1659703965-2282130268-2058980726-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20918432 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1659703965-2282130268-2058980726-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
Startup: C:\Users\Miri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
SearchScopes: HKLM - DefaultScope {84A97557-A480-4609-9E3C-7962DC3D17D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM - {84A97557-A480-4609-9E3C-7962DC3D17D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - DefaultScope {84A97557-A480-4609-9E3C-7962DC3D17D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {84A97557-A480-4609-9E3C-7962DC3D17D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - DefaultScope {84A97557-A480-4609-9E3C-7962DC3D17D5} URL = 
SearchScopes: HKCU - {84A97557-A480-4609-9E3C-7962DC3D17D5} URL = 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\6evd5p9p.default
FF user.js: detected! => C:\Users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\6evd5p9p.default\user.js
FF Homepage: about:home
FF NetworkProxy: "ftp", "213.133.141.197"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "213.133.141.197"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "213.133.141.197"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "213.133.141.197"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\6evd5p9p.default\Extensions\ich@maltegoetz.de [2013-12-12]
FF Extension: Premiumize.me - C:\Users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\6evd5p9p.default\Extensions\jid1-sirVJT0BXhkuJg@jetpack.xpi [2014-01-07]
FF Extension: Stealthy - C:\Users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\6evd5p9p.default\Extensions\stealthyextension@gmail.com.xpi [2013-01-22]
FF Extension: NoScript - C:\Users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\6evd5p9p.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-12-03]
FF Extension: Adblock Plus - C:\Users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\6evd5p9p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
S4 gzserv; "C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe" /service [X]

==================== Drivers (Whitelisted) ====================

R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2013-08-20] (Emsisoft GmbH)
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 cleanhlp; C:\EEK\RUN\cleanhlp64.sys [57024 2014-03-15] (Emsisoft GmbH)
S3 FsUsbExDisk; C:\WINDOWS\SysWOW64\FsUsbExDisk.SYS [37344 2014-01-23] ()
S4 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-12-04] (Microsoft Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-17 12:45 - 2014-03-17 12:45 - 00017843 _____ () C:\Users\Miri\Desktop\FRST.txt
2014-03-17 12:45 - 2014-03-17 12:45 - 00000000 ____D () C:\FRST
2014-03-17 12:40 - 2014-03-17 12:40 - 00000470 _____ () C:\Users\Miri\Desktop\defogger_disable.log
2014-03-17 12:40 - 2014-03-17 12:40 - 00000000 _____ () C:\Users\Miri\defogger_reenable
2014-03-17 12:38 - 2014-03-17 12:38 - 00015500 _____ () C:\Users\Miri\Documents\trojanerboard.odt
2014-03-17 12:35 - 2014-03-17 12:35 - 00380416 _____ () C:\Users\Miri\Desktop\Gmer-19357.exe
2014-03-17 12:34 - 2014-03-17 12:34 - 02157056 _____ (Farbar) C:\Users\Miri\Desktop\FRST64.exe
2014-03-17 12:33 - 2014-03-17 12:33 - 00050477 _____ () C:\Users\Miri\Desktop\Defogger.exe
2014-03-15 13:20 - 2014-03-15 13:20 - 00010250 _____ () C:\EamClean.log
2014-03-15 10:30 - 2014-03-15 10:30 - 00000000 ____D () C:\Users\Miri\AppData\Local\Skype
2014-03-15 10:29 - 2014-03-15 10:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-12 13:59 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-12 13:59 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-03-12 13:59 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-12 11:41 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-12 11:41 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-12 11:41 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-12 11:41 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-12 11:41 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-12 11:41 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-12 11:41 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-12 11:41 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-12 11:41 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-12 11:41 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-12 11:41 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-12 11:41 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-12 11:41 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-12 11:41 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-12 11:41 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-12 11:41 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-12 11:41 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-03-12 11:41 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-03-12 11:41 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-12 11:41 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-03-12 11:41 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-03-12 11:41 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-03-12 11:40 - 2014-03-12 11:40 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-03-12 11:40 - 2014-03-12 11:40 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-03-12 11:40 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-12 11:40 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-12 11:40 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-12 11:40 - 2014-01-31 17:15 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-03-12 11:40 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-03-12 11:40 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-03-12 11:40 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-03-12 11:40 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-03-12 11:40 - 2014-01-29 10:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-03-12 11:40 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-03-12 11:40 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-03-12 11:40 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-03-12 11:40 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-03-12 11:40 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-03-12 11:40 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-03-12 11:40 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-03-12 11:40 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-03-12 11:40 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-03-12 11:40 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-03-12 11:40 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-12 11:40 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-03-12 11:40 - 2014-01-27 19:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-03-12 11:40 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-03-12 11:40 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-03-12 11:40 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-03-12 11:40 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-12 11:40 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-03-12 11:40 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-03-12 11:40 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-03-12 11:40 - 2014-01-27 12:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-03-12 11:40 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-03-12 11:40 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-03-12 11:40 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-03-11 19:25 - 2014-03-11 19:25 - 05777288 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2014-03-08 00:18 - 2014-01-23 04:21 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2014-03-08 00:18 - 2014-01-23 04:21 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2014-03-08 00:14 - 2014-01-23 10:22 - 00233472 _____ (Teruten) C:\WINDOWS\SysWOW64\FsUsbExService.Exe
2014-03-08 00:14 - 2014-01-23 10:22 - 00037344 _____ () C:\WINDOWS\SysWOW64\FsUsbExDisk.Sys
2014-03-08 00:14 - 2012-12-18 10:08 - 00110592 _____ () C:\WINDOWS\SysWOW64\FsUsbExDevice.Dll
2014-03-08 00:12 - 2014-03-08 00:12 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-03-08 00:11 - 2014-03-08 00:11 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-06 23:00 - 2014-03-06 23:00 - 00017475 _____ () C:\WINDOWS\DirectX.log
2014-03-06 23:00 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2014-03-06 22:58 - 2014-03-06 22:58 - 00000000 ____D () C:\Users\Miri\Documents\My Games
2014-03-06 22:58 - 2014-03-06 22:58 - 00000000 ____D () C:\ProgramData\Steam
2014-03-06 22:35 - 2014-03-06 22:35 - 00002291 _____ () C:\Users\Miri\Desktop\South Park Der Stab der Wahrheit.lnk
2014-03-06 22:32 - 2014-03-06 22:35 - 00000000 ____D () C:\Program Files (x86)\South Park Der Stab der Wahrheit
2014-03-05 16:11 - 2014-03-05 16:11 - 00019722 _____ () C:\Users\Miri\Documents\fazit.odt
2014-03-03 15:46 - 2014-03-03 15:46 - 00021840 _____ () C:\WINDOWS\SysWOW64\SIntfNT.dll
2014-03-03 15:46 - 2014-03-03 15:46 - 00017212 _____ () C:\WINDOWS\SysWOW64\SIntf32.dll
2014-03-03 15:46 - 2014-03-03 15:46 - 00012067 _____ () C:\WINDOWS\SysWOW64\SIntf16.dll
2014-03-03 15:45 - 2014-03-03 15:45 - 00003034 _____ () C:\WINDOWS\System32\Tasks\{9B765944-D9BC-44F5-AE9B-B3ADE531A5F6}
2014-03-03 15:36 - 2014-03-03 15:36 - 00001660 _____ () C:\Users\Public\Desktop\Empire Earth.lnk
2014-03-03 15:33 - 2014-03-03 15:33 - 00000224 _____ () C:\WINDOWS\SIERRA.INI
2014-03-03 15:33 - 2014-03-03 15:33 - 00000000 ____D () C:\Sierra
2014-03-02 22:04 - 2014-03-02 22:04 - 01630353 _____ () C:\Users\Miri\Documents\casta.wma
2014-03-01 15:56 - 2014-03-01 21:27 - 00000000 ____D () C:\Users\Miri\Downloads\Conan
2014-02-28 14:14 - 2014-02-28 14:25 - 00000000 ____D () C:\Users\Miri\Downloads\cutmp
2014-02-28 14:14 - 2014-02-28 14:14 - 00000896 _____ () C:\Users\Miri\Desktop\mp3DirectCut.lnk
2014-02-28 14:13 - 2014-02-28 14:13 - 00300850 _____ () C:\Users\Miri\Downloads\mp3DC219.exe
2014-02-26 20:43 - 2014-02-26 20:43 - 00000000 ____D () C:\Users\Miri\AppData\Roaming\sMedio
2014-02-16 12:42 - 2013-12-09 01:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-02-16 12:42 - 2013-12-09 01:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-02-16 12:42 - 2013-11-27 16:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-02-16 12:42 - 2013-11-27 16:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-02-16 12:42 - 2013-11-27 15:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-02-16 12:42 - 2013-11-27 14:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-02-16 12:42 - 2013-11-27 13:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-02-16 12:42 - 2013-11-27 11:54 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-02-16 12:42 - 2013-11-27 11:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-02-16 12:42 - 2013-11-27 11:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-02-16 12:42 - 2013-11-27 10:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-02-16 12:42 - 2013-11-27 10:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-02-16 12:42 - 2013-11-27 10:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-02-16 12:42 - 2013-11-27 10:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-02-16 12:42 - 2013-11-27 09:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-02-16 12:42 - 2013-11-27 09:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-02-16 12:42 - 2013-11-26 14:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-02-16 12:42 - 2013-11-26 14:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-02-16 12:42 - 2013-11-26 12:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-02-16 12:42 - 2013-11-26 10:21 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-02-16 12:42 - 2013-11-26 09:28 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-02-16 12:42 - 2013-11-25 02:45 - 00142680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-02-16 12:42 - 2013-11-25 02:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-02-16 12:42 - 2013-11-25 00:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-02-16 12:42 - 2013-11-25 00:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-02-16 12:42 - 2013-11-23 13:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-02-16 12:42 - 2013-11-23 12:49 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-02-16 12:42 - 2013-11-23 09:19 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-02-16 12:42 - 2013-11-23 08:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-02-16 12:42 - 2013-11-23 08:13 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-02-16 12:42 - 2013-11-23 08:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-02-16 12:42 - 2013-11-23 05:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-02-16 12:42 - 2013-11-23 04:57 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-02-16 12:42 - 2013-11-23 04:48 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-02-16 12:42 - 2013-11-23 04:25 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-02-16 12:42 - 2013-11-23 04:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-02-16 12:42 - 2013-11-23 04:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-02-16 12:42 - 2013-11-23 04:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-02-16 12:42 - 2013-11-21 07:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-02-16 12:42 - 2013-11-21 07:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-02-16 12:42 - 2013-11-15 15:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-02-16 12:42 - 2013-11-15 15:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2014-02-16 12:42 - 2013-11-15 15:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-02-16 12:42 - 2013-11-15 14:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-02-16 12:42 - 2013-10-31 01:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-02-16 12:42 - 2013-10-31 00:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-02-15 14:13 - 2014-02-15 14:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-03-17 12:45 - 2014-03-17 12:45 - 00017843 _____ () C:\Users\Miri\Desktop\FRST.txt
2014-03-17 12:45 - 2014-03-17 12:45 - 00000000 ____D () C:\FRST
2014-03-17 12:40 - 2014-03-17 12:40 - 00000470 _____ () C:\Users\Miri\Desktop\defogger_disable.log
2014-03-17 12:40 - 2014-03-17 12:40 - 00000000 _____ () C:\Users\Miri\defogger_reenable
2014-03-17 12:40 - 2013-12-04 12:50 - 00000000 ____D () C:\Users\Miri
2014-03-17 12:40 - 2013-03-17 11:26 - 00000000 ____D () C:\Users\Miri\AppData\Roaming\Skype
2014-03-17 12:39 - 2013-12-19 20:20 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B5D406B9-606A-4A21-9A79-149A166845F4}
2014-03-17 12:38 - 2014-03-17 12:38 - 00015500 _____ () C:\Users\Miri\Documents\trojanerboard.odt
2014-03-17 12:38 - 2014-02-03 12:18 - 01562860 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-17 12:35 - 2014-03-17 12:35 - 00380416 _____ () C:\Users\Miri\Desktop\Gmer-19357.exe
2014-03-17 12:35 - 2013-09-30 05:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-17 12:35 - 2013-09-30 04:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-03-17 12:35 - 2013-09-30 04:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-03-17 12:34 - 2014-03-17 12:34 - 02157056 _____ (Farbar) C:\Users\Miri\Desktop\FRST64.exe
2014-03-17 12:33 - 2014-03-17 12:33 - 00050477 _____ () C:\Users\Miri\Desktop\Defogger.exe
2014-03-17 12:26 - 2014-01-12 11:07 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-17 12:25 - 2013-04-21 17:55 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-17 12:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-03-16 23:14 - 2012-12-03 23:16 - 00000000 ____D () C:\Users\Miri\AppData\Roaming\Spotify
2014-03-16 18:34 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-03-15 13:39 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-03-15 13:31 - 2012-12-03 11:32 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1659703965-2282130268-2058980726-1001
2014-03-15 13:21 - 2014-02-12 14:20 - 00005801 _____ () C:\WINDOWS\setupact.log
2014-03-15 13:21 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-15 13:20 - 2014-03-15 13:20 - 00010250 _____ () C:\EamClean.log
2014-03-15 13:20 - 2014-02-13 00:15 - 00006644 _____ () C:\WINDOWS\PFRO.log
2014-03-15 13:19 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-03-15 10:30 - 2014-03-15 10:30 - 00000000 ____D () C:\Users\Miri\AppData\Local\Skype
2014-03-15 10:30 - 2013-03-17 11:26 - 00000000 ____D () C:\ProgramData\Skype
2014-03-15 10:29 - 2014-03-15 10:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-15 10:27 - 2013-08-22 15:44 - 00400800 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-15 00:04 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 00:04 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 00:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-15 00:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-14 00:36 - 2013-02-24 01:03 - 00016110 _____ () C:\Users\Miri\Documents\weblogyoutube.odt
2014-03-13 22:36 - 2012-12-03 23:16 - 00000000 ____D () C:\Users\Miri\AppData\Local\Spotify
2014-03-13 21:38 - 2013-11-26 18:31 - 00000000 ____D () C:\Users\Miri\AppData\Local\PMB Files
2014-03-13 21:38 - 2013-11-26 18:31 - 00000000 ____D () C:\ProgramData\PMB Files
2014-03-12 11:40 - 2014-03-12 11:40 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-03-12 11:40 - 2014-03-12 11:40 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-03-12 11:40 - 2014-01-12 11:13 - 00001008 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-11 19:25 - 2014-03-11 19:25 - 05777288 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2014-03-11 19:25 - 2013-04-21 17:55 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-03-11 19:15 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-03-08 20:57 - 2013-01-12 10:43 - 00000000 ____D () C:\Users\Miri\Documents\ao3
2014-03-08 00:32 - 2012-12-03 12:15 - 00000000 ____D () C:\Users\Miri\AppData\Roaming\vlc
2014-03-08 00:30 - 2013-02-03 12:30 - 00000000 ____D () C:\Users\Miri\Documents\SelfMV
2014-03-08 00:17 - 2013-12-04 12:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2014-03-08 00:12 - 2014-03-08 00:12 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-03-08 00:11 - 2014-03-08 00:11 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-06 23:00 - 2014-03-06 23:00 - 00017475 _____ () C:\WINDOWS\DirectX.log
2014-03-06 22:58 - 2014-03-06 22:58 - 00000000 ____D () C:\Users\Miri\Documents\My Games
2014-03-06 22:58 - 2014-03-06 22:58 - 00000000 ____D () C:\ProgramData\Steam
2014-03-06 22:35 - 2014-03-06 22:35 - 00002291 _____ () C:\Users\Miri\Desktop\South Park Der Stab der Wahrheit.lnk
2014-03-06 22:35 - 2014-03-06 22:32 - 00000000 ____D () C:\Program Files (x86)\South Park Der Stab der Wahrheit
2014-03-06 02:23 - 2013-12-26 14:10 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-05 16:11 - 2014-03-05 16:11 - 00019722 _____ () C:\Users\Miri\Documents\fazit.odt
2014-03-04 23:53 - 2013-12-12 17:44 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-04 23:53 - 2013-12-12 17:44 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-03 15:46 - 2014-03-03 15:46 - 00021840 _____ () C:\WINDOWS\SysWOW64\SIntfNT.dll
2014-03-03 15:46 - 2014-03-03 15:46 - 00017212 _____ () C:\WINDOWS\SysWOW64\SIntf32.dll
2014-03-03 15:46 - 2014-03-03 15:46 - 00012067 _____ () C:\WINDOWS\SysWOW64\SIntf16.dll
2014-03-03 15:45 - 2014-03-03 15:45 - 00003034 _____ () C:\WINDOWS\System32\Tasks\{9B765944-D9BC-44F5-AE9B-B3ADE531A5F6}
2014-03-03 15:36 - 2014-03-03 15:36 - 00001660 _____ () C:\Users\Public\Desktop\Empire Earth.lnk
2014-03-03 15:33 - 2014-03-03 15:33 - 00000224 _____ () C:\WINDOWS\SIERRA.INI
2014-03-03 15:33 - 2014-03-03 15:33 - 00000000 ____D () C:\Sierra
2014-03-03 15:33 - 2012-09-10 21:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-02 22:04 - 2014-03-02 22:04 - 01630353 _____ () C:\Users\Miri\Documents\casta.wma
2014-03-01 21:27 - 2014-03-01 15:56 - 00000000 ____D () C:\Users\Miri\Downloads\Conan
2014-03-01 07:05 - 2014-03-12 11:41 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-01 05:58 - 2014-03-12 11:41 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-01 05:30 - 2014-03-12 11:41 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-01 05:17 - 2014-03-12 11:41 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-01 04:54 - 2014-03-12 11:41 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-01 04:47 - 2014-03-12 11:41 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-01 04:42 - 2014-03-12 11:41 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-01 04:18 - 2014-03-12 11:41 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-01 04:14 - 2014-03-12 11:41 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 11:41 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 11:41 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-01 03:57 - 2014-03-12 11:41 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 11:41 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 11:41 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 11:41 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 11:41 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 11:41 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-28 14:48 - 2012-12-03 20:26 - 00000000 ____D () C:\Users\Miri\AppData\Roaming\dvdcss
2014-02-28 14:25 - 2014-02-28 14:14 - 00000000 ____D () C:\Users\Miri\Downloads\cutmp
2014-02-28 14:14 - 2014-02-28 14:14 - 00000896 _____ () C:\Users\Miri\Desktop\mp3DirectCut.lnk
2014-02-28 14:13 - 2014-02-28 14:13 - 00300850 _____ () C:\Users\Miri\Downloads\mp3DC219.exe
2014-02-26 21:28 - 2013-09-12 19:26 - 00000000 ____D () C:\Users\Miri\Documents\Neuer Ordner
2014-02-26 20:43 - 2014-02-26 20:43 - 00000000 ____D () C:\Users\Miri\AppData\Roaming\sMedio
2014-02-17 16:18 - 2012-12-03 11:26 - 00000000 ___RD () C:\Users\Miri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-17 16:18 - 2012-12-03 11:26 - 00000000 ___RD () C:\Users\Miri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-17 16:09 - 2012-12-03 11:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-17 16:07 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-02-17 16:07 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-02-17 16:07 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-02-16 13:04 - 2013-08-15 23:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-16 13:02 - 2012-12-12 12:32 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-15 14:13 - 2014-02-15 14:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

Files to move or delete:
====================
C:\Users\Miri\AppData\Roaming\CamLayout.ini
C:\Users\Miri\AppData\Roaming\CamShapes.ini


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-12 11:40] - [2014-01-31 17:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02



LastRegBack: 2014-03-15 13:31

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Miri at 2014-03-17 12:45:59
Running from C:\Users\Miri\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.595.5857 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.595.5857 - ABBYY) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Anki (HKLM-x32\...\Anki) (Version:  - )
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4336 - AVG Technologies)
AVG 2014 (Version: 14.0.3722 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4336 - AVG Technologies) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{5FD4B351-1567-426F-AEB4-08F41E3FA6C5}) (Version: 0.9.31 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Designer 2.0 (HKLM-x32\...\Designer 2.0_is1) (Version: 7.9.5 - Fomanu AG)
Die*Sims™*3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.42.130 - Electronic Arts)
Edna Bricht Aus - Sammler Edition (HKLM-x32\...\EdnaSE) (Version: 1.2 - Daedalic Entertainment)
Empire Earth (HKLM-x32\...\{2447500B-22D7-47BD-9B13-1A927F43A267}) (Version:  - )
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden
Free YouTube Download version 3.2.20.1230 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.20.1230 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.19.1219 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.19.1219 - DVDVideoSoft Ltd.)
Harveys neue Augen Special Edition (HKLM-x32\...\Harveys neue Augen Special Edition) (Version: 1.3 - Daedalic Entertainment)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33268) (Version: 3.6.1.33268.15 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
ISOBuddy (HKLM-x32\...\ISOBuddy) (Version:  - )
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Lexmark S310 Series Deinstallationsprogamm (HKLM\...\Lexmark S310 Series) (Version:  - Lexmark International, Inc.)
Long Live The Queen (HKLM-x32\...\Steam App 251990) (Version:  - Hanako Games)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
Nero 12 Essentials Toshiba (HKLM-x32\...\{BA8958DC-ADD7-41E5-8436-5883C7E871C7}) (Version: 12.0.00400 - Nero AG)
Nero BackItUp (x32 Version: 12.0.1000 - Nero AG) Hidden
Nero BackItUp Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.12600 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero BurnRights (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero BurnRights Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.14800.0.48 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.17600.2.3 - Nero AG) Hidden
Nero Express (x32 Version: 12.0.14001 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Kwik Media (x32 Version: 1.18.16800 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 12.0.4000 - Nero AG) Hidden
Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.1000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.7002 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pflanzen gegen Zombies (HKLM-x32\...\Pflanzen gegen Zombies) (Version:  - PopCap Games)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4600 - SRS Labs, Inc.)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6687 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version:  - 5th Cell Media)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
South Park Der Stab der Wahrheit Incl. Ultimate Fellowship Pack MULTI-2 1.00 (HKLM-x32\...\South Park Der Stab der Wahrheit Incl. Ultimate Fellowship Pack MULTI-2 1.00) (Version:  - )
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.3 - Synaptics Incorporated)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
Toshiba Password Utility (HKLM-x32\...\InstallShield_{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}) (Version: 2.00.910 - Toshiba Corporation)
Toshiba Password Utility (x32 Version: 2.00.910 - Toshiba Corporation) Hidden
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
Toshiba Places Icon Utility (HKLM\...\{C991A8C4-307C-4FDD-8AAE-A1BF44881E95}) (Version: 2.1.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.2.1 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Welcome App (Start-up experience) (x32 Version: 12.0.13000 - Nero AG) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.37 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================

28-02-2014 17:13:37 Geplanter Prüfpunkt
03-03-2014 14:32:34 Installiert Empire Earth
06-03-2014 21:58:27 DirectX wurde installiert
14-03-2014 18:18:25 Windows Update

==================== Hosts content: ==========================

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {009BADEE-9088-47E6-BA90-87B717A871DB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0CD45EEE-BA60-402C-83D0-7AE300826A81} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2012-08-14] (Toshiba Europe GmbH)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {407623CB-7CC1-436A-8B31-C36B9ACFDD39} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {66E62ACD-3729-4601-923C-80A7A03572C0} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-14] (Synaptics Incorporated)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EC2B4F12-B0FE-4020-8277-CEF6BC72BF7B} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {EF480173-AF48-44F1-B4A9-4C1247D4F06B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2011-10-13 22:38 - 2011-10-13 22:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2012-07-19 02:38 - 2012-07-19 02:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-19 02:38 - 2012-07-19 02:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-14 03:13 - 2012-08-14 03:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2013-03-20 12:47 - 2012-09-07 02:40 - 00952496 _____ () C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe
2012-08-06 05:36 - 2012-08-06 05:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-31 08:11 - 2012-07-31 08:11 - 00024576 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\de\TosDILangPack.resources.dll
2014-03-07 15:46 - 2014-03-07 15:46 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\3363e49b745a5ddf1aaf80b18c175191\Windows.UI.ni.dll
2014-03-07 15:47 - 2014-03-07 15:47 - 00521216 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\351e47290edcd65f27c75470c1ea6cd2\Windows.Data.ni.dll
2014-02-14 11:20 - 2014-02-14 11:20 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\8d0f16d53c303f545bdc3bdeeb2a7fb3\Windows.Foundation.ni.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-27 15:48 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-03-20 12:47 - 2012-08-22 06:05 - 01490944 _____ () C:\Program Files (x86)\Lexmark S310 Series\lmabdrs.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-08-10 16:50 - 2012-08-10 16:50 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
2014-02-15 14:13 - 2014-02-15 14:13 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Miri\Downloads\avg_free_x64_all_2014_4259a6848.exe:BDU
AlternateDataStreams: C:\Users\Miri\Downloads\avira_free_antivirus_de.exe:BDU
AlternateDataStreams: C:\Users\Miri\Downloads\FreeYouTubeDownload.exe:BDU
AlternateDataStreams: C:\Users\Miri\Downloads\FreeYouTubeToMP3Converter.exe:BDU

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/16/2014 09:29:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5484

Error: (03/16/2014 09:29:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5484

Error: (03/16/2014 09:29:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/16/2014 09:29:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4078

Error: (03/16/2014 09:29:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4078

Error: (03/16/2014 09:29:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/16/2014 09:29:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2812

Error: (03/16/2014 09:29:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2812

Error: (03/16/2014 09:29:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/16/2014 09:29:03 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1453


System errors:
=============
Error: (03/17/2014 00:22:15 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (03/17/2014 00:40:27 AM) (Source: DCOM) (User: WingDing)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (03/17/2014 00:40:27 AM) (Source: DCOM) (User: WingDing)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (03/17/2014 00:40:27 AM) (Source: DCOM) (User: WingDing)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (03/17/2014 00:40:27 AM) (Source: DCOM) (User: WingDing)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (03/17/2014 00:40:27 AM) (Source: DCOM) (User: WingDing)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (03/17/2014 00:40:27 AM) (Source: DCOM) (User: WingDing)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (03/17/2014 00:40:27 AM) (Source: DCOM) (User: WingDing)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (03/17/2014 00:40:27 AM) (Source: DCOM) (User: WingDing)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (03/17/2014 00:40:27 AM) (Source: DCOM) (User: WingDing)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


Microsoft Office Sessions:
=========================
Error: (03/16/2014 09:29:07 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5484

Error: (03/16/2014 09:29:07 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5484

Error: (03/16/2014 09:29:07 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/16/2014 09:29:05 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4078

Error: (03/16/2014 09:29:05 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4078

Error: (03/16/2014 09:29:05 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/16/2014 09:29:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2812

Error: (03/16/2014 09:29:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2812

Error: (03/16/2014 09:29:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/16/2014 09:29:03 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1453


CodeIntegrity Errors:
===================================
  Date: 2014-03-08 00:15:00.175
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-08 00:14:58.097
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-08 00:14:54.042
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-08 00:14:51.964
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-08 00:14:49.907
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 37%
Total physical RAM: 3977.22 MB
Available physical RAM: 2486.32 MB
Total Pagefile: 5129.22 MB
Available Pagefile: 3272.72 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB

==================== Drives ================================

Drive c: (TI30992300A) (Fixed) (Total:454.95 GB) (Free:333.83 GB) NTFS
Drive d: (Airy Aster) (Fixed) (Total:931.51 GB) (Free:289.82 GB) NTFS
Drive e: (DVD_VIDEO_RECORDER) (CDROM) (Total:2.09 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 5567C182)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

GMER:

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-17 13:11:06
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002c TOSHIBA_MQ01ABD050 rev.AX003M 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Miri\AppData\Local\Temp\pxriqpob.sys


---- User code sections - GMER 2.1 ----

.text   C:\Windows\System32\igfxpers.exe[4252] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506              00007ffbfaf2169a 4 bytes [F2, FA, FB, 7F]
.text   C:\Windows\System32\igfxpers.exe[4252] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514              00007ffbfaf216a2 4 bytes [F2, FA, FB, 7F]
.text   C:\Windows\System32\igfxpers.exe[4252] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                 00007ffbfaf2181a 4 bytes [F2, FA, FB, 7F]
.text   C:\Windows\System32\igfxpers.exe[4252] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                 00007ffbfaf21832 4 bytes [F2, FA, FB, 7F]
.text   C:\Program Files\Windows Media Player\wmpnetwk.exe[4976] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194  00007ffbdf8e1f6a 4 bytes [8E, DF, FB, 7F]
.text   C:\Program Files\Windows Media Player\wmpnetwk.exe[4976] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218  00007ffbdf8e1f82 4 bytes [8E, DF, FB, 7F]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [936:960]                                                                    fffff960008f64d0
Thread  C:\WINDOWS\system32\svchost.exe [1540:3020]                                                                00007ffbf1e31584
Thread  C:\WINDOWS\system32\svchost.exe [1540:3048]                                                                00007ffbf1a91b30
Thread  C:\WINDOWS\system32\svchost.exe [1540:3300]                                                                00007ffbf1574608

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                      unknown MBR code

---- EOF - GMER 2.1 ----

cosinus · 17.03.2014, 18:04

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Kaint · 17.03.2014, 19:25

Das Programm sagt, dass kein Cleanup nötig sei. Hier die Log Datei.

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.03.17.06

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16521
Miri :: WINGDING [administrator]

17.03.2014 18:29:15
mbar-log-2014-03-17 (18-29-15).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 248875
Time elapsed: 49 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus · 17.03.2014, 19:27

Adware/Junkware/Toolbars entfernen

1. Schritt: Malwarebytes Anti-Malware

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

2. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

3. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

4. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Kaint · 17.03.2014, 20:22

Hier das Logfile von Punkt 1. Ich muss neu starten und war mit nicht sicher ob ich alle Logs gemeinsam posten soll oder immer direkt wenn ich mit einem Scan fertig bin. Ich mache es jetzt einfach in getrennten Antworten.

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.17.07

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16521
Miri :: WINGDING [Administrator]

Schutz: Aktiviert

17.03.2014 19:36:32
mbam-log-2014-03-17 (19-36-32).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 224282
Laufzeit: 5 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\AppDataLow\Software\PriceGong (PUP.Optional.PriceGong.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Miri\Downloads\SoftonicDownloader_fuer_tvuplayer.exe (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

2. adw cleaner

Code:

ATTFilter

# AdwCleaner v3.022 - Bericht erstellt am 17/03/2014 um 19:57:30
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Miri - WINGDING
# Gestartet von : C:\Users\Miri\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gelöscht : C:\Program Files (x86)\myfree codec
Ordner Gelöscht : C:\WINDOWS\SysWOW64\AI_RecycleBin
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
Datei Gelöscht : C:\Users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\6evd5p9p.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{501451DE-5808-4599-B544-8BD0915B6B24}_is1

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\6evd5p9p.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [4018 octets] - [17/03/2014 19:55:31]
AdwCleaner[S0].txt - [3607 octets] - [17/03/2014 19:57:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3667 octets] ##########

JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8.1 x64
Ran by Miri on 17.03.2014 at 20:07:16,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Miri\AppData\Roaming\mozilla\firefox\profiles\6evd5p9p.default\minidumps [102 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.03.2014 at 20:12:22,16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Miri (administrator) on WINGDING on 17-03-2014 20:19:36
Running from C:\Users\Miri\Desktop
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
() C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)
HKLM\...\Run: [LMADEmon] - C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe [952496 2012-09-07] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-14] (Synaptics Incorporated)
HKLM\...\Run: [InstallerLauncher] - "C:\Program Files\Bitdefender\Antivirus Free Edition\Install\setuplauncher.exe" /run:"C:\Program Files\Bitdefender\Antivirus Free Edition\Install\Installer.exe"
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-01] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaDynamicIconUtility] - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba)
HKLM-x32\...\Run: [TPUReg] - C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [6884352 2012-08-23] (Pegatron Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [LMADEmon] - C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe [952496 2012-09-07] ()
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1659703965-2282130268-2058980726-1001\...\Run: [Spotify Web Helper] - C:\Users\Miri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-04] (Spotify Ltd)
HKU\S-1-5-21-1659703965-2282130268-2058980726-1001\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-1659703965-2282130268-2058980726-1001\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-1659703965-2282130268-2058980726-1001\...\Run: [LMab1err] - C:\Program Files\Lexmark\ErrorApp\LMab1err.exe [645296 2012-08-07] ()
HKU\S-1-5-21-1659703965-2282130268-2058980726-1001\...\Run: [LMADEmon] - C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe [952496 2012-09-07] ()
HKU\S-1-5-21-1659703965-2282130268-2058980726-1001\...\Run: [AVG-Secure-Search-Update_1213b] - C:\Users\Miri\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=b4bdcd7fad7047d29d21a11d94fc8cce-6768baf0004c30faa8e78a910e0afa985fce73b6 /CMPID=1213b
HKU\S-1-5-21-1659703965-2282130268-2058980726-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20918432 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1659703965-2282130268-2058980726-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
Startup: C:\Users\Miri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
SearchScopes: HKLM - DefaultScope {84A97557-A480-4609-9E3C-7962DC3D17D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM - {84A97557-A480-4609-9E3C-7962DC3D17D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {84A97557-A480-4609-9E3C-7962DC3D17D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - {84A97557-A480-4609-9E3C-7962DC3D17D5} URL = 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\6evd5p9p.default
FF Homepage: about:home
FF NetworkProxy: "ftp", "213.133.141.197"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "213.133.141.197"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "213.133.141.197"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "213.133.141.197"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\6evd5p9p.default\Extensions\ich@maltegoetz.de [2013-12-12]
FF Extension: Premiumize.me - C:\Users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\6evd5p9p.default\Extensions\jid1-sirVJT0BXhkuJg@jetpack.xpi [2014-01-07]
FF Extension: Stealthy - C:\Users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\6evd5p9p.default\Extensions\stealthyextension@gmail.com.xpi [2013-01-22]
FF Extension: NoScript - C:\Users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\6evd5p9p.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-12-03]
FF Extension: Adblock Plus - C:\Users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\6evd5p9p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
S4 gzserv; "C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe" /service [X]

==================== Drivers (Whitelisted) ====================

R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2013-08-20] (Emsisoft GmbH)
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 cleanhlp; C:\EEK\RUN\cleanhlp64.sys [57024 2014-03-15] (Emsisoft GmbH)
S3 FsUsbExDisk; C:\WINDOWS\SysWOW64\FsUsbExDisk.SYS [37344 2014-01-23] ()
S4 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-12-04] (Microsoft Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-17 20:19 - 2014-03-17 20:19 - 00017271 _____ () C:\Users\Miri\Desktop\FRST.txt
2014-03-17 20:16 - 2014-03-17 20:17 - 00047721 _____ () C:\Users\Miri\Desktop\FRST2.txt
2014-03-17 20:12 - 2014-03-17 20:12 - 00000745 _____ () C:\Users\Miri\Desktop\JRT.txt
2014-03-17 20:07 - 2014-03-17 20:07 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-17 20:05 - 2014-03-17 20:05 - 01037734 _____ (Thisisu) C:\Users\Miri\Desktop\JRT.exe
2014-03-17 19:53 - 2014-03-17 19:57 - 00000000 ____D () C:\AdwCleaner
2014-03-17 19:52 - 2014-03-17 19:52 - 01950720 _____ () C:\Users\Miri\Desktop\adwcleaner.exe
2014-03-17 19:32 - 2014-03-17 19:32 - 00001136 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-17 19:32 - 2014-03-17 19:32 - 00000000 ____D () C:\Users\Miri\AppData\Roaming\Malwarebytes
2014-03-17 19:32 - 2014-03-17 19:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-17 19:32 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-17 19:29 - 2014-03-17 19:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Miri\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-17 18:29 - 2014-03-17 19:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-17 18:29 - 2014-03-17 18:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-17 18:28 - 2014-03-17 19:23 - 00000000 ____D () C:\Users\Miri\Desktop\mbar
2014-03-17 18:28 - 2014-03-17 18:28 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-17 18:27 - 2014-03-17 18:27 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Miri\Desktop\mbar-1.07.0.1009.exe
2014-03-17 13:11 - 2014-03-17 13:11 - 00002017 _____ () C:\Users\Miri\Desktop\Gmer.txt
2014-03-17 12:45 - 2014-03-17 20:19 - 00000000 ____D () C:\FRST
2014-03-17 12:45 - 2014-03-17 12:46 - 00044664 _____ () C:\Users\Miri\Desktop\FRST1.txt
2014-03-17 12:45 - 2014-03-17 12:46 - 00029556 _____ () C:\Users\Miri\Desktop\Addition1.txt
2014-03-17 12:40 - 2014-03-17 12:40 - 00000470 _____ () C:\Users\Miri\Desktop\defogger_disable.log
2014-03-17 12:40 - 2014-03-17 12:40 - 00000000 _____ () C:\Users\Miri\defogger_reenable
2014-03-17 12:38 - 2014-03-17 12:38 - 00015500 _____ () C:\Users\Miri\Documents\trojanerboard.odt
2014-03-17 12:35 - 2014-03-17 12:35 - 00380416 _____ () C:\Users\Miri\Desktop\Gmer-19357.exe
2014-03-17 12:34 - 2014-03-17 12:34 - 02157056 _____ (Farbar) C:\Users\Miri\Desktop\FRST64.exe
2014-03-17 12:33 - 2014-03-17 12:33 - 00050477 _____ () C:\Users\Miri\Desktop\Defogger.exe
2014-03-15 13:20 - 2014-03-15 13:20 - 00010250 _____ () C:\EamClean.log
2014-03-15 10:30 - 2014-03-15 10:30 - 00000000 ____D () C:\Users\Miri\AppData\Local\Skype
2014-03-15 10:29 - 2014-03-15 10:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-12 13:59 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-12 13:59 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-03-12 13:59 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-12 11:41 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-12 11:41 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-12 11:41 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-12 11:41 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-12 11:41 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-12 11:41 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-12 11:41 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-12 11:41 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-12 11:41 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-12 11:41 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-12 11:41 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-12 11:41 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-12 11:41 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-12 11:41 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-12 11:41 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-12 11:41 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-12 11:41 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-03-12 11:41 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-03-12 11:41 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-12 11:41 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-03-12 11:41 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-03-12 11:41 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-03-12 11:40 - 2014-03-12 11:40 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-03-12 11:40 - 2014-03-12 11:40 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-03-12 11:40 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-12 11:40 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-12 11:40 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-12 11:40 - 2014-01-31 17:15 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-03-12 11:40 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-03-12 11:40 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-03-12 11:40 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-03-12 11:40 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-03-12 11:40 - 2014-01-29 10:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-03-12 11:40 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-03-12 11:40 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-03-12 11:40 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-03-12 11:40 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-03-12 11:40 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-03-12 11:40 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-03-12 11:40 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-03-12 11:40 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-03-12 11:40 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-03-12 11:40 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-03-12 11:40 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-12 11:40 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-03-12 11:40 - 2014-01-27 19:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-03-12 11:40 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-03-12 11:40 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-03-12 11:40 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-03-12 11:40 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-12 11:40 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-03-12 11:40 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-03-12 11:40 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-03-12 11:40 - 2014-01-27 12:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-03-12 11:40 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-03-12 11:40 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-03-12 11:40 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-03-11 19:25 - 2014-03-11 19:25 - 05777288 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2014-03-08 00:18 - 2014-01-23 04:21 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2014-03-08 00:18 - 2014-01-23 04:21 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2014-03-08 00:14 - 2014-01-23 10:22 - 00233472 _____ (Teruten) C:\WINDOWS\SysWOW64\FsUsbExService.Exe
2014-03-08 00:14 - 2014-01-23 10:22 - 00037344 _____ () C:\WINDOWS\SysWOW64\FsUsbExDisk.Sys
2014-03-08 00:14 - 2012-12-18 10:08 - 00110592 _____ () C:\WINDOWS\SysWOW64\FsUsbExDevice.Dll
2014-03-08 00:12 - 2014-03-08 00:12 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-03-08 00:11 - 2014-03-08 00:11 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-06 23:00 - 2014-03-06 23:00 - 00017475 _____ () C:\WINDOWS\DirectX.log
2014-03-06 23:00 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2014-03-06 22:58 - 2014-03-06 22:58 - 00000000 ____D () C:\Users\Miri\Documents\My Games
2014-03-06 22:58 - 2014-03-06 22:58 - 00000000 ____D () C:\ProgramData\Steam
2014-03-06 22:35 - 2014-03-06 22:35 - 00002291 _____ () C:\Users\Miri\Desktop\South Park Der Stab der Wahrheit.lnk
2014-03-06 22:32 - 2014-03-06 22:35 - 00000000 ____D () C:\Program Files (x86)\South Park Der Stab der Wahrheit
2014-03-05 16:11 - 2014-03-05 16:11 - 00019722 _____ () C:\Users\Miri\Documents\fazit.odt
2014-03-03 15:46 - 2014-03-03 15:46 - 00021840 _____ () C:\WINDOWS\SysWOW64\SIntfNT.dll
2014-03-03 15:46 - 2014-03-03 15:46 - 00017212 _____ () C:\WINDOWS\SysWOW64\SIntf32.dll
2014-03-03 15:46 - 2014-03-03 15:46 - 00012067 _____ () C:\WINDOWS\SysWOW64\SIntf16.dll
2014-03-03 15:45 - 2014-03-03 15:45 - 00003034 _____ () C:\WINDOWS\System32\Tasks\{9B765944-D9BC-44F5-AE9B-B3ADE531A5F6}
2014-03-03 15:36 - 2014-03-03 15:36 - 00001660 _____ () C:\Users\Public\Desktop\Empire Earth.lnk
2014-03-03 15:33 - 2014-03-03 15:33 - 00000224 _____ () C:\WINDOWS\SIERRA.INI
2014-03-03 15:33 - 2014-03-03 15:33 - 00000000 ____D () C:\Sierra
2014-03-02 22:04 - 2014-03-02 22:04 - 01630353 _____ () C:\Users\Miri\Documents\casta.wma
2014-03-01 15:56 - 2014-03-01 21:27 - 00000000 ____D () C:\Users\Miri\Downloads\Conan
2014-02-28 14:14 - 2014-02-28 14:25 - 00000000 ____D () C:\Users\Miri\Downloads\cutmp
2014-02-28 14:14 - 2014-02-28 14:14 - 00000896 _____ () C:\Users\Miri\Desktop\mp3DirectCut.lnk
2014-02-28 14:13 - 2014-02-28 14:13 - 00300850 _____ () C:\Users\Miri\Downloads\mp3DC219.exe
2014-02-26 20:43 - 2014-02-26 20:43 - 00000000 ____D () C:\Users\Miri\AppData\Roaming\sMedio
2014-02-16 12:42 - 2013-12-09 01:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-02-16 12:42 - 2013-12-09 01:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-02-16 12:42 - 2013-11-27 16:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-02-16 12:42 - 2013-11-27 16:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-02-16 12:42 - 2013-11-27 15:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-02-16 12:42 - 2013-11-27 14:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-02-16 12:42 - 2013-11-27 13:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-02-16 12:42 - 2013-11-27 11:54 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-02-16 12:42 - 2013-11-27 11:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-02-16 12:42 - 2013-11-27 11:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-02-16 12:42 - 2013-11-27 10:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-02-16 12:42 - 2013-11-27 10:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-02-16 12:42 - 2013-11-27 10:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-02-16 12:42 - 2013-11-27 10:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-02-16 12:42 - 2013-11-27 09:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-02-16 12:42 - 2013-11-27 09:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-02-16 12:42 - 2013-11-26 14:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-02-16 12:42 - 2013-11-26 14:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-02-16 12:42 - 2013-11-26 12:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-02-16 12:42 - 2013-11-26 10:21 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-02-16 12:42 - 2013-11-26 09:28 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-02-16 12:42 - 2013-11-25 02:45 - 00142680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-02-16 12:42 - 2013-11-25 02:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-02-16 12:42 - 2013-11-25 00:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-02-16 12:42 - 2013-11-25 00:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-02-16 12:42 - 2013-11-23 13:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-02-16 12:42 - 2013-11-23 12:49 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-02-16 12:42 - 2013-11-23 09:19 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-02-16 12:42 - 2013-11-23 08:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-02-16 12:42 - 2013-11-23 08:13 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-02-16 12:42 - 2013-11-23 08:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-02-16 12:42 - 2013-11-23 05:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-02-16 12:42 - 2013-11-23 04:57 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-02-16 12:42 - 2013-11-23 04:48 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-02-16 12:42 - 2013-11-23 04:25 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-02-16 12:42 - 2013-11-23 04:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-02-16 12:42 - 2013-11-23 04:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-02-16 12:42 - 2013-11-23 04:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-02-16 12:42 - 2013-11-21 07:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-02-16 12:42 - 2013-11-21 07:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-02-16 12:42 - 2013-11-15 15:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-02-16 12:42 - 2013-11-15 15:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2014-02-16 12:42 - 2013-11-15 15:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-02-16 12:42 - 2013-11-15 14:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-02-16 12:42 - 2013-10-31 01:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-02-16 12:42 - 2013-10-31 00:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-02-15 14:13 - 2014-02-15 14:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-03-17 20:19 - 2014-03-17 20:19 - 00017271 _____ () C:\Users\Miri\Desktop\FRST.txt
2014-03-17 20:19 - 2014-03-17 12:45 - 00000000 ____D () C:\FRST
2014-03-17 20:17 - 2014-03-17 20:16 - 00047721 _____ () C:\Users\Miri\Desktop\FRST2.txt
2014-03-17 20:13 - 2012-12-03 11:32 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1659703965-2282130268-2058980726-1001
2014-03-17 20:12 - 2014-03-17 20:12 - 00000745 _____ () C:\Users\Miri\Desktop\JRT.txt
2014-03-17 20:08 - 2013-03-17 11:26 - 00000000 ____D () C:\Users\Miri\AppData\Roaming\Skype
2014-03-17 20:07 - 2014-03-17 20:07 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-17 20:05 - 2014-03-17 20:05 - 01037734 _____ (Thisisu) C:\Users\Miri\Desktop\JRT.exe
2014-03-17 20:03 - 2013-09-30 05:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-17 20:03 - 2013-09-30 04:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-03-17 20:03 - 2013-09-30 04:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-03-17 20:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-03-17 19:59 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-17 19:57 - 2014-03-17 19:53 - 00000000 ____D () C:\AdwCleaner
2014-03-17 19:57 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-03-17 19:52 - 2014-03-17 19:52 - 01950720 _____ () C:\Users\Miri\Desktop\adwcleaner.exe
2014-03-17 19:49 - 2014-02-13 00:15 - 00007014 _____ () C:\WINDOWS\PFRO.log
2014-03-17 19:44 - 2013-12-19 20:20 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B5D406B9-606A-4A21-9A79-149A166845F4}
2014-03-17 19:32 - 2014-03-17 19:32 - 00001136 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-17 19:32 - 2014-03-17 19:32 - 00000000 ____D () C:\Users\Miri\AppData\Roaming\Malwarebytes
2014-03-17 19:32 - 2014-03-17 19:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-17 19:29 - 2014-03-17 19:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Miri\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-17 19:28 - 2014-02-03 12:18 - 01659828 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-17 19:25 - 2013-04-21 17:55 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-17 19:23 - 2014-03-17 18:29 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-17 19:23 - 2014-03-17 18:28 - 00000000 ____D () C:\Users\Miri\Desktop\mbar
2014-03-17 18:29 - 2014-03-17 18:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-17 18:28 - 2014-03-17 18:28 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-17 18:27 - 2014-03-17 18:27 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Miri\Desktop\mbar-1.07.0.1009.exe
2014-03-17 17:57 - 2014-01-12 11:07 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-17 13:27 - 2013-10-22 18:07 - 00027648 ___SH () C:\Users\Miri\Desktop\Thumbs.db
2014-03-17 13:11 - 2014-03-17 13:11 - 00002017 _____ () C:\Users\Miri\Desktop\Gmer.txt
2014-03-17 13:11 - 2013-12-04 12:50 - 00000000 ____D () C:\Users\Miri
2014-03-17 12:46 - 2014-03-17 12:45 - 00044664 _____ () C:\Users\Miri\Desktop\FRST1.txt
2014-03-17 12:46 - 2014-03-17 12:45 - 00029556 _____ () C:\Users\Miri\Desktop\Addition1.txt
2014-03-17 12:40 - 2014-03-17 12:40 - 00000470 _____ () C:\Users\Miri\Desktop\defogger_disable.log
2014-03-17 12:40 - 2014-03-17 12:40 - 00000000 _____ () C:\Users\Miri\defogger_reenable
2014-03-17 12:38 - 2014-03-17 12:38 - 00015500 _____ () C:\Users\Miri\Documents\trojanerboard.odt
2014-03-17 12:35 - 2014-03-17 12:35 - 00380416 _____ () C:\Users\Miri\Desktop\Gmer-19357.exe
2014-03-17 12:34 - 2014-03-17 12:34 - 02157056 _____ (Farbar) C:\Users\Miri\Desktop\FRST64.exe
2014-03-17 12:33 - 2014-03-17 12:33 - 00050477 _____ () C:\Users\Miri\Desktop\Defogger.exe
2014-03-16 23:14 - 2012-12-03 23:16 - 00000000 ____D () C:\Users\Miri\AppData\Roaming\Spotify
2014-03-16 18:34 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-03-15 13:39 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-03-15 13:21 - 2014-02-12 14:20 - 00005801 _____ () C:\WINDOWS\setupact.log
2014-03-15 13:20 - 2014-03-15 13:20 - 00010250 _____ () C:\EamClean.log
2014-03-15 10:30 - 2014-03-15 10:30 - 00000000 ____D () C:\Users\Miri\AppData\Local\Skype
2014-03-15 10:30 - 2013-03-17 11:26 - 00000000 ____D () C:\ProgramData\Skype
2014-03-15 10:29 - 2014-03-15 10:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-15 10:27 - 2013-08-22 15:44 - 00400800 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-15 00:04 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 00:04 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 00:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-15 00:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-14 00:36 - 2013-02-24 01:03 - 00016110 _____ () C:\Users\Miri\Documents\weblogyoutube.odt
2014-03-13 22:36 - 2012-12-03 23:16 - 00000000 ____D () C:\Users\Miri\AppData\Local\Spotify
2014-03-13 21:38 - 2013-11-26 18:31 - 00000000 ____D () C:\Users\Miri\AppData\Local\PMB Files
2014-03-13 21:38 - 2013-11-26 18:31 - 00000000 ____D () C:\ProgramData\PMB Files
2014-03-12 11:40 - 2014-03-12 11:40 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-03-12 11:40 - 2014-03-12 11:40 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-03-12 11:40 - 2014-01-12 11:13 - 00001008 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-11 19:25 - 2014-03-11 19:25 - 05777288 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2014-03-11 19:25 - 2013-04-21 17:55 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-03-11 19:15 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-03-08 20:57 - 2013-01-12 10:43 - 00000000 ____D () C:\Users\Miri\Documents\ao3
2014-03-08 00:32 - 2012-12-03 12:15 - 00000000 ____D () C:\Users\Miri\AppData\Roaming\vlc
2014-03-08 00:30 - 2013-02-03 12:30 - 00000000 ____D () C:\Users\Miri\Documents\SelfMV
2014-03-08 00:17 - 2013-12-04 12:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2014-03-08 00:12 - 2014-03-08 00:12 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-03-08 00:11 - 2014-03-08 00:11 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-06 23:00 - 2014-03-06 23:00 - 00017475 _____ () C:\WINDOWS\DirectX.log
2014-03-06 22:58 - 2014-03-06 22:58 - 00000000 ____D () C:\Users\Miri\Documents\My Games
2014-03-06 22:58 - 2014-03-06 22:58 - 00000000 ____D () C:\ProgramData\Steam
2014-03-06 22:35 - 2014-03-06 22:35 - 00002291 _____ () C:\Users\Miri\Desktop\South Park Der Stab der Wahrheit.lnk
2014-03-06 22:35 - 2014-03-06 22:32 - 00000000 ____D () C:\Program Files (x86)\South Park Der Stab der Wahrheit
2014-03-06 02:23 - 2013-12-26 14:10 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-05 16:11 - 2014-03-05 16:11 - 00019722 _____ () C:\Users\Miri\Documents\fazit.odt
2014-03-04 23:53 - 2013-12-12 17:44 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-04 23:53 - 2013-12-12 17:44 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-03 15:46 - 2014-03-03 15:46 - 00021840 _____ () C:\WINDOWS\SysWOW64\SIntfNT.dll
2014-03-03 15:46 - 2014-03-03 15:46 - 00017212 _____ () C:\WINDOWS\SysWOW64\SIntf32.dll
2014-03-03 15:46 - 2014-03-03 15:46 - 00012067 _____ () C:\WINDOWS\SysWOW64\SIntf16.dll
2014-03-03 15:45 - 2014-03-03 15:45 - 00003034 _____ () C:\WINDOWS\System32\Tasks\{9B765944-D9BC-44F5-AE9B-B3ADE531A5F6}
2014-03-03 15:36 - 2014-03-03 15:36 - 00001660 _____ () C:\Users\Public\Desktop\Empire Earth.lnk
2014-03-03 15:33 - 2014-03-03 15:33 - 00000224 _____ () C:\WINDOWS\SIERRA.INI
2014-03-03 15:33 - 2014-03-03 15:33 - 00000000 ____D () C:\Sierra
2014-03-03 15:33 - 2012-09-10 21:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-02 22:04 - 2014-03-02 22:04 - 01630353 _____ () C:\Users\Miri\Documents\casta.wma
2014-03-01 21:27 - 2014-03-01 15:56 - 00000000 ____D () C:\Users\Miri\Downloads\Conan
2014-03-01 07:05 - 2014-03-12 11:41 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-01 05:58 - 2014-03-12 11:41 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-01 05:30 - 2014-03-12 11:41 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-01 05:17 - 2014-03-12 11:41 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-01 04:54 - 2014-03-12 11:41 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-01 04:47 - 2014-03-12 11:41 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-01 04:42 - 2014-03-12 11:41 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-01 04:18 - 2014-03-12 11:41 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-01 04:14 - 2014-03-12 11:41 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 11:41 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 11:41 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-01 03:57 - 2014-03-12 11:41 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 11:41 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 11:41 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 11:41 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 11:41 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 11:41 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-28 14:48 - 2012-12-03 20:26 - 00000000 ____D () C:\Users\Miri\AppData\Roaming\dvdcss
2014-02-28 14:25 - 2014-02-28 14:14 - 00000000 ____D () C:\Users\Miri\Downloads\cutmp
2014-02-28 14:14 - 2014-02-28 14:14 - 00000896 _____ () C:\Users\Miri\Desktop\mp3DirectCut.lnk
2014-02-28 14:13 - 2014-02-28 14:13 - 00300850 _____ () C:\Users\Miri\Downloads\mp3DC219.exe
2014-02-26 21:28 - 2013-09-12 19:26 - 00000000 ____D () C:\Users\Miri\Documents\Neuer Ordner
2014-02-26 20:43 - 2014-02-26 20:43 - 00000000 ____D () C:\Users\Miri\AppData\Roaming\sMedio
2014-02-17 16:18 - 2012-12-03 11:26 - 00000000 ___RD () C:\Users\Miri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-17 16:18 - 2012-12-03 11:26 - 00000000 ___RD () C:\Users\Miri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-17 16:09 - 2012-12-03 11:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-17 16:07 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-02-17 16:07 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-02-17 16:07 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-02-16 13:04 - 2013-08-15 23:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-16 13:02 - 2012-12-12 12:32 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-15 14:13 - 2014-02-15 14:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

Files to move or delete:
====================
C:\Users\Miri\AppData\Roaming\CamLayout.ini
C:\Users\Miri\AppData\Roaming\CamShapes.ini


Some content of TEMP:
====================
C:\Users\Miri\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-12 11:40] - [2014-01-31 17:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02



LastRegBack: 2014-03-17 15:11

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Miri at 2014-03-17 20:20:01
Running from C:\Users\Miri\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.595.5857 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.595.5857 - ABBYY) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Anki (HKLM-x32\...\Anki) (Version:  - )
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4336 - AVG Technologies)
AVG 2014 (Version: 14.0.3722 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4336 - AVG Technologies) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{5FD4B351-1567-426F-AEB4-08F41E3FA6C5}) (Version: 0.9.31 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Designer 2.0 (HKLM-x32\...\Designer 2.0_is1) (Version: 7.9.5 - Fomanu AG)
Die*Sims™*3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.42.130 - Electronic Arts)
Edna Bricht Aus - Sammler Edition (HKLM-x32\...\EdnaSE) (Version: 1.2 - Daedalic Entertainment)
Empire Earth (HKLM-x32\...\{2447500B-22D7-47BD-9B13-1A927F43A267}) (Version:  - )
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden
Free YouTube Download version 3.2.20.1230 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.20.1230 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.19.1219 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.19.1219 - DVDVideoSoft Ltd.)
Harveys neue Augen Special Edition (HKLM-x32\...\Harveys neue Augen Special Edition) (Version: 1.3 - Daedalic Entertainment)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33268) (Version: 3.6.1.33268.15 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
ISOBuddy (HKLM-x32\...\ISOBuddy) (Version:  - )
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Lexmark S310 Series Deinstallationsprogamm (HKLM\...\Lexmark S310 Series) (Version:  - Lexmark International, Inc.)
Long Live The Queen (HKLM-x32\...\Steam App 251990) (Version:  - Hanako Games)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Nero 12 Essentials Toshiba (HKLM-x32\...\{BA8958DC-ADD7-41E5-8436-5883C7E871C7}) (Version: 12.0.00400 - Nero AG)
Nero BackItUp (x32 Version: 12.0.1000 - Nero AG) Hidden
Nero BackItUp Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.12600 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero BurnRights (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero BurnRights Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.14800.0.48 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.17600.2.3 - Nero AG) Hidden
Nero Express (x32 Version: 12.0.14001 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Kwik Media (x32 Version: 1.18.16800 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 12.0.4000 - Nero AG) Hidden
Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.1000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.7002 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pflanzen gegen Zombies (HKLM-x32\...\Pflanzen gegen Zombies) (Version:  - PopCap Games)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4600 - SRS Labs, Inc.)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6687 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version:  - 5th Cell Media)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
South Park Der Stab der Wahrheit Incl. Ultimate Fellowship Pack MULTI-2 1.00 (HKLM-x32\...\South Park Der Stab der Wahrheit Incl. Ultimate Fellowship Pack MULTI-2 1.00) (Version:  - )
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.3 - Synaptics Incorporated)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
Toshiba Password Utility (HKLM-x32\...\InstallShield_{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}) (Version: 2.00.910 - Toshiba Corporation)
Toshiba Password Utility (x32 Version: 2.00.910 - Toshiba Corporation) Hidden
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
Toshiba Places Icon Utility (HKLM\...\{C991A8C4-307C-4FDD-8AAE-A1BF44881E95}) (Version: 2.1.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.2.1 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Welcome App (Start-up experience) (x32 Version: 12.0.13000 - Nero AG) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.37 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================

28-02-2014 17:13:37 Geplanter Prüfpunkt
03-03-2014 14:32:34 Installiert Empire Earth
06-03-2014 21:58:27 DirectX wurde installiert
14-03-2014 18:18:25 Windows Update

==================== Hosts content: ==========================

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {009BADEE-9088-47E6-BA90-87B717A871DB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0CD45EEE-BA60-402C-83D0-7AE300826A81} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2012-08-14] (Toshiba Europe GmbH)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {407623CB-7CC1-436A-8B31-C36B9ACFDD39} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {66E62ACD-3729-4601-923C-80A7A03572C0} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-14] (Synaptics Incorporated)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EC2B4F12-B0FE-4020-8277-CEF6BC72BF7B} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {EF480173-AF48-44F1-B4A9-4C1247D4F06B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2011-10-13 22:38 - 2011-10-13 22:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2012-07-19 02:38 - 2012-07-19 02:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-19 02:38 - 2012-07-19 02:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-14 03:13 - 2012-08-14 03:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2013-03-20 12:47 - 2012-09-07 02:40 - 00952496 _____ () C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe
2012-08-06 05:36 - 2012-08-06 05:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-31 08:11 - 2012-07-31 08:11 - 00024576 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\de\TosDILangPack.resources.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-20 12:47 - 2012-08-22 06:05 - 01490944 _____ () C:\Program Files (x86)\Lexmark S310 Series\lmabdrs.dll
2012-10-27 15:48 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-02-15 14:13 - 2014-02-15 14:13 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Miri\Downloads\avg_free_x64_all_2014_4259a6848.exe:BDU
AlternateDataStreams: C:\Users\Miri\Downloads\avira_free_antivirus_de.exe:BDU
AlternateDataStreams: C:\Users\Miri\Downloads\FreeYouTubeDownload.exe:BDU
AlternateDataStreams: C:\Users\Miri\Downloads\FreeYouTubeToMP3Converter.exe:BDU

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/17/2014 04:37:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4485

Error: (03/17/2014 04:37:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4485

Error: (03/17/2014 04:37:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/17/2014 04:02:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37797

Error: (03/17/2014 04:02:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37797

Error: (03/17/2014 04:02:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/17/2014 04:02:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5953

Error: (03/17/2014 04:02:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5953

Error: (03/17/2014 04:02:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/17/2014 04:02:17 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4422


System errors:
=============
Error: (03/17/2014 03:12:31 PM) (Source: DCOM) (User: WingDing)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (03/17/2014 03:12:01 PM) (Source: DCOM) (User: WingDing)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/17/2014 01:12:27 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst avgwd erreicht.

Error: (03/17/2014 01:12:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AVGIDSAgent" wurde mit dem folgenden dienstspezifischen Fehler beendet: 
%%3758213661

Error: (03/17/2014 01:12:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AVGIDSAgent" wurde mit dem folgenden dienstspezifischen Fehler beendet: 
%%3758213661

Error: (03/17/2014 01:12:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AVGIDSAgent" wurde mit dem folgenden dienstspezifischen Fehler beendet: 
%%3758213661

Error: (03/17/2014 01:12:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AVGIDSAgent" wurde mit dem folgenden dienstspezifischen Fehler beendet: 
%%3758213661

Error: (03/17/2014 01:12:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AVGIDSAgent" wurde mit dem folgenden dienstspezifischen Fehler beendet: 
%%3758213661

Error: (03/17/2014 01:12:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AVGIDSAgent" wurde mit dem folgenden dienstspezifischen Fehler beendet: 
%%3758213661

Error: (03/17/2014 01:12:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AVGIDSAgent" wurde mit dem folgenden dienstspezifischen Fehler beendet: 
%%3758213661


Microsoft Office Sessions:
=========================
Error: (03/17/2014 04:37:52 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4485

Error: (03/17/2014 04:37:52 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4485

Error: (03/17/2014 04:37:52 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/17/2014 04:02:50 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37797

Error: (03/17/2014 04:02:50 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37797

Error: (03/17/2014 04:02:50 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/17/2014 04:02:19 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5953

Error: (03/17/2014 04:02:19 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5953

Error: (03/17/2014 04:02:19 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/17/2014 04:02:17 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4422


CodeIntegrity Errors:
===================================
  Date: 2014-03-08 00:15:00.175
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-08 00:14:58.097
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-08 00:14:54.042
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-08 00:14:51.964
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-08 00:14:49.907
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 37%
Total physical RAM: 3977.22 MB
Available physical RAM: 2468.46 MB
Total Pagefile: 5065.22 MB
Available Pagefile: 3363.97 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: (TI30992300A) (Fixed) (Total:454.95 GB) (Free:333.21 GB) NTFS
Drive d: (Airy Aster) (Fixed) (Total:931.51 GB) (Free:289.82 GB) NTFS
Drive e: (DVD_VIDEO_RECORDER) (CDROM) (Total:2.09 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 5567C182)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus · 17.03.2014, 20:40

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Kaint · 17.03.2014, 23:10

So endlich durch

Der erste Scan hat nichts gefunden

Hier ist der Logfile von dem ESET

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=da4eb9140258c046937a8fd21c07b382
# engine=17483
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-17 10:06:02
# local_time=2014-03-17 11:06:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=5893 16776574 100 94 259275 12410259 0 0
# scanned=271251
# found=0
# cleaned=0
# scan_time=7810

cosinus · 17.03.2014, 23:13

Logs bitte immer posten!

Kaint · 17.03.2014, 23:46

Tut mir leid. Ich hatte den Log versehentlich
geschlossen und nicht wieder gefunden. Dachte wenn keine Funde sind wäre er nicht so wichtig. Soll ich den Scann noch mal machen oder ist der irgendwo anders?

cosinus · 17.03.2014, 23:56

Malarebytes öffnen und im Reiter Logdateien nachsehen

Kaint · 17.03.2014, 23:58

Danke. Sorry nochmal.

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.17.07

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16521
Miri :: WINGDING [Administrator]

Schutz: Aktiviert

17.03.2014 20:45:44
mbam-log-2014-03-17 (20-45-44).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 224178
Laufzeit: 5 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 18.03.2014, 00:07

TFC - Temp File Cleaner

Lade dir

TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.

Öffne die TFC.exe.
Vista und Win 7 User mit Rechtsklick "als Administrator starten".
Schließe alle anderen Programme.
Drücke auf den Button Start.
Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Kaint · 18.03.2014, 00:18

Habe gerade mal geschaut und es ist alles wieder in Ordnung so wie ich das beurteilen kann. Danke, dass du mir geholfen und dir die Zeit genommen hast. Und danke auch für die Tipps. Werde mir das auf jeden Fall noch einmal ansehen.
Wünsche dann noch einen schönen Abend(Nacht)

17.03.2014, 23:13	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows8: Werbelinks im Text auf diversen Internetseiten Logs bitte immer posten! __________________ Logfiles bitte immer in CODE-Tags posten

17.03.2014, 23:56	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows8: Werbelinks im Text auf diversen Internetseiten Malarebytes öffnen und im Reiter Logdateien nachsehen __________________ Logfiles bitte immer in CODE-Tags posten

Windows8: Werbelinks im Text auf diversen Internetseiten

Log-Analyse und Auswertung: Windows8: Werbelinks im Text auf diversen Internetseiten