Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 01.07.2014, 12:05   #1
ElCheffo
 
Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA - Standard

Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA



Hallo Board

Mein System soll von einem Trojaner befallen sein, so jedenfalls wurde es mir telefonisch von zwei seriösen Internetdienstanbietern mitgeteilt und von einem Dritten per Mail. Die Mail hier damit ihr mein Problem kennt:
Code:
ATTFilter
Hallo Herr *******,

mit dieser E-Mail möchten wir Sie davon in Kenntnis setzen, dass ein im Auftrag der Generalstaatsanwaltschaft Frankfurt am Main durch das Bundeskriminalamt geführtes Ermittlungsverfahren Folgendes ergeben hat:

Durch Einsatz einer als "Pony" bezeichneten Schadsoftware konnten unbekannte Täter Zugansdaten zu Ihrem SmartRunner Benutzerkonto, welches auf die E-Mail-Adresse *******@web.de angemeldet ist, ausspähen.
Die Infektion auf dem von Ihnen genutzten Computer erfolgte vermutlich durch die von Ihnen verwendete Hardware, welche mit der Schadsoftware "Pony" infiziert ist.

Nähere Informationen zur Schadsoftware "Pony" können Sie dem beigefügten Leitfaden entnehmen.

Freundliche Grüße

******
Marketing Manager & Assistentin der Geschäftsführung
APPSfactory GmbH
         
Ich habe nun selber nach Scannern bzw. Anti-Malware gesucht und ein paar Sachen laufen lassen, die Logs folgen gleich. Es wurde auch was gefunden aber ich möchte gerne Sicher sein das mein System wieder sauber ist...

Logs sind zu Groß, daher als Anhang


Dazu kommt noch das Problem das ich regelmäßig ein Laptop nutze von dem diese Logs jetzt auch sind und manchmal noch ein Netbook; sprich ich weiß nicht genau welches System mit dem genannten Trojaner infiziert ist... Was ich mit dem Netbook mache weiß ich noch nicht genau, vielleicht mache ich den komplett platt und setze ihn neu auf...

Vielen Dank schonmal für eure Hilfe!!!

Alt 01.07.2014, 12:44   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA - Standard

Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 01.07.2014, 13:30   #3
ElCheffo
 
Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA - Standard

Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA



Okay, fange ich mit den Logs der Antimalware an:

Code:
ATTFilter
IObit Malware Fighter

OS: Windows 8
Version: 2.4.1.15
Define Version: 1351
Time Elapsed: 00:57:21
Objects Scanned: 85158
Threats Found: 1
Save Time: 30.06.2014 10:41:28

|Name|Type|Description|ID|
Misleading.FakeAV, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs&C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\HELP\PLAYER\FLASHPLA.EXE, 2014767
         
Code:
ATTFilter
===================================================================
= Spy Emergency Start
= Anti-Spyware - Anti-Trojan - Anti-Spam 
= Build: 12.0.705.0 
= OS: Windows Vista+ 64-bit 
= Protokolldatei: 2014-06-30.txt
===================================================================


===================================================================
Start der Inspektion um: 2014/06/30  10:50:01
===================================================================
Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\ZEBVTSJQ.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\03NV2W63.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\0MNFR0SM.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\0NK1L1AS.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\0S49T1BW.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\1BMHAVY3.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\1MY0DIYC.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\1Y7GLVVV.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\23UNJGY4.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\2750ZUIB.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\2IGOG87F.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\2NJTRNDQ.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\2RKC8UGT.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\3V6S8D6B.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\4BT8WZZB.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\53FXPNHQ.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\7BFQZB0E.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\7PWAMIBM.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\81MBK3BD.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\8EA9CUYM.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\8KHL1123.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\8V9G83IX.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\9W1567U1.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\A964V9T6.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\AH5ZQM1T.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\AJ7Z2T2E.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\BMX6M9RT.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\BXBD1VDF.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\C3WFAWLU.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\C8N4GYLO.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\DFH00Z9A.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\DVPQNDG4.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\EAWSPGDQ.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\ECTHR3M2.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\ER1CYS0E.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\EXLTOTWJ.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\GG7WYN9B.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\HI4OE7HY.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\HWQ9QS6U.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\I3WEN6IC.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\INDUOU5N.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\J61PFPUF.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\JJ2DJ4KR.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\JRQ32DMQ.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\KHL8K6VF.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\LSAP12M0.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\MQ6N6I9B.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\MS6OT3Z7.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\NYVCMH27.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\OH96SCV7.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\OQ249YJG.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\P9YK7CVS.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\QCAJ2K7N.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\QJR7VNOG.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\QSJN0YOT.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\R634GC1E.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\RF7US13P.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\RT9WS4WD.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\RUMT5UEZ.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\RWKK4F3N.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\S1DKWZHL.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\SFV6IADD.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\SWFSNGR9.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\TXP6E9XX.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\UA9W7XPJ.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\UD4682LM.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\UZ4TLZ6D.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\VSZH2GI3.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\W6D3NZ1G.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\WEJ1ICDS.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\WPPZXQAS.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\WZAJNSUF.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\XAIQB9DI.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\XBYIGRGI.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\XEJTELJB.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\XN7A8CKN.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\YE5ODT6B.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\ZFMIGMGD.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Ergebnis Cookiesüberprüfung: Gefundene Infektionsignatur bei:
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\ZS15GMNF.txt (CFC)  (Internet Explorer)
	Infektionsname:
	Tracking Cookie

Dateidurchsuchung: Gefundene Infektionssignatur in:
	c:\windows\syswow64\msac3enc.dll (FPC:2[2309122]) 
	Infektionsname:
	Trojan.Win32.Malware

Dateidurchsuchung: Gefundene Infektionssignatur in:
	c:\windows\winsxs\x86_microsoft-windows-msac3enc_31bf3856ad364e35_6.3.9600.16384_none_397e9280973e0d1b\msac3enc.dll (FPC:2[2309122]) 
	Infektionsname:
	Trojan.Win32.Malware

===================================================================
Datenbank: 860 (20140630)
Pfad: [C:\]
Aktiver Suchtyp: Standard
Durchsuchte Prozesse: 27
Durchsuchte Registry: 99259
Durchsuchte Cookies: 1327
Durchsuchte Dateien: 228995
Gefundene Infektionen: 2/81
Abgelaufene Zeit: 605:29
Durchsuchung beendet um: 2014/06/30  20:55:33
===================================================================
Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\ZEBVTSJQ.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\03NV2W63.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\0MNFR0SM.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\0NK1L1AS.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\0S49T1BW.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\1BMHAVY3.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\1MY0DIYC.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\1Y7GLVVV.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\23UNJGY4.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\2750ZUIB.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\2IGOG87F.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\2NJTRNDQ.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\2RKC8UGT.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\3V6S8D6B.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\4BT8WZZB.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\53FXPNHQ.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\7BFQZB0E.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\7PWAMIBM.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\81MBK3BD.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\8EA9CUYM.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\8KHL1123.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\8V9G83IX.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\9W1567U1.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\A964V9T6.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\AH5ZQM1T.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\AJ7Z2T2E.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\BMX6M9RT.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\BXBD1VDF.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\C3WFAWLU.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\C8N4GYLO.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\DFH00Z9A.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\DVPQNDG4.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\EAWSPGDQ.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\ECTHR3M2.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\ER1CYS0E.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\EXLTOTWJ.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\GG7WYN9B.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\HI4OE7HY.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\HWQ9QS6U.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\I3WEN6IC.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\INDUOU5N.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\J61PFPUF.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\JJ2DJ4KR.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\JRQ32DMQ.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\KHL8K6VF.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\LSAP12M0.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\MQ6N6I9B.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\MS6OT3Z7.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\NYVCMH27.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\OH96SCV7.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\OQ249YJG.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\P9YK7CVS.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\QCAJ2K7N.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\QJR7VNOG.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\QSJN0YOT.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\R634GC1E.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\RF7US13P.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\RT9WS4WD.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\RUMT5UEZ.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\RWKK4F3N.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\S1DKWZHL.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\SFV6IADD.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\SWFSNGR9.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\TXP6E9XX.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\UA9W7XPJ.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\UD4682LM.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\UZ4TLZ6D.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\VSZH2GI3.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\W6D3NZ1G.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\WEJ1ICDS.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\WPPZXQAS.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\WZAJNSUF.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\XAIQB9DI.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\XBYIGRGI.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\XEJTELJB.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\XN7A8CKN.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\YE5ODT6B.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\ZFMIGMGD.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\users\chrissi\appdata\local\microsoft\windows\inetcookies\Low\ZS15GMNF.txt (Internet Explorer) Cookie

Entfernen: Löschen
	c:\windows\syswow64\msac3enc.dll Datei

Entfernen: Löschen
	c:\windows\winsxs\x86_microsoft-windows-msac3enc_31bf3856ad364e35_6.3.9600.16384_none_397e9280973e0d1b\msac3enc.dll Datei


===================================================================
= Spy Emergency Start
= Anti-Spyware - Anti-Trojan - Anti-Spam 
= Build: 12.0.705.0 
= OS: Windows Vista+ 64-bit 
= Protokolldatei: 2014-06-30.txt
===================================================================

Entgültig Entfernen: Datei:
	c:\windows\syswow64\msac3enc.dll

Entgültig Entfernen: Datei:
	c:\windows\winsxs\x86_microsoft-windows-msac3enc_31bf3856ad364e35_6.3.9600.16384_none_397e9280973e0d1b\msac3enc.dll
         
Code:
ATTFilter
IObit Malware Fighter

OS: Windows 8
Version: 2.4.1.15
Define Version: 1351
Time Elapsed: 00:17:41
Objects Scanned: 60517
Threats Found: 0
Save Time: 30.06.2014 21:20:39

|Name|Type|Description|ID|
         
Code:
ATTFilter
# AdwCleaner v3.214 - Bericht erstellt am 30/06/2014 um 22:26:12
# Aktualisiert 29/06/2014 von Xplode
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Chrissi - TOSHI
# Gestartet von : C:\Users\Chrissi\AppData\Local\Microsoft\Windows\INetCache\IE\461F4MPZ\adwcleaner_3.214.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Chrissi\Documents\Updater

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKCU\Software\Softonic

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [989 octets] - [30/06/2014 22:22:35]
AdwCleaner[S0].txt - [860 octets] - [30/06/2014 22:26:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [919 octets] ##########
         
__________________

Alt 01.07.2014, 13:33   #4
ElCheffo
 
Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA - Standard

Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA



und nun die vom FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-06-2014 02
Ran by Chrissi (administrator) on TOSHI on 01-07-2014 11:46:48
Running from C:\Users\Chrissi\Downloads
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Handle) C:\Users\Chrissi\AppData\Roaming\Win System\handle.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe
(NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Jumping Bytes) C:\Program Files (x86)\PureSync\PureSyncTray.exe
(NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyWow64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adblock) C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-27] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-20] (Synaptics Incorporated)
HKLM\...\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] => "C:\ProgramData\cis3138.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-02] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaDynamicIconUtility] => C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba)
HKLM-x32\...\Run: [TPUReg(x86)] => "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [6884352 2012-08-23] (Pegatron Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-26] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1601856 2014-05-23] (IObit)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2289284972-2644470871-447745967-1001\...\Run: [PureSync] => C:\Program Files (x86)\PureSync\PureSyncTray.exe [906928 2013-12-20] (Jumping Bytes)
HKU\S-1-5-21-2289284972-2644470871-447745967-1001\...\Run: [SpyEmergency] => C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe [3231032 2013-10-03] (NETGATE Technologies s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Chrissi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
SearchScopes: HKLM - DefaultScope {18459EE8-363E-4058-BC1A-88074DD5E9A6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM - {18459EE8-363E-4058-BC1A-88074DD5E9A6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {18459EE8-363E-4058-BC1A-88074DD5E9A6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - DefaultScope {18459EE8-363E-4058-BC1A-88074DD5E9A6} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKCU - {18459EE8-363E-4058-BC1A-88074DD5E9A6} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: No Name - {01F29AE5-D48D-417B-9D00-8A115C23A0EB} - C:\Users\Chrissi\AppData\LocalLow\systems ie bho\bho.dll ()
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Ads Removal - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Ads Removal) - C:\Users\Chrissi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-06-30]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-05-02] (Adobe Systems) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-26] (AVAST Software)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-14] () [File not signed]
R2 HandleService; C:\Users\Chrissi\AppData\Roaming\Win System\handle.exe [637952 2014-06-10] (Handle) [File not signed]
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-05-15] (IObit)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-09-27] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Securepoint VPN; C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe [40840 2014-02-14] () [File not signed]
R2 SpyEmrgSrv; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [3284008 2013-03-11] (NETGATE Technologies s.r.o.)
R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-26] ()
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 ERmvrDrv; C:\WINDOWS\system32\drivers\ERKRmvrDrv.sys [43608 2014-06-26] (ESET spol. s r.o.)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [122584 2014-06-30] (Malwarebytes Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-12] (PEGATRON)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-20] (Synaptics Incorporated)
R1 SpyEmrg; C:\Windows\System32\Drivers\spyemrg.sys [17240 2011-04-21] (NETGATE Technologies s.r.o.)
S3 SpyEmrgAccess; C:\Windows\System32\Drivers\spyemrg_access.sys [24408 2011-04-21] (NETGATE Technologies s.r.o.)
R3 SpyEmrgGuard; C:\Windows\System32\Drivers\spyemrg_guard.sys [18776 2011-04-21] (NETGATE Technologies s.r.o.)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-01 11:46 - 2014-07-01 11:47 - 00017649 _____ () C:\Users\Chrissi\Downloads\FRST.txt
2014-07-01 11:46 - 2014-07-01 11:46 - 00000000 ____D () C:\FRST
2014-07-01 11:44 - 2014-07-01 11:44 - 00000476 _____ () C:\Users\Chrissi\Downloads\defogger_disable.log
2014-07-01 11:44 - 2014-07-01 11:44 - 00000000 _____ () C:\Users\Chrissi\defogger_reenable
2014-06-30 22:30 - 2014-06-30 22:30 - 00000998 _____ () C:\Users\Chrissi\Desktop\AdwCleaner[S0].txt
2014-06-30 22:25 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-06-30 22:22 - 2014-06-30 22:26 - 00000000 ____D () C:\AdwCleaner
2014-06-30 22:15 - 2014-06-30 22:15 - 00001337 _____ () C:\Users\Chrissi\Desktop\mwam-300620142215.txt
2014-06-30 21:20 - 2014-06-30 21:20 - 00000209 _____ () C:\Users\Chrissi\Desktop\scan_2014-06-30-21-20 .txt
2014-06-30 21:15 - 2014-06-30 21:15 - 00380416 _____ () C:\Users\Chrissi\Downloads\ygnflrmi.exe
2014-06-30 21:14 - 2014-06-30 21:14 - 02083328 _____ (Farbar) C:\Users\Chrissi\Downloads\FRST64.exe
2014-06-30 21:13 - 2014-06-30 21:13 - 00050477 _____ () C:\Users\Chrissi\Downloads\Defogger.exe
2014-06-30 10:41 - 2014-06-30 10:41 - 00000382 _____ () C:\Users\Chrissi\Desktop\scan_2014-06-30-10-41 .txt
2014-06-30 10:32 - 2014-06-30 10:49 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\Spy Emergency
2014-06-30 10:32 - 2014-06-30 10:32 - 00001016 _____ () C:\Users\Public\Desktop\Spy Emergency.lnk
2014-06-30 10:32 - 2014-06-30 10:32 - 00000000 ____D () C:\ProgramData\NETGATE
2014-06-30 10:32 - 2014-06-30 10:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Emergency
2014-06-30 10:32 - 2014-06-30 10:32 - 00000000 ____D () C:\Program Files\NETGATE
2014-06-30 10:32 - 2011-04-21 11:31 - 00024408 _____ (NETGATE Technologies s.r.o.) C:\WINDOWS\system32\Drivers\spyemrg_access.sys
2014-06-30 10:32 - 2011-04-21 11:31 - 00018776 _____ (NETGATE Technologies s.r.o.) C:\WINDOWS\system32\Drivers\spyemrg_guard.sys
2014-06-30 10:32 - 2011-04-21 11:31 - 00017240 _____ (NETGATE Technologies s.r.o.) C:\WINDOWS\system32\Drivers\spyemrg.sys
2014-06-30 09:34 - 2014-06-30 20:58 - 00000000 ____D () C:\ProgramData\IObit
2014-06-30 09:34 - 2014-06-30 09:35 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\Win System
2014-06-30 09:34 - 2014-06-30 09:35 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\Security Systems
2014-06-30 09:34 - 2014-06-30 09:34 - 00001160 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-06-30 09:34 - 2014-06-30 09:34 - 00000000 ____D () C:\Users\Chrissi\AppData\Local\Google
2014-06-30 09:34 - 2014-06-30 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-06-30 09:33 - 2014-06-30 09:33 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\IObit
2014-06-30 09:33 - 2014-06-30 09:33 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-06-28 13:26 - 2014-06-30 21:36 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-28 13:25 - 2014-06-28 13:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Chrissi\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-28 13:25 - 2014-06-28 13:25 - 00001085 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-28 13:25 - 2014-06-28 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-28 13:25 - 2014-06-28 13:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-28 13:25 - 2014-06-28 13:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-28 13:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-28 13:25 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-06-28 13:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-06-28 13:04 - 2014-06-28 13:04 - 371542610 _____ () C:\WINDOWS\MEMORY.DMP
2014-06-28 13:04 - 2014-06-28 13:04 - 00285712 _____ () C:\WINDOWS\Minidump\062814-29718-01.dmp
2014-06-28 13:04 - 2014-06-28 13:04 - 00000000 ____D () C:\WINDOWS\Minidump
2014-06-27 21:10 - 2013-08-22 15:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140627-211035.backup
2014-06-26 13:06 - 2014-06-26 13:06 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-26 13:06 - 2014-06-26 13:06 - 00001362 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-26 13:06 - 2014-06-26 13:06 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-06-26 13:06 - 2014-06-26 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-26 13:05 - 2014-06-26 13:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-26 13:05 - 2014-06-26 13:08 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-26 13:05 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-06-26 13:02 - 2014-06-26 13:03 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Chrissi\Downloads\spybot-2.3.exe
2014-06-26 12:02 - 2014-06-26 12:02 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\AVAST Software
2014-06-26 12:01 - 2014-06-26 12:02 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-06-26 12:01 - 2014-06-26 12:01 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1403776881453
2014-06-26 12:01 - 2014-06-26 12:01 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1403776881453
2014-06-26 12:01 - 2014-06-26 12:01 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00334648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-06-26 12:01 - 2014-06-26 12:01 - 00208416 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00085328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-06-26 12:01 - 2014-06-26 12:01 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00001993 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-26 12:01 - 2014-06-26 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-26 12:00 - 2014-06-26 12:00 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-26 11:59 - 2014-06-26 11:59 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-26 11:58 - 2014-06-26 11:59 - 94714880 _____ (AVAST Software) C:\Users\Chrissi\Downloads\avast_free_antivirus_setup2018.exe
2014-06-26 11:52 - 2014-06-26 11:52 - 00000416 _____ () C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job
2014-06-26 10:51 - 2014-06-26 10:51 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-06-26 10:50 - 2014-06-26 11:48 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-06-26 10:06 - 2014-06-26 10:06 - 00043608 _____ (ESET spol. s r.o.) C:\WINDOWS\system32\Drivers\ERKRmvrDrv.sys
2014-06-18 20:00 - 2014-06-19 12:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-16 14:52 - 2014-05-09 01:06 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2014-06-15 18:40 - 2014-06-15 18:40 - 00000218 _____ () C:\Users\Chrissi\.recently-used.xbel
2014-06-15 12:53 - 2014-06-15 12:53 - 00026592 _____ () C:\Users\Chrissi\AppData\Local\recently-used.xbel
2014-06-13 11:40 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-06-13 11:40 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-06-13 11:40 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-06-13 11:40 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-06-13 11:40 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-06-13 11:40 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-06-13 11:40 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-06-13 11:40 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-06-13 11:40 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-06-13 11:40 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-06-13 11:40 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-06-13 11:40 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-06-13 11:40 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-06-13 11:40 - 2014-05-10 05:46 - 02151424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-06-13 11:40 - 2014-05-10 05:22 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-06-13 11:40 - 2014-05-05 06:02 - 03360256 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-06-13 11:40 - 2014-04-30 13:16 - 01336648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-06-13 11:40 - 2014-04-30 05:51 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-06-13 11:39 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-06-13 11:39 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-06-13 11:39 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-06-13 11:39 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-06-13 11:39 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-06-13 11:39 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-06-13 11:39 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-06-13 11:39 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-06-13 11:39 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-06-13 11:39 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-06-13 11:39 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-06-13 11:39 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-06-13 11:39 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-06-13 11:39 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-06-13 11:39 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-06-13 11:39 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-06-13 11:39 - 2014-05-03 09:14 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-06-13 11:39 - 2014-05-03 06:21 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-06-13 11:39 - 2014-05-03 06:07 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-06-13 11:39 - 2014-05-03 05:41 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-06-13 11:39 - 2014-05-03 05:38 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-06-13 11:39 - 2014-04-18 11:32 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-06-13 11:39 - 2014-04-18 10:09 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-06-13 11:39 - 2014-04-06 18:31 - 21268952 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-06-13 11:39 - 2014-04-06 17:22 - 18755672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-06-13 11:39 - 2014-04-06 13:55 - 16872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-06-13 11:39 - 2014-04-06 13:54 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-06-13 11:39 - 2014-04-03 10:12 - 02124840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-06-13 11:39 - 2014-04-03 09:59 - 02518872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-06-13 11:39 - 2014-04-03 09:59 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-06-13 11:39 - 2014-04-03 05:53 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-06-13 11:39 - 2014-04-03 04:53 - 04269056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-06-13 11:39 - 2014-03-31 00:54 - 01308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-06-13 11:39 - 2014-03-20 02:44 - 06645248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-06-13 11:39 - 2014-03-20 01:33 - 05774848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-06-13 11:39 - 2014-03-18 07:00 - 07173120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2014-06-13 11:39 - 2014-03-18 06:52 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2014-06-13 11:38 - 2014-05-19 08:31 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2014-06-13 11:38 - 2014-05-19 08:21 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2014-06-13 11:38 - 2014-05-19 07:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe
2014-06-13 11:38 - 2014-04-30 06:43 - 01975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2014-06-13 11:38 - 2014-04-30 06:26 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2014-06-13 11:38 - 2014-04-30 05:47 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2014-06-13 11:38 - 2014-04-18 16:57 - 00032600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-06-13 11:38 - 2014-04-18 16:44 - 01466856 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-06-13 11:38 - 2014-04-18 15:29 - 01200288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-06-13 11:38 - 2014-04-18 11:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2014-06-13 11:38 - 2014-04-18 10:58 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-06-13 11:38 - 2014-04-18 10:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-06-13 11:38 - 2014-04-18 10:21 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-06-13 11:38 - 2014-04-18 09:51 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-06-13 11:38 - 2014-04-18 09:49 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-06-13 11:38 - 2014-04-14 11:20 - 00324888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2014-06-13 11:38 - 2014-04-14 10:01 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2014-06-13 11:38 - 2014-04-11 08:13 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2014-06-13 11:38 - 2014-04-11 06:51 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-06-13 11:38 - 2014-04-11 06:23 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-06-13 11:38 - 2014-04-11 05:30 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-06-13 11:38 - 2014-04-09 13:53 - 00337240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-06-13 11:38 - 2014-04-09 08:39 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2014-06-13 11:38 - 2014-04-09 07:44 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2014-06-13 11:38 - 2014-04-09 06:35 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-06-13 11:38 - 2014-04-09 05:33 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2014-06-13 11:38 - 2014-04-08 04:01 - 00589656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2014-06-13 11:38 - 2014-04-06 18:34 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2014-06-13 11:38 - 2014-04-06 18:34 - 00275800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2014-06-13 11:38 - 2014-04-06 18:32 - 00125496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-06-13 11:38 - 2014-04-06 18:30 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2014-06-13 11:38 - 2014-04-06 18:24 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2014-06-13 11:38 - 2014-04-06 18:20 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-06-13 11:38 - 2014-04-06 18:20 - 01403856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-06-13 11:38 - 2014-04-06 18:20 - 01379064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-06-13 11:38 - 2014-04-06 18:20 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-06-13 11:38 - 2014-04-06 18:20 - 00765408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-06-13 11:38 - 2014-04-06 18:20 - 00609448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2014-06-13 11:38 - 2014-04-06 18:20 - 00491744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-06-13 11:38 - 2014-04-06 18:20 - 00467496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-06-13 11:38 - 2014-04-06 18:20 - 00463256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-06-13 11:38 - 2014-04-06 18:20 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-06-13 11:38 - 2014-04-06 18:20 - 00244880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-06-13 11:38 - 2014-04-06 18:20 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-06-13 11:38 - 2014-04-06 18:20 - 00028408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2014-06-13 11:38 - 2014-04-06 17:23 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-06-13 11:38 - 2014-04-06 17:22 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2014-06-13 11:38 - 2014-04-06 17:16 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-06-13 11:38 - 2014-04-06 17:16 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-06-13 11:38 - 2014-04-06 17:16 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-06-13 11:38 - 2014-04-06 17:16 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-06-13 11:38 - 2014-04-06 17:16 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2014-06-13 11:38 - 2014-04-06 17:16 - 00406504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-06-13 11:38 - 2014-04-06 17:16 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-06-13 11:38 - 2014-04-06 17:16 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-06-13 11:38 - 2014-04-06 17:16 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-06-13 11:38 - 2014-04-06 16:10 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-06-13 11:38 - 2014-04-06 14:58 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2014-06-13 11:38 - 2014-04-06 14:51 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2014-06-13 11:38 - 2014-04-06 14:33 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2014-06-13 11:38 - 2014-04-06 14:24 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2014-06-13 11:38 - 2014-04-06 14:06 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll
2014-06-13 11:38 - 2014-04-06 13:26 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2014-06-13 11:38 - 2014-04-06 13:20 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-06-13 11:38 - 2014-04-06 13:01 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-06-13 11:38 - 2014-04-06 12:52 - 00955904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-06-13 11:38 - 2014-04-06 12:51 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-06-13 11:38 - 2014-04-06 12:37 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-06-13 11:38 - 2014-04-06 12:36 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-06-13 11:38 - 2014-04-06 12:05 - 01222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2014-06-13 11:38 - 2014-04-06 11:59 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2014-06-13 11:38 - 2014-04-03 10:12 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2014-06-13 11:38 - 2014-04-03 10:12 - 00130144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2014-06-13 11:38 - 2014-04-03 06:03 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2014-06-13 11:38 - 2014-04-03 06:03 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2014-06-13 11:38 - 2014-04-03 04:53 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-06-13 11:38 - 2014-04-03 04:51 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-06-13 11:38 - 2014-04-03 04:23 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-06-13 11:38 - 2014-04-03 04:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-06-13 11:38 - 2014-04-03 04:23 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll
2014-06-13 11:38 - 2014-04-03 04:22 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2014-06-13 11:38 - 2014-04-01 08:23 - 00384856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-06-13 11:38 - 2014-03-31 07:42 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-06-13 11:38 - 2014-03-31 02:41 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-06-13 11:38 - 2014-03-31 02:01 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-06-13 11:38 - 2014-03-31 01:43 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-06-13 11:38 - 2014-03-31 00:49 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-06-13 11:38 - 2014-03-31 00:35 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-06-13 11:38 - 2014-03-31 00:11 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-06-13 11:38 - 2014-03-30 23:47 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-06-13 11:38 - 2014-03-28 17:58 - 00407016 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2014-06-13 11:38 - 2014-03-27 08:16 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-06-13 11:38 - 2014-03-27 07:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2014-06-13 11:38 - 2014-03-27 06:59 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-06-13 11:38 - 2014-03-27 06:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2014-06-13 11:38 - 2014-03-27 06:19 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-06-13 11:38 - 2014-03-27 05:46 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-06-13 11:38 - 2014-03-27 05:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-06-13 11:38 - 2014-03-27 05:10 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2014-06-13 11:38 - 2014-03-25 00:58 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-06-13 11:38 - 2014-03-20 05:48 - 00263424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-06-13 11:38 - 2014-03-19 10:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2014-06-13 11:38 - 2014-03-19 10:07 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-06-13 11:38 - 2014-03-19 09:24 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-06-13 11:38 - 2014-03-19 09:17 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2014-06-13 11:38 - 2014-03-19 08:36 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-06-13 11:38 - 2014-03-19 07:56 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-06-13 11:38 - 2014-03-19 07:45 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-06-13 11:38 - 2014-03-19 07:19 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-06-13 11:38 - 2014-03-19 07:07 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-06-13 11:38 - 2014-03-19 07:02 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-06-13 11:38 - 2014-03-19 07:00 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-06-13 11:38 - 2014-03-19 06:51 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-06-13 11:38 - 2014-03-19 06:31 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-06-13 11:38 - 2014-03-19 06:18 - 02688000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-06-13 11:38 - 2014-03-18 10:19 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-06-13 11:38 - 2014-03-17 07:09 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-06-13 11:38 - 2014-03-17 06:11 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-06-13 11:38 - 2014-03-17 05:01 - 00486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-06-13 11:38 - 2014-03-17 04:47 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-06-13 11:38 - 2014-03-17 04:45 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-06-13 11:38 - 2014-03-14 08:26 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2014-06-13 11:38 - 2014-03-14 08:10 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2014-06-13 11:38 - 2014-03-06 14:42 - 00310616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-06-13 11:37 - 2014-05-01 15:31 - 03048904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-06-13 11:37 - 2014-05-01 15:31 - 00055328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2014-06-13 11:37 - 2014-05-01 09:14 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-06-13 11:37 - 2014-05-01 09:05 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-06-13 11:37 - 2014-05-01 08:51 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-06-13 11:37 - 2014-05-01 07:24 - 02834944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2014-06-13 11:23 - 2014-06-13 11:23 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2014-06-13 11:23 - 2014-06-13 11:23 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2014-06-06 09:19 - 2014-06-06 09:19 - 00011907 _____ () C:\Users\Chrissi\Documents\Formular Kahmann.xlsx

==================== One Month Modified Files and Folders =======

2014-07-01 11:47 - 2014-07-01 11:46 - 00017649 _____ () C:\Users\Chrissi\Downloads\FRST.txt
2014-07-01 11:46 - 2014-07-01 11:46 - 00000000 ____D () C:\FRST
2014-07-01 11:44 - 2014-07-01 11:44 - 00000476 _____ () C:\Users\Chrissi\Downloads\defogger_disable.log
2014-07-01 11:44 - 2014-07-01 11:44 - 00000000 _____ () C:\Users\Chrissi\defogger_reenable
2014-07-01 11:44 - 2014-01-05 01:39 - 00000000 ____D () C:\Users\Chrissi
2014-07-01 11:42 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-01 11:40 - 2014-01-05 11:57 - 00000000 __RDO () C:\Users\Chrissi\SkyDrive
2014-07-01 11:40 - 2014-01-05 02:01 - 02047523 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-30 22:30 - 2014-06-30 22:30 - 00000998 _____ () C:\Users\Chrissi\Desktop\AdwCleaner[S0].txt
2014-06-30 22:27 - 2013-11-14 00:18 - 00010194 _____ () C:\WINDOWS\PFRO.log
2014-06-30 22:27 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-30 22:26 - 2014-06-30 22:22 - 00000000 ____D () C:\AdwCleaner
2014-06-30 22:26 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-06-30 22:15 - 2014-06-30 22:15 - 00001337 _____ () C:\Users\Chrissi\Desktop\mwam-300620142215.txt
2014-06-30 21:36 - 2014-06-28 13:26 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-30 21:25 - 2013-01-19 00:25 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2289284972-2644470871-447745967-1001
2014-06-30 21:20 - 2014-06-30 21:20 - 00000209 _____ () C:\Users\Chrissi\Desktop\scan_2014-06-30-21-20 .txt
2014-06-30 21:15 - 2014-06-30 21:15 - 00380416 _____ () C:\Users\Chrissi\Downloads\ygnflrmi.exe
2014-06-30 21:14 - 2014-06-30 21:14 - 02083328 _____ (Farbar) C:\Users\Chrissi\Downloads\FRST64.exe
2014-06-30 21:13 - 2014-06-30 21:13 - 00050477 _____ () C:\Users\Chrissi\Downloads\Defogger.exe
2014-06-30 20:58 - 2014-06-30 09:34 - 00000000 ____D () C:\ProgramData\IObit
2014-06-30 13:56 - 2014-02-03 16:42 - 00000000 ____D () C:\Program Files (x86)\FireOffice
2014-06-30 10:49 - 2014-06-30 10:32 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\Spy Emergency
2014-06-30 10:41 - 2014-06-30 10:41 - 00000382 _____ () C:\Users\Chrissi\Desktop\scan_2014-06-30-10-41 .txt
2014-06-30 10:32 - 2014-06-30 10:32 - 00001016 _____ () C:\Users\Public\Desktop\Spy Emergency.lnk
2014-06-30 10:32 - 2014-06-30 10:32 - 00000000 ____D () C:\ProgramData\NETGATE
2014-06-30 10:32 - 2014-06-30 10:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Emergency
2014-06-30 10:32 - 2014-06-30 10:32 - 00000000 ____D () C:\Program Files\NETGATE
2014-06-30 09:35 - 2014-06-30 09:34 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\Win System
2014-06-30 09:35 - 2014-06-30 09:34 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\Security Systems
2014-06-30 09:34 - 2014-06-30 09:34 - 00001160 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-06-30 09:34 - 2014-06-30 09:34 - 00000000 ____D () C:\Users\Chrissi\AppData\Local\Google
2014-06-30 09:34 - 2014-06-30 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-06-30 09:33 - 2014-06-30 09:33 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\IObit
2014-06-30 09:33 - 2014-06-30 09:33 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-06-28 13:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-06-28 13:57 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-06-28 13:56 - 2013-09-06 22:21 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-28 13:52 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-06-28 13:25 - 2014-06-28 13:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Chrissi\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-28 13:25 - 2014-06-28 13:25 - 00001085 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-28 13:25 - 2014-06-28 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-28 13:25 - 2014-06-28 13:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-28 13:25 - 2014-06-28 13:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-28 13:04 - 2014-06-28 13:04 - 371542610 _____ () C:\WINDOWS\MEMORY.DMP
2014-06-28 13:04 - 2014-06-28 13:04 - 00285712 _____ () C:\WINDOWS\Minidump\062814-29718-01.dmp
2014-06-28 13:04 - 2014-06-28 13:04 - 00000000 ____D () C:\WINDOWS\Minidump
2014-06-26 13:13 - 2014-06-26 13:05 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-26 13:08 - 2014-06-26 13:05 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-26 13:06 - 2014-06-26 13:06 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-26 13:06 - 2014-06-26 13:06 - 00001362 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-26 13:06 - 2014-06-26 13:06 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-06-26 13:06 - 2014-06-26 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-26 13:03 - 2014-06-26 13:02 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Chrissi\Downloads\spybot-2.3.exe
2014-06-26 12:02 - 2014-06-26 12:02 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\AVAST Software
2014-06-26 12:02 - 2014-06-26 12:01 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-06-26 12:01 - 2014-06-26 12:01 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1403776881453
2014-06-26 12:01 - 2014-06-26 12:01 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1403776881453
2014-06-26 12:01 - 2014-06-26 12:01 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00334648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-06-26 12:01 - 2014-06-26 12:01 - 00208416 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00085328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-06-26 12:01 - 2014-06-26 12:01 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00001993 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-26 12:01 - 2014-06-26 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-26 12:00 - 2014-06-26 12:00 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-26 11:59 - 2014-06-26 11:59 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-26 11:59 - 2014-06-26 11:58 - 94714880 _____ (AVAST Software) C:\Users\Chrissi\Downloads\avast_free_antivirus_setup2018.exe
2014-06-26 11:52 - 2014-06-26 11:52 - 00000416 _____ () C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job
2014-06-26 11:50 - 2013-03-13 10:53 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-06-26 11:49 - 2013-01-19 14:34 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-26 11:49 - 2013-01-19 14:34 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\WildTangent
2014-06-26 11:49 - 2012-11-11 01:20 - 00000000 ____D () C:\ProgramData\WildTangent
2014-06-26 11:49 - 2012-11-11 01:20 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA Games
2014-06-26 11:48 - 2014-06-26 10:50 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-06-26 10:51 - 2014-06-26 10:51 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-06-26 10:45 - 2013-03-13 10:55 - 01474832 _____ () C:\WINDOWS\system32\Drivers\sfi.dat
2014-06-26 10:30 - 2014-03-27 15:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-26 10:06 - 2014-06-26 10:06 - 00043608 _____ (ESET spol. s r.o.) C:\WINDOWS\system32\Drivers\ERKRmvrDrv.sys
2014-06-19 12:24 - 2014-06-18 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-18 15:43 - 2014-02-28 13:18 - 00043371 _____ () C:\Users\Chrissi\bikeXperience.log
2014-06-15 18:40 - 2014-06-15 18:40 - 00000218 _____ () C:\Users\Chrissi\.recently-used.xbel
2014-06-15 18:19 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-15 18:19 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-06-15 18:19 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-06-15 13:27 - 2014-04-11 13:33 - 00000000 ____D () C:\Users\Chrissi\.gimp-2.8
2014-06-15 12:53 - 2014-06-15 12:53 - 00026592 _____ () C:\Users\Chrissi\AppData\Local\recently-used.xbel
2014-06-15 12:53 - 2014-04-11 13:38 - 00000000 ____D () C:\Users\Chrissi\AppData\Local\gtk-2.0
2014-06-14 14:58 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-06-13 19:58 - 2013-08-22 16:44 - 00474344 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-06-13 12:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-06-13 12:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-06-13 12:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-06-13 12:12 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-06-13 12:12 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-06-13 12:12 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-06-13 12:11 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-06-13 12:11 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-06-13 12:10 - 2013-01-19 14:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-13 11:23 - 2014-06-13 11:23 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2014-06-13 11:23 - 2014-06-13 11:23 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2014-06-13 11:23 - 2013-08-22 16:46 - 00296878 _____ () C:\WINDOWS\setupact.log
2014-06-06 09:19 - 2014-06-06 09:19 - 00011907 _____ () C:\Users\Chrissi\Documents\Formular Kahmann.xlsx
2014-06-01 17:17 - 2013-01-18 21:07 - 95414520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationCore.dll
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationFramework.dll
C:\Users\ADMINI~1\AppData\Local\Temp\ReachFramework.dll
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationProvider.dll
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationTypes.dll
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsBase.dll
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsFormsIntegration.dll
C:\Users\Chrissi\AppData\Local\Temp\FoxySecure_IE_FF_12-02-2014_Version_5_Setup.exe
C:\Users\Chrissi\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-30 22:12

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2014 02
Ran by Chrissi at 2014-07-01 11:49:07
Running from C:\Users\Chrissi\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Spy Emergency (Enabled - Up to date) {A77BE48A-B776-F747-8A39-C3ECDC95366D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C4400 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.13992 - Landesfinanzdirektion Thüringen)
Exif-Viewer 2.51  (HKLM-x32\...\Exif-Viewer) (Version: 2.51 - Ralf Bibinger)
FireOffice (HKLM-x32\...\{0B5CD18C-3A6E-46B8-8BA6-DAEFE422D8D1}_is1) (Version:  - TRICOMB)
Foxy Secure (HKLM-x32\...\Foxy Secure) (Version:  - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart C4400 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{886E586A-9121-4515-9C18-2C04202614B2}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33268) (Version: 3.6.1.33268.15 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.4 - IObit)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Luminance HDR 2.4.0 (HKLM-x32\...\{7020FC34-6E04-4858-924D-354B28CB2402}_is1) (Version:  - Luminance HDR Dev Team)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Nero 12 Essentials Toshiba (HKLM-x32\...\{BA8958DC-ADD7-41E5-8436-5883C7E871C7}) (Version: 12.0.00400 - Nero AG)
Nero BackItUp (x32 Version: 12.0.1000 - Nero AG) Hidden
Nero BackItUp Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.12600 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero BurnRights (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero BurnRights Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.14800.0.48 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.17600.2.3 - Nero AG) Hidden
Nero Express (x32 Version: 12.0.14001 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Kwik Media (x32 Version: 1.18.16800 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 12.0.4000 - Nero AG) Hidden
Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.1000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.7002 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4600 - SRS Labs, Inc.)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
PS_AIO_03_C4400_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
PureSync (x32 Version: 3.7.9 - Jumping Bytes) Hidden
PureSync 3.7.9 (HKLM-x32\...\PureSync) (Version: 3.7.9 - Jumping Bytes)
Realtek Bluetooth Filter Driver Package (HKLM-x32\...\InstallShield_{0CC0980D-811D-43B8-A455-8D150EB5BC0D}) (Version: 12.24.2012.0802 - REALTEK Semiconductor Corp)
Realtek Bluetooth Filter Driver Package (x32 Version: 12.24.2012.0802 - REALTEK Semiconductor Corp) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6738 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Rossmann Fotowelt Software 4.13 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Securepoint SSL VPN (HKLM-x32\...\{3A903356-AFF9-4CAF-BCEA-78B99427006E}) (Version: 1.0.3 - Securepoint GmbH)
Securepoint SSL VPN (HKLM-x32\...\Securepoint SSL VPN) (Version:  - Securepoint GmbH)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spy Emergency (HKLM\...\Spy Emergency_is1) (Version:  - NETGATE Technologies s.r.o.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.2 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
Toshiba Password Utility (HKLM-x32\...\InstallShield_{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}) (Version: 2.00.910 - Toshiba Corporation)
Toshiba Password Utility (x32 Version: 2.00.910 - Toshiba Corporation) Hidden
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
Toshiba Places Icon Utility (HKLM\...\{C991A8C4-307C-4FDD-8AAE-A1BF44881E95}) (Version: 2.1.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.5.0 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
UFRaw 0.19.2 (HKLM-x32\...\UFRaw_is1) (Version:  - Udi Fuchs)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Welcome App (Start-up experience) (x32 Version: 12.0.13000 - Nero AG) Hidden
Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth  (07/11/2012 2.3.13.3) (HKLM\...\57F58DC141BEB353704E041792E5B00606694FEA) (Version: 07/11/2012 2.3.13.3 - Realtek Semiconductor Corp.)

==================== Restore Points  =========================

13-06-2014 09:20:17 Windows Update
25-06-2014 20:20:56 Windows Update

==================== Hosts content: ==========================

2013-08-22 15:25 - 2014-06-27 21:10 - 00450709 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {02063348-FD1F-4D87-A30B-DC2DD0AE8767} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0CD45EEE-BA60-402C-83D0-7AE300826A81} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-07-18] (Toshiba Europe GmbH)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {239AD376-4632-4037-84D6-B2BC03729AC3} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {24D8AB9C-2E09-496A-AFBC-6C7E4E8B39C7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {32EBC778-E3E1-4682-A510-3448859E2F4F} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3AF09238-F583-48D0-9105-63F17CFB3DBE} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {437257C9-3D93-4F0D-AF98-DAD6B71FEC16} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4D94B5C4-D337-401C-8565-2AA2CFF2AEEB} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {51CD1EF4-2F95-4D31-ABFE-7B9B764225C5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-06-01] (Microsoft Corporation)
Task: {53E09675-A99F-46F1-BA6A-84FFAB8AD269} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {76F73CF9-5242-468D-A79E-FE62292533EF} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-28] (TOSHIBA Corporation)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7C2EC474-CC79-445A-B17F-DBC38200164B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-26] (AVAST Software)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A23F4AFD-7373-4FC3-B22C-8C5503114AC2} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {AB89D44F-8D9A-41F0-A524-D283F81C08BE} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {ACA3C9F3-460C-4884-8BAF-79C81168A2E7} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {ED3A08DB-0FAC-4377-A465-051F55E911C7} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {FDEE6235-C733-46FA-B870-BCA1085D979B} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {FF6CFD37-098F-4275-B00F-C828E8F218E8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job => C:\ProgramData\cis3138.exe

==================== Loaded Modules (whitelisted) =============

2011-10-14 00:38 - 2011-10-14 00:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2014-02-14 14:18 - 2014-02-14 14:18 - 00040840 _____ () C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe
2014-06-30 10:32 - 2007-11-02 16:20 - 00243712 _____ () C:\Program Files\NETGATE\Spy Emergency\SSLEAY32.dll
2014-06-30 10:32 - 2007-11-02 16:20 - 01403904 _____ () C:\Program Files\NETGATE\Spy Emergency\LIBEAY32.dll
2014-06-30 10:32 - 2007-09-04 15:25 - 00198144 _____ () C:\Program Files\NETGATE\Spy Emergency\unrar.dll
2012-07-19 04:38 - 2012-07-19 04:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-19 04:38 - 2012-07-19 04:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-14 05:13 - 2012-08-14 05:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2012-12-14 03:42 - 2012-12-14 03:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-31 09:11 - 2012-07-31 09:11 - 00024576 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\de\TosDILangPack.resources.dll
2014-06-30 20:58 - 2014-06-30 20:58 - 02789376 _____ () C:\Program Files\AVAST Software\Avast\defs\14063001\algo.dll
2014-06-30 09:35 - 2014-06-30 09:35 - 00374272 _____ () C:\Users\Chrissi\AppData\Roaming\Win System\sub\default.dll
2014-06-26 13:05 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-06-26 13:05 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-06-26 13:05 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-06-26 13:05 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-06-26 13:05 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-11-11 01:01 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-09-10 23:02 - 2012-08-02 00:01 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
2012-09-10 23:02 - 2012-08-02 00:01 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
2012-09-10 23:02 - 2012-08-02 00:01 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2012-09-10 23:02 - 2012-08-02 00:01 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2012-09-10 23:02 - 2012-08-02 00:01 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2012-09-10 23:02 - 2012-08-02 00:01 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
2012-09-10 23:02 - 2012-08-02 00:01 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2012-09-10 23:02 - 2012-08-02 00:01 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2012-09-10 23:02 - 2012-08-02 00:01 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2012-09-10 23:02 - 2012-08-02 00:01 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2012-09-10 23:02 - 2012-08-02 00:01 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2012-09-10 23:02 - 2012-08-02 00:01 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2014-06-26 12:00 - 2014-06-26 12:01 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-30 09:33 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
2014-06-30 09:33 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
2014-06-30 09:33 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl
2014-06-30 09:33 - 2013-12-12 18:46 - 08001344 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\WebUI.dll
2014-06-30 09:33 - 2013-10-16 22:17 - 00185168 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\libcurl-4.dll
2014-06-30 09:33 - 2013-05-16 19:26 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2014-06-30 09:33 - 2013-05-16 19:26 - 00145216 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2014-06-30 09:34 - 2014-06-11 13:25 - 03296768 _____ () C:\Users\Chrissi\AppData\LocalLow\systems ie bho\bho.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Chrissi\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: Adobe LM Service => 3
MSCONFIG\Services: Adobe Version Cue CS2 => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: GeekBuddyRSP => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: Securepoint VPN => 2
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Adobe Version Cue CS2"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "HP Software Update"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/30/2014 02:02:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2154

Startzeit: 01cf945a74588260

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\syswow64\wwahost.exe

Berichts-ID: 68caaf1b-004e-11e4-bea8-7054d2313be7

Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_2.8.0.1001_x86__kzf8qxf38zg5c

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (06/30/2014 01:42:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1ad4

Startzeit: 01cf94568af4158e

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\syswow64\wwahost.exe

Berichts-ID: a19b29e2-004b-11e4-bea8-7054d2313be7

Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_2.8.0.1001_x86__kzf8qxf38zg5c

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (06/30/2014 10:29:48 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (06/30/2014 10:29:44 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (06/30/2014 10:29:35 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (06/30/2014 10:29:35 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (06/30/2014 09:31:41 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (06/30/2014 09:31:36 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (06/30/2014 09:31:27 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (06/30/2014 09:31:27 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.


System errors:
=============
Error: (06/30/2014 10:28:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%127

Error: (06/30/2014 10:28:34 PM) (Source: DCOM) (EventID: 10016) (User: TOSHI)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ToshiChrissiS-1-5-21-2289284972-2644470871-447745967-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (06/30/2014 10:27:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%127

Error: (06/30/2014 09:32:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/30/2014 08:58:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%127

Error: (06/30/2014 08:58:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%127

Error: (06/30/2014 08:57:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%127

Error: (06/30/2014 10:48:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "IMF Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/30/2014 09:34:56 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Handle Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/30/2014 09:12:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%127


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-06-26 10:22:33.191
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-26 10:22:28.521
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\cmdcsr.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-26 09:47:59.052
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-26 09:07:07.196
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-25 22:24:08.616
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\cmdcsr.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-25 22:24:07.600
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\cmdcsr.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-25 22:22:22.926
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-21 21:31:08.878
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\cmdcsr.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-21 21:30:43.294
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\cmdcsr.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-21 21:30:43.044
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\cmdcsr.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 40%
Total physical RAM: 3977.22 MB
Available physical RAM: 2355.36 MB
Total Pagefile: 8073.22 MB
Available Pagefile: 6250.8 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (TI30992300A) (Fixed) (Total:454.95 GB) (Free:395.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Alt 01.07.2014, 13:34   #5
ElCheffo
 
Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA - Standard

Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA



und gmer:

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-01 12:14:52
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002f TOSHIBA_MQ01ABD050 rev.AX003M 465,76GB
Running: ygnflrmi.exe; Driver: C:\Users\Chrissi\AppData\Local\Temp\axddipob.sys


---- User code sections - GMER 2.1 ----

.text    C:\WINDOWS\system32\wininit.exe[704] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                                00007ffbb10d553d 1 byte [62]
.text    C:\WINDOWS\system32\services.exe[808] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                               00007ffbb10d553d 1 byte [62]
.text    C:\WINDOWS\system32\lsass.exe[816] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                                  00007ffbb10d553d 1 byte [62]
.text    C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                                00007ffbb10d553d 1 byte [62]
.text    C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                                00007ffbb10d553d 1 byte [62]
.text    C:\WINDOWS\System32\svchost.exe[340] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                                00007ffbb10d553d 1 byte [62]
.text    C:\WINDOWS\system32\svchost.exe[576] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                                00007ffbb10d553d 1 byte [62]
.text    C:\WINDOWS\system32\svchost.exe[600] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                                00007ffbb10d553d 1 byte [62]
.text    C:\WINDOWS\System32\svchost.exe[620] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                                00007ffbb10d553d 1 byte [62]
.text    C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1072] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                      00007ffbb10d553d 1 byte [62]
.text    C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                               00007ffbb10d553d 1 byte [62]
.text    C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe[1396] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                  00007ffbb10d553d 1 byte [62]
.text    C:\WINDOWS\System32\spoolsv.exe[1512] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                               00007ffbb10d553d 1 byte [62]
.text    C:\WINDOWS\system32\svchost.exe[1544] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                               00007ffbb10d553d 1 byte [62]
.text    C:\WINDOWS\system32\dashost.exe[1984] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                               00007ffbb10d553d 1 byte [62]
.text    C:\Program Files\Intel\iCLS Client\HeciServer.exe[2000] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                             00007ffbb10d553d 1 byte [62]
.text    C:\WINDOWS\system32\svchost.exe[3180] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                               00007ffbb10d553d 1 byte [62]
.text    C:\Windows\system32\TODDSrv.exe[3272] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                               00007ffbb10d553d 1 byte [62]
.text    C:\Program Files\TOSHIBA\Teco\TecoService.exe[3332] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                 00007ffbb10d553d 1 byte [62]
.text    C:\WINDOWS\system32\SearchIndexer.exe[3628] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                         00007ffbb10d553d 1 byte [62]
.text    C:\WINDOWS\system32\svchost.exe[3768] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                               00007ffbb10d553d 1 byte [62]
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[4308] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                         00007ffbb10d553d 1 byte [62]
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[4344] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                         00007ffbb10d553d 1 byte [62]
.text    C:\WINDOWS\system32\wbem\unsecapp.exe[4536] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                         00007ffbb10d553d 1 byte [62]
.text    C:\WINDOWS\System32\dwm.exe[3384] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                                   00007ffbb10d553d 1 byte [62]
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4984] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                00007ffbb10d553d 1 byte [62]
.text    C:\WINDOWS\system32\taskhostex.exe[4852] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                            00007ffbb10d553d 1 byte [62]
.text    C:\Windows\System32\SettingSyncHost.exe[1316] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                       00007ffbb10d553d 1 byte [62]
.text    C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[2572] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                             00007ffbb10d553d 1 byte [62]
.text    C:\Program Files\TOSHIBA\Teco\TecoResident.exe[2624] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                00007ffbb10d553d 1 byte [62]
.text    C:\Windows\System32\igfxpers.exe[3604] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                              00007ffbb10d553d 1 byte [62]
.text    C:\Windows\System32\igfxpers.exe[3604] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                             00007ffbb093169a 4 bytes [93, B0, FB, 7F]
.text    C:\Windows\System32\igfxpers.exe[3604] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                             00007ffbb09316a2 4 bytes [93, B0, FB, 7F]
.text    C:\Windows\System32\igfxpers.exe[3604] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                00007ffbb093181a 4 bytes [93, B0, FB, 7F]
.text    C:\Windows\System32\igfxpers.exe[3604] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                00007ffbb0931832 4 bytes [93, B0, FB, 7F]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5152] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                00007ffbb093169a 4 bytes [93, B0, FB, 7F]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5152] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                00007ffbb09316a2 4 bytes [93, B0, FB, 7F]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5152] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                   00007ffbb093181a 4 bytes [93, B0, FB, 7F]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5152] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                   00007ffbb0931832 4 bytes [93, B0, FB, 7F]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5192] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                             00007ffbb093169a 4 bytes [93, B0, FB, 7F]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5192] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                             00007ffbb09316a2 4 bytes [93, B0, FB, 7F]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5192] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                00007ffbb093181a 4 bytes [93, B0, FB, 7F]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5192] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                00007ffbb0931832 4 bytes [93, B0, FB, 7F]
.text    C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe[1348] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 165                                                         00007ffbb10d553d 1 byte [62]
.text    C:\WINDOWS\system32\wbem\unsecapp.exe[2816] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                         00007ffbb10d553d 1 byte [62]
.text    C:\Program Files\Internet Explorer\iexplore.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                          00007ffbb2d25b5c 6 bytes {NOP ; JMP 0xffffffff8015ac00}
.text    C:\Program Files\Internet Explorer\iexplore.exe[5596] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                            00007ffbb2d28274 6 bytes {NOP ; JMP 0xffffffff80158130}
.text    C:\Program Files\Internet Explorer\iexplore.exe[5596] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 165                                                                               00007ffbb10d553d 1 byte [62]
.text    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[6520] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                    00007ffbb10d553d 1 byte [62]
.text    C:\WINDOWS\explorer.exe[6288] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                                       00007ffbb10d553d 1 byte [62]
.text    C:\WINDOWS\system32\DllHost.exe[3016] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                               00007ffbb10d553d 1 byte [62]

---- Threads - GMER 2.1 ----

Thread   C:\WINDOWS\system32\csrss.exe [1320:5676]                                                                                                                                                 fffff96000945b90
Thread   C:\WINDOWS\syswow64\wwahost.exe [2172:4380]                                                                                                                                               0000000077aa6d91
Thread   C:\WINDOWS\syswow64\wwahost.exe [2172:5056]                                                                                                                                               0000000077aa6d91
Thread   C:\WINDOWS\syswow64\wwahost.exe [2172:1764]                                                                                                                                               0000000077aa6d91
Thread   C:\WINDOWS\syswow64\wwahost.exe [2172:4492]                                                                                                                                               0000000077aa6d91
Thread   C:\WINDOWS\syswow64\wwahost.exe [2172:4968]                                                                                                                                               0000000073dfa172
Thread   C:\WINDOWS\syswow64\wwahost.exe [2172:3092]                                                                                                                                               0000000077266241
Thread   C:\WINDOWS\syswow64\wwahost.exe [2172:4756]                                                                                                                                               00000000736fa797
Thread   C:\WINDOWS\syswow64\wwahost.exe [2172:6988]                                                                                                                                               0000000077266241
Thread   C:\WINDOWS\syswow64\wwahost.exe [2172:5776]                                                                                                                                               00000000736f46ea
Thread   C:\WINDOWS\syswow64\wwahost.exe [2172:7144]                                                                                                                                               0000000075840ca7
Thread   C:\WINDOWS\syswow64\wwahost.exe [2172:764]                                                                                                                                                0000000075840ca7
Thread   C:\WINDOWS\syswow64\wwahost.exe [2172:2292]                                                                                                                                               0000000077aa6d91
Thread   C:\WINDOWS\syswow64\wwahost.exe [2172:3568]                                                                                                                                               0000000077aa6d91
Thread   C:\WINDOWS\syswow64\wwahost.exe [2172:6668]                                                                                                                                               0000000075840ca7
Thread   C:\WINDOWS\syswow64\wwahost.exe [2172:5476]                                                                                                                                               0000000077266241
Thread   C:\WINDOWS\syswow64\wwahost.exe [2172:7156]                                                                                                                                               0000000077266241
---- Processes - GMER 2.1 ----

Process  C:\Users\Chrissi\AppData\Roaming\Win System\handle.exe (*** suspicious ***) @ C:\Users\Chrissi\AppData\Roaming\Win System\handle.exe [1932] (Handle Service/Handle)(2014-06-30 07:34:55)  0000000000400000
Library  C:\Users\Chrissi\AppData\Roaming\Win System\sub\default.dll (*** suspicious ***) @ C:\Users\Chrissi\AppData\Roaming\Win System\handle.exe [1932](2014-06-30 07:35:07)                     0000000001620000
Library  C:\Users\Chrissi\AppData\LocalLow\SYSTEM~1\bho.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [5964](2014-06-30 07:34:40)                               0000000005840000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                                     unknown MBR code

---- EOF - GMER 2.1 ----
         


Alt 02.07.2014, 08:12   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA - Standard

Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA



sieht gut aus.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA

Alt 02.07.2014, 08:46   #7
ElCheffo
 
Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA - Standard

Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA



Vielen Dank schonmal!

Leider bin ich heute beruflich unterwegs und werde wohl erst morgen Mittag dazu kommen am Laptop weiter zu machen. Ich poste die Logs dann umgehend.

Schönen Gruß

Alt 02.07.2014, 14:50   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA - Standard

Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA



ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.07.2014, 16:06   #9
ElCheffo
 
Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA - Standard

Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA



So, endlich geschafft...

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=212b469d6926da4c86b3bb7a397df820
# engine=19004
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-03 02:37:05
# local_time=2014-07-03 04:37:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777214 100 95 444820 621444 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1743898 29279518 0 0
# scanned=251011
# found=5
# cleaned=0
# scan_time=9655
sh=BBD7A2AC1E027E7ED0CFA567CF06E86D22B2A665 ft=1 fh=55978f7f5077c75a vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2289284972-2644470871-447745967-1001\$ROQIU8V.exe"
sh=15036F525E679E098CF9B51EDFD6BD0376EE1962 ft=1 fh=41cf16a2b1878574 vn="Variante von Win32/SoftonicDownloader.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Chrissi\AppData\Local\Microsoft\Windows\INetCache\IE\BVTPNZA6\SoftonicDownloader_fuer_iobit-malware-fighter.exe"
sh=044DDFEA399A3CFAF13C2E6DA9134BD407819D4C ft=1 fh=eb811e610ce62343 vn="Variante von Win32/SoftonicDownloader.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Chrissi\AppData\Local\Microsoft\Windows\INetCache\IE\BVTPNZA6\SoftonicDownloader_fuer_spy-emergency.exe"
sh=126F730B1A5AA36A0DFB73B965C5CFA6BA74FF8E ft=1 fh=b8bf32c30c8163d5 vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="D:\Download\FortuneCookieNF_downloader_by_Ffonts.exe"
sh=8DC5A960FFF0584272561B28C82786D3F3E9ACED ft=0 fh=0000000000000000 vn="Variante von Win32/PSWTool.MailPassView.E potenziell unsichere Anwendung" ac=I fn="D:\Download\mailpv.zip"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.85  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
avast! Antivirus   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 Java 7 Update 55  
 Java version out of Date! 
 Adobe Reader XI  
 Mozilla Thunderbird (24.6.0) 
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 IObit IObit Malware Fighter adsremoval IE\Adblock.exe 
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014
Ran by Chrissi (administrator) on TOSHI on 03-07-2014 17:00:20
Running from C:\Users\Chrissi\Downloads
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Handle) C:\Users\Chrissi\AppData\Roaming\Win System\handle.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Jumping Bytes) C:\Program Files (x86)\PureSync\PureSyncTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adblock) C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Securepoint GmbH) C:\Program Files (x86)\Securepoint SSL VPN\Spvpncl.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(The OpenVPN Project) C:\Program Files (x86)\Securepoint SSL VPN\bin\openvpn.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-27] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-20] (Synaptics Incorporated)
HKLM\...\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] => "C:\ProgramData\cis3138.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-02] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaDynamicIconUtility] => C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba)
HKLM-x32\...\Run: [TPUReg(x86)] => "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [6884352 2012-08-23] (Pegatron Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-26] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1601856 2014-05-23] (IObit)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2289284972-2644470871-447745967-1001\...\Run: [PureSync] => C:\Program Files (x86)\PureSync\PureSyncTray.exe [906928 2013-12-20] (Jumping Bytes)
HKU\S-1-5-21-2289284972-2644470871-447745967-1001\...\Run: [SpyEmergency] => C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe [3231032 2013-10-03] (NETGATE Technologies s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Chrissi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
SearchScopes: HKLM - DefaultScope {18459EE8-363E-4058-BC1A-88074DD5E9A6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM - {18459EE8-363E-4058-BC1A-88074DD5E9A6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {18459EE8-363E-4058-BC1A-88074DD5E9A6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - DefaultScope {18459EE8-363E-4058-BC1A-88074DD5E9A6} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKCU - {18459EE8-363E-4058-BC1A-88074DD5E9A6} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: No Name - {01F29AE5-D48D-417B-9D00-8A115C23A0EB} - C:\Users\Chrissi\AppData\LocalLow\systems ie bho\bho.dll ()
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Ads Removal - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Ads Removal) - C:\Users\Chrissi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-06-30]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-05-02] (Adobe Systems) [File not signed]
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-26] (AVAST Software)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-14] () [File not signed]
R2 HandleService; C:\Users\Chrissi\AppData\Roaming\Win System\handle.exe [637952 2014-06-10] (Handle) [File not signed]
S2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-05-15] (IObit)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-09-27] (Realtek Semiconductor)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Securepoint VPN; C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe [40840 2014-02-14] () [File not signed]
S2 SpyEmrgSrv; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [3284008 2013-03-11] (NETGATE Technologies s.r.o.)
R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-26] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-26] ()
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 ERmvrDrv; C:\WINDOWS\system32\drivers\ERKRmvrDrv.sys [43608 2014-06-26] (ESET spol. s r.o.)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [122584 2014-06-30] (Malwarebytes Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-12] (PEGATRON)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-20] (Synaptics Incorporated)
R1 SpyEmrg; C:\Windows\System32\Drivers\spyemrg.sys [17240 2011-04-21] (NETGATE Technologies s.r.o.)
S3 SpyEmrgAccess; C:\Windows\System32\Drivers\spyemrg_access.sys [24408 2011-04-21] (NETGATE Technologies s.r.o.)
R3 SpyEmrgGuard; C:\Windows\System32\Drivers\spyemrg_guard.sys [18776 2011-04-21] (NETGATE Technologies s.r.o.)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-03 16:57 - 2014-07-03 16:57 - 00000000 ____D () C:\Users\Chrissi\Downloads\FRST-OlderVersion
2014-07-03 16:56 - 2014-07-03 16:56 - 00000926 _____ () C:\Users\Chrissi\Desktop\checkup.txt
2014-07-03 16:54 - 2014-07-03 16:54 - 00854390 _____ () C:\Users\Chrissi\Downloads\SecurityCheck.exe
2014-07-03 13:53 - 2014-07-03 13:53 - 02347384 _____ (ESET) C:\Users\Chrissi\Downloads\esetsmartinstaller_deu.exe
2014-07-03 13:33 - 2014-07-03 13:34 - 00464104 _____ () C:\WINDOWS\Minidump\070314-25562-01.dmp
2014-07-01 12:59 - 2014-07-01 12:59 - 00027849 _____ () C:\Users\Chrissi\Desktop\Logfiles.zip
2014-07-01 12:14 - 2014-07-01 12:14 - 00016597 _____ () C:\Users\Chrissi\Desktop\gmer.log
2014-07-01 11:56 - 2014-07-01 11:50 - 00059668 _____ () C:\Users\Chrissi\Desktop\FRST.txt
2014-07-01 11:56 - 2014-07-01 11:50 - 00046025 _____ () C:\Users\Chrissi\Desktop\Addition.txt
2014-07-01 11:49 - 2014-07-01 11:50 - 00046025 _____ () C:\Users\Chrissi\Downloads\Addition.txt
2014-07-01 11:46 - 2014-07-03 17:00 - 00018506 _____ () C:\Users\Chrissi\Downloads\FRST.txt
2014-07-01 11:46 - 2014-07-03 17:00 - 00000000 ____D () C:\FRST
2014-07-01 11:44 - 2014-07-01 11:44 - 00000476 _____ () C:\Users\Chrissi\Downloads\defogger_disable.log
2014-07-01 11:44 - 2014-07-01 11:44 - 00000000 _____ () C:\Users\Chrissi\defogger_reenable
2014-06-30 22:30 - 2014-06-30 22:30 - 00000998 _____ () C:\Users\Chrissi\Desktop\AdwCleaner[S0].txt
2014-06-30 22:25 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-06-30 22:22 - 2014-06-30 22:26 - 00000000 ____D () C:\AdwCleaner
2014-06-30 22:15 - 2014-06-30 22:15 - 00001337 _____ () C:\Users\Chrissi\Desktop\mwam-300620142215.txt
2014-06-30 21:20 - 2014-06-30 21:20 - 00000209 _____ () C:\Users\Chrissi\Desktop\scan_2014-06-30-21-20 .txt
2014-06-30 21:15 - 2014-06-30 21:15 - 00380416 _____ () C:\Users\Chrissi\Downloads\ygnflrmi.exe
2014-06-30 21:14 - 2014-07-03 16:57 - 02083840 _____ (Farbar) C:\Users\Chrissi\Downloads\FRST64.exe
2014-06-30 21:13 - 2014-06-30 21:13 - 00050477 _____ () C:\Users\Chrissi\Downloads\Defogger.exe
2014-06-30 10:41 - 2014-06-30 10:41 - 00000382 _____ () C:\Users\Chrissi\Desktop\scan_2014-06-30-10-41 .txt
2014-06-30 10:32 - 2014-07-01 22:15 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\Spy Emergency
2014-06-30 10:32 - 2014-06-30 10:32 - 00001016 _____ () C:\Users\Public\Desktop\Spy Emergency.lnk
2014-06-30 10:32 - 2014-06-30 10:32 - 00000000 ____D () C:\ProgramData\NETGATE
2014-06-30 10:32 - 2014-06-30 10:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Emergency
2014-06-30 10:32 - 2014-06-30 10:32 - 00000000 ____D () C:\Program Files\NETGATE
2014-06-30 10:32 - 2011-04-21 11:31 - 00024408 _____ (NETGATE Technologies s.r.o.) C:\WINDOWS\system32\Drivers\spyemrg_access.sys
2014-06-30 10:32 - 2011-04-21 11:31 - 00018776 _____ (NETGATE Technologies s.r.o.) C:\WINDOWS\system32\Drivers\spyemrg_guard.sys
2014-06-30 10:32 - 2011-04-21 11:31 - 00017240 _____ (NETGATE Technologies s.r.o.) C:\WINDOWS\system32\Drivers\spyemrg.sys
2014-06-30 09:34 - 2014-06-30 20:58 - 00000000 ____D () C:\ProgramData\IObit
2014-06-30 09:34 - 2014-06-30 09:35 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\Win System
2014-06-30 09:34 - 2014-06-30 09:35 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\Security Systems
2014-06-30 09:34 - 2014-06-30 09:34 - 00001160 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-06-30 09:34 - 2014-06-30 09:34 - 00000000 ____D () C:\Users\Chrissi\AppData\Local\Google
2014-06-30 09:34 - 2014-06-30 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-06-30 09:33 - 2014-06-30 09:33 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\IObit
2014-06-30 09:33 - 2014-06-30 09:33 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-06-28 13:26 - 2014-06-30 21:36 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-28 13:25 - 2014-06-28 13:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Chrissi\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-28 13:25 - 2014-06-28 13:25 - 00001085 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-28 13:25 - 2014-06-28 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-28 13:25 - 2014-06-28 13:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-28 13:25 - 2014-06-28 13:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-28 13:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-28 13:25 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-06-28 13:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-06-28 13:04 - 2014-07-03 13:33 - 616059474 _____ () C:\WINDOWS\MEMORY.DMP
2014-06-28 13:04 - 2014-07-03 13:33 - 00000000 ____D () C:\WINDOWS\Minidump
2014-06-28 13:04 - 2014-06-28 13:04 - 00285712 _____ () C:\WINDOWS\Minidump\062814-29718-01.dmp
2014-06-27 21:10 - 2013-08-22 15:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140627-211035.backup
2014-06-26 13:06 - 2014-06-26 13:06 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-26 13:06 - 2014-06-26 13:06 - 00001362 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-26 13:06 - 2014-06-26 13:06 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-06-26 13:06 - 2014-06-26 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-26 13:05 - 2014-06-26 13:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-26 13:05 - 2014-06-26 13:08 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-26 13:05 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-06-26 13:02 - 2014-06-26 13:03 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Chrissi\Downloads\spybot-2.3.exe
2014-06-26 12:02 - 2014-06-26 12:02 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\AVAST Software
2014-06-26 12:01 - 2014-06-26 12:02 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-06-26 12:01 - 2014-06-26 12:01 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1403776881453
2014-06-26 12:01 - 2014-06-26 12:01 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1403776881453
2014-06-26 12:01 - 2014-06-26 12:01 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00334648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-06-26 12:01 - 2014-06-26 12:01 - 00208416 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00085328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-06-26 12:01 - 2014-06-26 12:01 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00001993 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-26 12:01 - 2014-06-26 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-26 12:00 - 2014-06-26 12:00 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-26 11:59 - 2014-06-26 11:59 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-26 11:58 - 2014-06-26 11:59 - 94714880 _____ (AVAST Software) C:\Users\Chrissi\Downloads\avast_free_antivirus_setup2018.exe
2014-06-26 11:52 - 2014-06-26 11:52 - 00000416 _____ () C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job
2014-06-26 10:51 - 2014-06-26 10:51 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-06-26 10:50 - 2014-06-26 11:48 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-06-26 10:06 - 2014-06-26 10:06 - 00043608 _____ (ESET spol. s r.o.) C:\WINDOWS\system32\Drivers\ERKRmvrDrv.sys
2014-06-18 20:00 - 2014-06-19 12:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-16 14:52 - 2014-05-09 01:06 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2014-06-15 18:40 - 2014-06-15 18:40 - 00000218 _____ () C:\Users\Chrissi\.recently-used.xbel
2014-06-15 12:53 - 2014-06-15 12:53 - 00026592 _____ () C:\Users\Chrissi\AppData\Local\recently-used.xbel
2014-06-13 11:40 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-06-13 11:40 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-06-13 11:40 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-06-13 11:40 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-06-13 11:40 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-06-13 11:40 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-06-13 11:40 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-06-13 11:40 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-06-13 11:40 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-06-13 11:40 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-06-13 11:40 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-06-13 11:40 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-06-13 11:40 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-06-13 11:40 - 2014-05-10 05:46 - 02151424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-06-13 11:40 - 2014-05-10 05:22 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-06-13 11:40 - 2014-05-05 06:02 - 03360256 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-06-13 11:40 - 2014-04-30 13:16 - 01336648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-06-13 11:40 - 2014-04-30 05:51 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-06-13 11:39 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-06-13 11:39 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-06-13 11:39 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-06-13 11:39 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-06-13 11:39 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-06-13 11:39 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-06-13 11:39 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-06-13 11:39 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-06-13 11:39 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-06-13 11:39 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-06-13 11:39 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-06-13 11:39 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-06-13 11:39 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-06-13 11:39 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-06-13 11:39 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-06-13 11:39 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-06-13 11:39 - 2014-05-03 09:14 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-06-13 11:39 - 2014-05-03 06:21 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-06-13 11:39 - 2014-05-03 06:07 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-06-13 11:39 - 2014-05-03 05:41 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-06-13 11:39 - 2014-05-03 05:38 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-06-13 11:39 - 2014-04-18 11:32 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-06-13 11:39 - 2014-04-18 10:09 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-06-13 11:39 - 2014-04-06 18:31 - 21268952 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-06-13 11:39 - 2014-04-06 17:22 - 18755672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-06-13 11:39 - 2014-04-06 13:55 - 16872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-06-13 11:39 - 2014-04-06 13:54 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-06-13 11:39 - 2014-04-03 10:12 - 02124840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-06-13 11:39 - 2014-04-03 09:59 - 02518872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-06-13 11:39 - 2014-04-03 09:59 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-06-13 11:39 - 2014-04-03 05:53 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-06-13 11:39 - 2014-04-03 04:53 - 04269056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-06-13 11:39 - 2014-03-31 00:54 - 01308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-06-13 11:39 - 2014-03-20 02:44 - 06645248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-06-13 11:39 - 2014-03-20 01:33 - 05774848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-06-13 11:39 - 2014-03-18 07:00 - 07173120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2014-06-13 11:39 - 2014-03-18 06:52 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2014-06-13 11:38 - 2014-05-19 08:31 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2014-06-13 11:38 - 2014-05-19 08:21 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2014-06-13 11:38 - 2014-05-19 07:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe
2014-06-13 11:38 - 2014-04-30 06:43 - 01975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2014-06-13 11:38 - 2014-04-30 06:26 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2014-06-13 11:38 - 2014-04-30 05:47 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2014-06-13 11:38 - 2014-04-18 16:57 - 00032600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-06-13 11:38 - 2014-04-18 16:44 - 01466856 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-06-13 11:38 - 2014-04-18 15:29 - 01200288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-06-13 11:38 - 2014-04-18 11:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2014-06-13 11:38 - 2014-04-18 10:58 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-06-13 11:38 - 2014-04-18 10:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-06-13 11:38 - 2014-04-18 10:21 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-06-13 11:38 - 2014-04-18 09:51 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-06-13 11:38 - 2014-04-18 09:49 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-06-13 11:38 - 2014-04-14 11:20 - 00324888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2014-06-13 11:38 - 2014-04-14 10:01 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2014-06-13 11:38 - 2014-04-11 08:13 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2014-06-13 11:38 - 2014-04-11 06:51 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-06-13 11:38 - 2014-04-11 06:23 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-06-13 11:38 - 2014-04-11 05:30 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-06-13 11:38 - 2014-04-09 13:53 - 00337240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-06-13 11:38 - 2014-04-09 08:39 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2014-06-13 11:38 - 2014-04-09 07:44 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2014-06-13 11:38 - 2014-04-09 06:35 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-06-13 11:38 - 2014-04-09 05:33 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2014-06-13 11:38 - 2014-04-08 04:01 - 00589656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2014-06-13 11:38 - 2014-04-06 18:34 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2014-06-13 11:38 - 2014-04-06 18:34 - 00275800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2014-06-13 11:38 - 2014-04-06 18:32 - 00125496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-06-13 11:38 - 2014-04-06 18:30 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2014-06-13 11:38 - 2014-04-06 18:24 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2014-06-13 11:38 - 2014-04-06 18:20 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-06-13 11:38 - 2014-04-06 18:20 - 01403856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-06-13 11:38 - 2014-04-06 18:20 - 01379064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-06-13 11:38 - 2014-04-06 18:20 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-06-13 11:38 - 2014-04-06 18:20 - 00765408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-06-13 11:38 - 2014-04-06 18:20 - 00609448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2014-06-13 11:38 - 2014-04-06 18:20 - 00491744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-06-13 11:38 - 2014-04-06 18:20 - 00467496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-06-13 11:38 - 2014-04-06 18:20 - 00463256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-06-13 11:38 - 2014-04-06 18:20 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-06-13 11:38 - 2014-04-06 18:20 - 00244880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-06-13 11:38 - 2014-04-06 18:20 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-06-13 11:38 - 2014-04-06 18:20 - 00028408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2014-06-13 11:38 - 2014-04-06 17:23 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-06-13 11:38 - 2014-04-06 17:22 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2014-06-13 11:38 - 2014-04-06 17:16 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-06-13 11:38 - 2014-04-06 17:16 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-06-13 11:38 - 2014-04-06 17:16 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-06-13 11:38 - 2014-04-06 17:16 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-06-13 11:38 - 2014-04-06 17:16 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2014-06-13 11:38 - 2014-04-06 17:16 - 00406504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-06-13 11:38 - 2014-04-06 17:16 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-06-13 11:38 - 2014-04-06 17:16 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-06-13 11:38 - 2014-04-06 17:16 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-06-13 11:38 - 2014-04-06 16:10 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-06-13 11:38 - 2014-04-06 14:58 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2014-06-13 11:38 - 2014-04-06 14:51 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2014-06-13 11:38 - 2014-04-06 14:33 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2014-06-13 11:38 - 2014-04-06 14:24 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2014-06-13 11:38 - 2014-04-06 14:06 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll
2014-06-13 11:38 - 2014-04-06 13:26 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2014-06-13 11:38 - 2014-04-06 13:20 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-06-13 11:38 - 2014-04-06 13:01 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-06-13 11:38 - 2014-04-06 12:52 - 00955904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-06-13 11:38 - 2014-04-06 12:51 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-06-13 11:38 - 2014-04-06 12:37 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-06-13 11:38 - 2014-04-06 12:36 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-06-13 11:38 - 2014-04-06 12:05 - 01222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2014-06-13 11:38 - 2014-04-06 11:59 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2014-06-13 11:38 - 2014-04-03 10:12 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2014-06-13 11:38 - 2014-04-03 10:12 - 00130144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2014-06-13 11:38 - 2014-04-03 06:03 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2014-06-13 11:38 - 2014-04-03 06:03 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2014-06-13 11:38 - 2014-04-03 04:53 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-06-13 11:38 - 2014-04-03 04:51 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-06-13 11:38 - 2014-04-03 04:23 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-06-13 11:38 - 2014-04-03 04:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-06-13 11:38 - 2014-04-03 04:23 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll
2014-06-13 11:38 - 2014-04-03 04:22 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2014-06-13 11:38 - 2014-04-01 08:23 - 00384856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-06-13 11:38 - 2014-03-31 07:42 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-06-13 11:38 - 2014-03-31 02:41 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-06-13 11:38 - 2014-03-31 02:01 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-06-13 11:38 - 2014-03-31 01:43 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-06-13 11:38 - 2014-03-31 00:49 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-06-13 11:38 - 2014-03-31 00:35 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-06-13 11:38 - 2014-03-31 00:11 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-06-13 11:38 - 2014-03-30 23:47 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-06-13 11:38 - 2014-03-28 17:58 - 00407016 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2014-06-13 11:38 - 2014-03-27 08:16 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-06-13 11:38 - 2014-03-27 07:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2014-06-13 11:38 - 2014-03-27 06:59 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-06-13 11:38 - 2014-03-27 06:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2014-06-13 11:38 - 2014-03-27 06:19 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-06-13 11:38 - 2014-03-27 05:46 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-06-13 11:38 - 2014-03-27 05:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-06-13 11:38 - 2014-03-27 05:10 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2014-06-13 11:38 - 2014-03-25 00:58 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-06-13 11:38 - 2014-03-20 05:48 - 00263424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-06-13 11:38 - 2014-03-19 10:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2014-06-13 11:38 - 2014-03-19 10:07 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-06-13 11:38 - 2014-03-19 09:24 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-06-13 11:38 - 2014-03-19 09:17 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2014-06-13 11:38 - 2014-03-19 08:36 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-06-13 11:38 - 2014-03-19 07:56 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-06-13 11:38 - 2014-03-19 07:45 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-06-13 11:38 - 2014-03-19 07:19 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-06-13 11:38 - 2014-03-19 07:07 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-06-13 11:38 - 2014-03-19 07:02 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-06-13 11:38 - 2014-03-19 07:00 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-06-13 11:38 - 2014-03-19 06:51 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-06-13 11:38 - 2014-03-19 06:31 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-06-13 11:38 - 2014-03-19 06:18 - 02688000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-06-13 11:38 - 2014-03-18 10:19 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-06-13 11:38 - 2014-03-17 07:09 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-06-13 11:38 - 2014-03-17 06:11 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-06-13 11:38 - 2014-03-17 05:01 - 00486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-06-13 11:38 - 2014-03-17 04:47 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-06-13 11:38 - 2014-03-17 04:45 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-06-13 11:38 - 2014-03-14 08:26 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2014-06-13 11:38 - 2014-03-14 08:10 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2014-06-13 11:38 - 2014-03-06 14:42 - 00310616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-06-13 11:37 - 2014-05-01 15:31 - 03048904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-06-13 11:37 - 2014-05-01 15:31 - 00055328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2014-06-13 11:37 - 2014-05-01 09:14 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-06-13 11:37 - 2014-05-01 09:05 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-06-13 11:37 - 2014-05-01 08:51 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-06-13 11:37 - 2014-05-01 07:24 - 02834944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2014-06-13 11:23 - 2014-06-13 11:23 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2014-06-13 11:23 - 2014-06-13 11:23 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf

==================== One Month Modified Files and Folders =======

2014-07-03 17:01 - 2014-07-01 11:46 - 00018506 _____ () C:\Users\Chrissi\Downloads\FRST.txt
2014-07-03 17:00 - 2014-07-01 11:46 - 00000000 ____D () C:\FRST
2014-07-03 17:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-03 16:57 - 2014-07-03 16:57 - 00000000 ____D () C:\Users\Chrissi\Downloads\FRST-OlderVersion
2014-07-03 16:57 - 2014-06-30 21:14 - 02083840 _____ (Farbar) C:\Users\Chrissi\Downloads\FRST64.exe
2014-07-03 16:56 - 2014-07-03 16:56 - 00000926 _____ () C:\Users\Chrissi\Desktop\checkup.txt
2014-07-03 16:54 - 2014-07-03 16:54 - 00854390 _____ () C:\Users\Chrissi\Downloads\SecurityCheck.exe
2014-07-03 16:40 - 2013-01-19 00:19 - 00000000 ____D () C:\Users\Chrissi\AppData\Local\VirtualStore
2014-07-03 16:38 - 2014-03-18 10:18 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\Securepoint SSL VPN
2014-07-03 13:53 - 2014-07-03 13:53 - 02347384 _____ (ESET) C:\Users\Chrissi\Downloads\esetsmartinstaller_deu.exe
2014-07-03 13:45 - 2014-01-05 11:57 - 00000000 __RDO () C:\Users\Chrissi\SkyDrive
2014-07-03 13:34 - 2014-07-03 13:33 - 00464104 _____ () C:\WINDOWS\Minidump\070314-25562-01.dmp
2014-07-03 13:34 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-03 13:33 - 2014-06-28 13:04 - 616059474 _____ () C:\WINDOWS\MEMORY.DMP
2014-07-03 13:33 - 2014-06-28 13:04 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-03 13:24 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-07-03 13:22 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-03 13:21 - 2014-01-05 01:39 - 00002562 _____ () C:\WINDOWS\diagwrn.xml
2014-07-03 13:21 - 2014-01-05 01:39 - 00001908 _____ () C:\WINDOWS\diagerr.xml
2014-07-03 13:21 - 2013-08-22 16:46 - 00000917 _____ () C:\WINDOWS\setupact.log
2014-07-03 13:21 - 2013-08-22 16:46 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-07-03 11:06 - 2013-01-19 00:25 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2289284972-2644470871-447745967-1001
2014-07-03 09:48 - 2014-01-05 02:01 - 01214366 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-03 09:01 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-03 08:55 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-03 08:55 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-03 08:55 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-01 22:15 - 2014-06-30 10:32 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\Spy Emergency
2014-07-01 12:59 - 2014-07-01 12:59 - 00027849 _____ () C:\Users\Chrissi\Desktop\Logfiles.zip
2014-07-01 12:14 - 2014-07-01 12:14 - 00016597 _____ () C:\Users\Chrissi\Desktop\gmer.log
2014-07-01 11:50 - 2014-07-01 11:56 - 00059668 _____ () C:\Users\Chrissi\Desktop\FRST.txt
2014-07-01 11:50 - 2014-07-01 11:56 - 00046025 _____ () C:\Users\Chrissi\Desktop\Addition.txt
2014-07-01 11:50 - 2014-07-01 11:49 - 00046025 _____ () C:\Users\Chrissi\Downloads\Addition.txt
2014-07-01 11:44 - 2014-07-01 11:44 - 00000476 _____ () C:\Users\Chrissi\Downloads\defogger_disable.log
2014-07-01 11:44 - 2014-07-01 11:44 - 00000000 _____ () C:\Users\Chrissi\defogger_reenable
2014-07-01 11:44 - 2014-01-05 01:39 - 00000000 ____D () C:\Users\Chrissi
2014-06-30 22:30 - 2014-06-30 22:30 - 00000998 _____ () C:\Users\Chrissi\Desktop\AdwCleaner[S0].txt
2014-06-30 22:27 - 2013-11-14 00:18 - 00010194 _____ () C:\WINDOWS\PFRO.log
2014-06-30 22:26 - 2014-06-30 22:22 - 00000000 ____D () C:\AdwCleaner
2014-06-30 22:26 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-06-30 22:15 - 2014-06-30 22:15 - 00001337 _____ () C:\Users\Chrissi\Desktop\mwam-300620142215.txt
2014-06-30 21:36 - 2014-06-28 13:26 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-30 21:20 - 2014-06-30 21:20 - 00000209 _____ () C:\Users\Chrissi\Desktop\scan_2014-06-30-21-20 .txt
2014-06-30 21:15 - 2014-06-30 21:15 - 00380416 _____ () C:\Users\Chrissi\Downloads\ygnflrmi.exe
2014-06-30 21:13 - 2014-06-30 21:13 - 00050477 _____ () C:\Users\Chrissi\Downloads\Defogger.exe
2014-06-30 20:58 - 2014-06-30 09:34 - 00000000 ____D () C:\ProgramData\IObit
2014-06-30 13:56 - 2014-02-03 16:42 - 00000000 ____D () C:\Program Files (x86)\FireOffice
2014-06-30 10:41 - 2014-06-30 10:41 - 00000382 _____ () C:\Users\Chrissi\Desktop\scan_2014-06-30-10-41 .txt
2014-06-30 10:32 - 2014-06-30 10:32 - 00001016 _____ () C:\Users\Public\Desktop\Spy Emergency.lnk
2014-06-30 10:32 - 2014-06-30 10:32 - 00000000 ____D () C:\ProgramData\NETGATE
2014-06-30 10:32 - 2014-06-30 10:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Emergency
2014-06-30 10:32 - 2014-06-30 10:32 - 00000000 ____D () C:\Program Files\NETGATE
2014-06-30 09:35 - 2014-06-30 09:34 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\Win System
2014-06-30 09:35 - 2014-06-30 09:34 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\Security Systems
2014-06-30 09:34 - 2014-06-30 09:34 - 00001160 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-06-30 09:34 - 2014-06-30 09:34 - 00000000 ____D () C:\Users\Chrissi\AppData\Local\Google
2014-06-30 09:34 - 2014-06-30 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-06-30 09:33 - 2014-06-30 09:33 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\IObit
2014-06-30 09:33 - 2014-06-30 09:33 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-06-28 13:57 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-06-28 13:56 - 2013-09-06 22:21 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-28 13:52 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-06-28 13:25 - 2014-06-28 13:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Chrissi\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-28 13:25 - 2014-06-28 13:25 - 00001085 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-28 13:25 - 2014-06-28 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-28 13:25 - 2014-06-28 13:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-28 13:25 - 2014-06-28 13:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-28 13:04 - 2014-06-28 13:04 - 00285712 _____ () C:\WINDOWS\Minidump\062814-29718-01.dmp
2014-06-26 13:13 - 2014-06-26 13:05 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-26 13:08 - 2014-06-26 13:05 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-26 13:06 - 2014-06-26 13:06 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-26 13:06 - 2014-06-26 13:06 - 00001362 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-26 13:06 - 2014-06-26 13:06 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-06-26 13:06 - 2014-06-26 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-26 13:03 - 2014-06-26 13:02 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Chrissi\Downloads\spybot-2.3.exe
2014-06-26 12:02 - 2014-06-26 12:02 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\AVAST Software
2014-06-26 12:02 - 2014-06-26 12:01 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-06-26 12:01 - 2014-06-26 12:01 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1403776881453
2014-06-26 12:01 - 2014-06-26 12:01 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1403776881453
2014-06-26 12:01 - 2014-06-26 12:01 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00334648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-06-26 12:01 - 2014-06-26 12:01 - 00208416 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00085328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-06-26 12:01 - 2014-06-26 12:01 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-06-26 12:01 - 2014-06-26 12:01 - 00001993 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-26 12:01 - 2014-06-26 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-26 12:00 - 2014-06-26 12:00 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-26 11:59 - 2014-06-26 11:59 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-26 11:59 - 2014-06-26 11:58 - 94714880 _____ (AVAST Software) C:\Users\Chrissi\Downloads\avast_free_antivirus_setup2018.exe
2014-06-26 11:52 - 2014-06-26 11:52 - 00000416 _____ () C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job
2014-06-26 11:50 - 2013-03-13 10:53 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-06-26 11:49 - 2013-01-19 14:34 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-26 11:49 - 2013-01-19 14:34 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\WildTangent
2014-06-26 11:49 - 2012-11-11 01:20 - 00000000 ____D () C:\ProgramData\WildTangent
2014-06-26 11:49 - 2012-11-11 01:20 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA Games
2014-06-26 11:48 - 2014-06-26 10:50 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-06-26 10:51 - 2014-06-26 10:51 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-06-26 10:45 - 2013-03-13 10:55 - 01474832 _____ () C:\WINDOWS\system32\Drivers\sfi.dat
2014-06-26 10:30 - 2014-03-27 15:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-26 10:06 - 2014-06-26 10:06 - 00043608 _____ (ESET spol. s r.o.) C:\WINDOWS\system32\Drivers\ERKRmvrDrv.sys
2014-06-19 12:24 - 2014-06-18 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-18 15:43 - 2014-02-28 13:18 - 00043371 _____ () C:\Users\Chrissi\bikeXperience.log
2014-06-15 18:40 - 2014-06-15 18:40 - 00000218 _____ () C:\Users\Chrissi\.recently-used.xbel
2014-06-15 13:27 - 2014-04-11 13:33 - 00000000 ____D () C:\Users\Chrissi\.gimp-2.8
2014-06-15 12:53 - 2014-06-15 12:53 - 00026592 _____ () C:\Users\Chrissi\AppData\Local\recently-used.xbel
2014-06-15 12:53 - 2014-04-11 13:38 - 00000000 ____D () C:\Users\Chrissi\AppData\Local\gtk-2.0
2014-06-14 14:58 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-06-13 20:01 - 2013-01-19 00:20 - 00000891 _____ () C:\Users\Chrissi\Desktop\Downloads.lnk
2014-06-13 19:58 - 2013-08-22 16:44 - 00474344 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-06-13 12:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-06-13 12:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-06-13 12:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-06-13 12:12 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-06-13 12:12 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-06-13 12:12 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-06-13 12:11 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-06-13 12:11 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-06-13 12:10 - 2013-01-19 14:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-13 11:23 - 2014-06-13 11:23 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2014-06-13 11:23 - 2014-06-13 11:23 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf

Some content of TEMP:
====================
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationCore.dll
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationFramework.dll
C:\Users\ADMINI~1\AppData\Local\Temp\ReachFramework.dll
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationProvider.dll
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationTypes.dll
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsBase.dll
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsFormsIntegration.dll
C:\Users\Chrissi\AppData\Local\Temp\FoxySecure_IE_FF_12-02-2014_Version_5_Setup.exe
C:\Users\Chrissi\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-03 16:46

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 04.07.2014, 13:08   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA - Standard

Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA



Java updaten. Ordner Downloads auf D leeren.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\$Recycle.Bin
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.07.2014, 13:32   #11
ElCheffo
 
Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA - Standard

Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA



Hier ist es:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-07-2014
Ran by Chrissi at 2014-07-04 14:31:43 Run:1
Running from C:\Users\Chrissi\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\$Recycle.Bin
*****************

C:\$Recycle.Bin => Moved successfully.

==== End of Fixlog ====
         

Alt 05.07.2014, 11:54   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA - Standard

Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA



fertig
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.07.2014, 12:31   #13
ElCheffo
 
Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA - Standard

Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA



Perfekt!
Vielen Dank für deine Hilfe!!!

Alt 05.07.2014, 22:28   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA - Standard

Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA
anbieter, angemeldet, anti-malware, auftrag, befallen, benutzerkonto, code, computer, e-mail, folge, gesucht, hardware, hilfe!, infektion, infiziert, komplett, laptop, manager, neu, problem, scan, scanner, system, trojaner, trojaner-warnung, unbekannte, win



Ähnliche Themen: Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA


  1. Trojaner-Warnung nach Steam-Update
    Plagegeister aller Art und deren Bekämpfung - 22.12.2014 (17)
  2. System sauber nach GVU-Trojaner?
    Log-Analyse und Auswertung - 05.02.2013 (14)
  3. System-Bereinigung nach GVU-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 20.01.2013 (22)
  4. System wirklich von Viren bereinigt und sauber? Neuaufsetzen notwendig?
    Log-Analyse und Auswertung - 19.01.2013 (13)
  5. dsgsdgdsdgsdw.pad und andere Schädlinge gefunden und bereinigt, System jetzt OK?
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (26)
  6. Malware u. OTL Log nach GVU Trojaner / System sauber?
    Log-Analyse und Auswertung - 26.10.2012 (6)
  7. PC von GVU trojaner befallen worden, bereinigt, was nun?
    Log-Analyse und Auswertung - 09.10.2012 (10)
  8. System sauber nach BKA-Trojaner?
    Log-Analyse und Auswertung - 02.04.2012 (1)
  9. GEMA-Trojaner mit Tool bereinigt, weitere Schritte?
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (1)
  10. Problem nach Youtube besuch Warnung bundespolizei system wurde gesperrt
    Log-Analyse und Auswertung - 17.07.2011 (1)
  11. Backdoor trojaner, gestern bereinigt, jetzt nicht mehr da, oder doch noch?
    Log-Analyse und Auswertung - 20.02.2010 (1)
  12. Xp startet 1min. nach Hochfahren neu, nach Neuinstall. Trojaner in System Ordner...
    Log-Analyse und Auswertung - 26.01.2010 (1)
  13. Mehrere Trojaner gefunden, System bereinigt, ist es jetzt sauber?
    Log-Analyse und Auswertung - 12.01.2010 (16)
  14. System Probleme nach Trojaner/ Trojaner wirklich besiegt?
    Plagegeister aller Art und deren Bekämpfung - 28.10.2009 (3)
  15. System bereinigt nach Trojanerbefall
    Mülltonne - 02.12.2008 (1)
  16. Langsames System nach Trojaner
    Log-Analyse und Auswertung - 28.01.2007 (6)
  17. VCCLIENT.EXE gesweept, Desktop bereinigt, Trojaner weg??
    Log-Analyse und Auswertung - 29.12.2005 (1)

Zum Thema Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA - Hallo Board Mein System soll von einem Trojaner befallen sein, so jedenfalls wurde es mir telefonisch von zwei seriösen Internetdienstanbietern mitgeteilt und von einem Dritten per Mail. Die Mail hier - Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA...
Archiv
Du betrachtest: Win 8.1 : System bereinigt nach Trojaner-Warnung vom BKA auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.