Entschuldigung. Das habe ich nach dem ganzen Scannen wieder vergessen. Tut mir leid für die Umstände und danke fürs drauf hin weisen. Hier dann die Logfiles hoffentlich richtig.
Hab jetzt jedes File in einen Extra Code
deflogger_disable: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:40 on 17/03/2014 (Miri)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Miri (administrator) on WINGDING on 17-03-2014 12:45:21
Running from C:\Users\Miri\Desktop
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
() C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)
HKLM\...\Run: [LMADEmon] - C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe [952496 2012-09-07] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-14] (Synaptics Incorporated)
HKLM\...\Run: [InstallerLauncher] - "C:\Program Files\Bitdefender\Antivirus Free Edition\Install\setuplauncher.exe" /run:"C:\Program Files\Bitdefender\Antivirus Free Edition\Install\Installer.exe"
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-01] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaDynamicIconUtility] - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba)
HKLM-x32\...\Run: [TPUReg] - C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [6884352 2012-08-23] (Pegatron Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [LMADEmon] - C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe [952496 2012-09-07] ()
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1659703965-2282130268-2058980726-1001\...\Run: [Spotify Web Helper] - C:\Users\Miri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-04] (Spotify Ltd)
HKU\S-1-5-21-1659703965-2282130268-2058980726-1001\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-1659703965-2282130268-2058980726-1001\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-1659703965-2282130268-2058980726-1001\...\Run: [LMab1err] - C:\Program Files\Lexmark\ErrorApp\LMab1err.exe [645296 2012-08-07] ()
HKU\S-1-5-21-1659703965-2282130268-2058980726-1001\...\Run: [LMADEmon] - C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe [952496 2012-09-07] ()
HKU\S-1-5-21-1659703965-2282130268-2058980726-1001\...\Run: [AVG-Secure-Search-Update_1213b] - C:\Users\Miri\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=b4bdcd7fad7047d29d21a11d94fc8cce-6768baf0004c30faa8e78a910e0afa985fce73b6 /CMPID=1213b
HKU\S-1-5-21-1659703965-2282130268-2058980726-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20918432 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1659703965-2282130268-2058980726-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
Startup: C:\Users\Miri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
SearchScopes: HKLM - DefaultScope {84A97557-A480-4609-9E3C-7962DC3D17D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM - {84A97557-A480-4609-9E3C-7962DC3D17D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - DefaultScope {84A97557-A480-4609-9E3C-7962DC3D17D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {84A97557-A480-4609-9E3C-7962DC3D17D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - DefaultScope {84A97557-A480-4609-9E3C-7962DC3D17D5} URL =
SearchScopes: HKCU - {84A97557-A480-4609-9E3C-7962DC3D17D5} URL =
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\6evd5p9p.default
FF user.js: detected! => C:\Users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\6evd5p9p.default\user.js
FF Homepage: about:home
FF NetworkProxy: "ftp", "213.133.141.197"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "213.133.141.197"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "213.133.141.197"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "213.133.141.197"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\6evd5p9p.default\Extensions\ich@maltegoetz.de [2013-12-12]
FF Extension: Premiumize.me - C:\Users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\6evd5p9p.default\Extensions\jid1-sirVJT0BXhkuJg@jetpack.xpi [2014-01-07]
FF Extension: Stealthy - C:\Users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\6evd5p9p.default\Extensions\stealthyextension@gmail.com.xpi [2013-01-22]
FF Extension: NoScript - C:\Users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\6evd5p9p.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-12-03]
FF Extension: Adblock Plus - C:\Users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\6evd5p9p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
==================== Services (Whitelisted) =================
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
S4 gzserv; "C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe" /service [X]
==================== Drivers (Whitelisted) ====================
R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2013-08-20] (Emsisoft GmbH)
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 cleanhlp; C:\EEK\RUN\cleanhlp64.sys [57024 2014-03-15] (Emsisoft GmbH)
S3 FsUsbExDisk; C:\WINDOWS\SysWOW64\FsUsbExDisk.SYS [37344 2014-01-23] ()
S4 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-12-04] (Microsoft Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-17 12:45 - 2014-03-17 12:45 - 00017843 _____ () C:\Users\Miri\Desktop\FRST.txt
2014-03-17 12:45 - 2014-03-17 12:45 - 00000000 ____D () C:\FRST
2014-03-17 12:40 - 2014-03-17 12:40 - 00000470 _____ () C:\Users\Miri\Desktop\defogger_disable.log
2014-03-17 12:40 - 2014-03-17 12:40 - 00000000 _____ () C:\Users\Miri\defogger_reenable
2014-03-17 12:38 - 2014-03-17 12:38 - 00015500 _____ () C:\Users\Miri\Documents\trojanerboard.odt
2014-03-17 12:35 - 2014-03-17 12:35 - 00380416 _____ () C:\Users\Miri\Desktop\Gmer-19357.exe
2014-03-17 12:34 - 2014-03-17 12:34 - 02157056 _____ (Farbar) C:\Users\Miri\Desktop\FRST64.exe
2014-03-17 12:33 - 2014-03-17 12:33 - 00050477 _____ () C:\Users\Miri\Desktop\Defogger.exe
2014-03-15 13:20 - 2014-03-15 13:20 - 00010250 _____ () C:\EamClean.log
2014-03-15 10:30 - 2014-03-15 10:30 - 00000000 ____D () C:\Users\Miri\AppData\Local\Skype
2014-03-15 10:29 - 2014-03-15 10:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-12 13:59 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-12 13:59 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-03-12 13:59 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-12 11:41 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-12 11:41 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-12 11:41 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-12 11:41 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-12 11:41 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-12 11:41 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-12 11:41 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-12 11:41 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-12 11:41 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-12 11:41 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-12 11:41 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-12 11:41 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-12 11:41 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-12 11:41 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-12 11:41 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-12 11:41 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-12 11:41 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-03-12 11:41 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-03-12 11:41 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-12 11:41 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-03-12 11:41 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-03-12 11:41 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-03-12 11:40 - 2014-03-12 11:40 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-03-12 11:40 - 2014-03-12 11:40 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-03-12 11:40 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-12 11:40 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-12 11:40 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-12 11:40 - 2014-01-31 17:15 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-03-12 11:40 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-03-12 11:40 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-03-12 11:40 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-03-12 11:40 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-03-12 11:40 - 2014-01-29 10:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-03-12 11:40 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-03-12 11:40 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-03-12 11:40 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-03-12 11:40 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-03-12 11:40 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-03-12 11:40 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-03-12 11:40 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-03-12 11:40 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-03-12 11:40 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-03-12 11:40 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-03-12 11:40 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-12 11:40 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-03-12 11:40 - 2014-01-27 19:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-03-12 11:40 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-03-12 11:40 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-03-12 11:40 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-03-12 11:40 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-12 11:40 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-03-12 11:40 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-03-12 11:40 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-03-12 11:40 - 2014-01-27 12:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-03-12 11:40 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-03-12 11:40 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-03-12 11:40 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-03-11 19:25 - 2014-03-11 19:25 - 05777288 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2014-03-08 00:18 - 2014-01-23 04:21 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2014-03-08 00:18 - 2014-01-23 04:21 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2014-03-08 00:14 - 2014-01-23 10:22 - 00233472 _____ (Teruten) C:\WINDOWS\SysWOW64\FsUsbExService.Exe
2014-03-08 00:14 - 2014-01-23 10:22 - 00037344 _____ () C:\WINDOWS\SysWOW64\FsUsbExDisk.Sys
2014-03-08 00:14 - 2012-12-18 10:08 - 00110592 _____ () C:\WINDOWS\SysWOW64\FsUsbExDevice.Dll
2014-03-08 00:12 - 2014-03-08 00:12 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-03-08 00:11 - 2014-03-08 00:11 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-06 23:00 - 2014-03-06 23:00 - 00017475 _____ () C:\WINDOWS\DirectX.log
2014-03-06 23:00 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2014-03-06 22:58 - 2014-03-06 22:58 - 00000000 ____D () C:\Users\Miri\Documents\My Games
2014-03-06 22:58 - 2014-03-06 22:58 - 00000000 ____D () C:\ProgramData\Steam
2014-03-06 22:35 - 2014-03-06 22:35 - 00002291 _____ () C:\Users\Miri\Desktop\South Park Der Stab der Wahrheit.lnk
2014-03-06 22:32 - 2014-03-06 22:35 - 00000000 ____D () C:\Program Files (x86)\South Park Der Stab der Wahrheit
2014-03-05 16:11 - 2014-03-05 16:11 - 00019722 _____ () C:\Users\Miri\Documents\fazit.odt
2014-03-03 15:46 - 2014-03-03 15:46 - 00021840 _____ () C:\WINDOWS\SysWOW64\SIntfNT.dll
2014-03-03 15:46 - 2014-03-03 15:46 - 00017212 _____ () C:\WINDOWS\SysWOW64\SIntf32.dll
2014-03-03 15:46 - 2014-03-03 15:46 - 00012067 _____ () C:\WINDOWS\SysWOW64\SIntf16.dll
2014-03-03 15:45 - 2014-03-03 15:45 - 00003034 _____ () C:\WINDOWS\System32\Tasks\{9B765944-D9BC-44F5-AE9B-B3ADE531A5F6}
2014-03-03 15:36 - 2014-03-03 15:36 - 00001660 _____ () C:\Users\Public\Desktop\Empire Earth.lnk
2014-03-03 15:33 - 2014-03-03 15:33 - 00000224 _____ () C:\WINDOWS\SIERRA.INI
2014-03-03 15:33 - 2014-03-03 15:33 - 00000000 ____D () C:\Sierra
2014-03-02 22:04 - 2014-03-02 22:04 - 01630353 _____ () C:\Users\Miri\Documents\casta.wma
2014-03-01 15:56 - 2014-03-01 21:27 - 00000000 ____D () C:\Users\Miri\Downloads\Conan
2014-02-28 14:14 - 2014-02-28 14:25 - 00000000 ____D () C:\Users\Miri\Downloads\cutmp
2014-02-28 14:14 - 2014-02-28 14:14 - 00000896 _____ () C:\Users\Miri\Desktop\mp3DirectCut.lnk
2014-02-28 14:13 - 2014-02-28 14:13 - 00300850 _____ () C:\Users\Miri\Downloads\mp3DC219.exe
2014-02-26 20:43 - 2014-02-26 20:43 - 00000000 ____D () C:\Users\Miri\AppData\Roaming\sMedio
2014-02-16 12:42 - 2013-12-09 01:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-02-16 12:42 - 2013-12-09 01:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-02-16 12:42 - 2013-11-27 16:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-02-16 12:42 - 2013-11-27 16:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-02-16 12:42 - 2013-11-27 15:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-02-16 12:42 - 2013-11-27 14:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-02-16 12:42 - 2013-11-27 13:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-02-16 12:42 - 2013-11-27 11:54 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-02-16 12:42 - 2013-11-27 11:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-02-16 12:42 - 2013-11-27 11:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-02-16 12:42 - 2013-11-27 10:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-02-16 12:42 - 2013-11-27 10:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-02-16 12:42 - 2013-11-27 10:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-02-16 12:42 - 2013-11-27 10:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-02-16 12:42 - 2013-11-27 09:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-02-16 12:42 - 2013-11-27 09:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-02-16 12:42 - 2013-11-26 14:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-02-16 12:42 - 2013-11-26 14:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-02-16 12:42 - 2013-11-26 12:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-02-16 12:42 - 2013-11-26 10:21 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-02-16 12:42 - 2013-11-26 09:28 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-02-16 12:42 - 2013-11-25 02:45 - 00142680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-02-16 12:42 - 2013-11-25 02:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-02-16 12:42 - 2013-11-25 00:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-02-16 12:42 - 2013-11-25 00:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-02-16 12:42 - 2013-11-23 13:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-02-16 12:42 - 2013-11-23 12:49 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-02-16 12:42 - 2013-11-23 09:19 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-02-16 12:42 - 2013-11-23 08:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-02-16 12:42 - 2013-11-23 08:13 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-02-16 12:42 - 2013-11-23 08:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-02-16 12:42 - 2013-11-23 05:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-02-16 12:42 - 2013-11-23 04:57 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-02-16 12:42 - 2013-11-23 04:48 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-02-16 12:42 - 2013-11-23 04:25 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-02-16 12:42 - 2013-11-23 04:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-02-16 12:42 - 2013-11-23 04:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-02-16 12:42 - 2013-11-23 04:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-02-16 12:42 - 2013-11-21 07:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-02-16 12:42 - 2013-11-21 07:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-02-16 12:42 - 2013-11-15 15:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-02-16 12:42 - 2013-11-15 15:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2014-02-16 12:42 - 2013-11-15 15:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-02-16 12:42 - 2013-11-15 14:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-02-16 12:42 - 2013-10-31 01:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-02-16 12:42 - 2013-10-31 00:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-02-15 14:13 - 2014-02-15 14:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-03-17 12:45 - 2014-03-17 12:45 - 00017843 _____ () C:\Users\Miri\Desktop\FRST.txt
2014-03-17 12:45 - 2014-03-17 12:45 - 00000000 ____D () C:\FRST
2014-03-17 12:40 - 2014-03-17 12:40 - 00000470 _____ () C:\Users\Miri\Desktop\defogger_disable.log
2014-03-17 12:40 - 2014-03-17 12:40 - 00000000 _____ () C:\Users\Miri\defogger_reenable
2014-03-17 12:40 - 2013-12-04 12:50 - 00000000 ____D () C:\Users\Miri
2014-03-17 12:40 - 2013-03-17 11:26 - 00000000 ____D () C:\Users\Miri\AppData\Roaming\Skype
2014-03-17 12:39 - 2013-12-19 20:20 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B5D406B9-606A-4A21-9A79-149A166845F4}
2014-03-17 12:38 - 2014-03-17 12:38 - 00015500 _____ () C:\Users\Miri\Documents\trojanerboard.odt
2014-03-17 12:38 - 2014-02-03 12:18 - 01562860 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-17 12:35 - 2014-03-17 12:35 - 00380416 _____ () C:\Users\Miri\Desktop\Gmer-19357.exe
2014-03-17 12:35 - 2013-09-30 05:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-17 12:35 - 2013-09-30 04:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-03-17 12:35 - 2013-09-30 04:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-03-17 12:34 - 2014-03-17 12:34 - 02157056 _____ (Farbar) C:\Users\Miri\Desktop\FRST64.exe
2014-03-17 12:33 - 2014-03-17 12:33 - 00050477 _____ () C:\Users\Miri\Desktop\Defogger.exe
2014-03-17 12:26 - 2014-01-12 11:07 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-17 12:25 - 2013-04-21 17:55 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-17 12:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-03-16 23:14 - 2012-12-03 23:16 - 00000000 ____D () C:\Users\Miri\AppData\Roaming\Spotify
2014-03-16 18:34 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-03-15 13:39 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-03-15 13:31 - 2012-12-03 11:32 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1659703965-2282130268-2058980726-1001
2014-03-15 13:21 - 2014-02-12 14:20 - 00005801 _____ () C:\WINDOWS\setupact.log
2014-03-15 13:21 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-15 13:20 - 2014-03-15 13:20 - 00010250 _____ () C:\EamClean.log
2014-03-15 13:20 - 2014-02-13 00:15 - 00006644 _____ () C:\WINDOWS\PFRO.log
2014-03-15 13:19 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-03-15 10:30 - 2014-03-15 10:30 - 00000000 ____D () C:\Users\Miri\AppData\Local\Skype
2014-03-15 10:30 - 2013-03-17 11:26 - 00000000 ____D () C:\ProgramData\Skype
2014-03-15 10:29 - 2014-03-15 10:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-15 10:27 - 2013-08-22 15:44 - 00400800 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-15 00:04 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 00:04 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 00:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-15 00:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-14 00:36 - 2013-02-24 01:03 - 00016110 _____ () C:\Users\Miri\Documents\weblogyoutube.odt
2014-03-13 22:36 - 2012-12-03 23:16 - 00000000 ____D () C:\Users\Miri\AppData\Local\Spotify
2014-03-13 21:38 - 2013-11-26 18:31 - 00000000 ____D () C:\Users\Miri\AppData\Local\PMB Files
2014-03-13 21:38 - 2013-11-26 18:31 - 00000000 ____D () C:\ProgramData\PMB Files
2014-03-12 11:40 - 2014-03-12 11:40 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-03-12 11:40 - 2014-03-12 11:40 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-03-12 11:40 - 2014-01-12 11:13 - 00001008 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-11 19:25 - 2014-03-11 19:25 - 05777288 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2014-03-11 19:25 - 2013-04-21 17:55 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-03-11 19:15 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-03-08 20:57 - 2013-01-12 10:43 - 00000000 ____D () C:\Users\Miri\Documents\ao3
2014-03-08 00:32 - 2012-12-03 12:15 - 00000000 ____D () C:\Users\Miri\AppData\Roaming\vlc
2014-03-08 00:30 - 2013-02-03 12:30 - 00000000 ____D () C:\Users\Miri\Documents\SelfMV
2014-03-08 00:17 - 2013-12-04 12:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2014-03-08 00:12 - 2014-03-08 00:12 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-03-08 00:11 - 2014-03-08 00:11 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-06 23:00 - 2014-03-06 23:00 - 00017475 _____ () C:\WINDOWS\DirectX.log
2014-03-06 22:58 - 2014-03-06 22:58 - 00000000 ____D () C:\Users\Miri\Documents\My Games
2014-03-06 22:58 - 2014-03-06 22:58 - 00000000 ____D () C:\ProgramData\Steam
2014-03-06 22:35 - 2014-03-06 22:35 - 00002291 _____ () C:\Users\Miri\Desktop\South Park Der Stab der Wahrheit.lnk
2014-03-06 22:35 - 2014-03-06 22:32 - 00000000 ____D () C:\Program Files (x86)\South Park Der Stab der Wahrheit
2014-03-06 02:23 - 2013-12-26 14:10 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-05 16:11 - 2014-03-05 16:11 - 00019722 _____ () C:\Users\Miri\Documents\fazit.odt
2014-03-04 23:53 - 2013-12-12 17:44 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-04 23:53 - 2013-12-12 17:44 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-03 15:46 - 2014-03-03 15:46 - 00021840 _____ () C:\WINDOWS\SysWOW64\SIntfNT.dll
2014-03-03 15:46 - 2014-03-03 15:46 - 00017212 _____ () C:\WINDOWS\SysWOW64\SIntf32.dll
2014-03-03 15:46 - 2014-03-03 15:46 - 00012067 _____ () C:\WINDOWS\SysWOW64\SIntf16.dll
2014-03-03 15:45 - 2014-03-03 15:45 - 00003034 _____ () C:\WINDOWS\System32\Tasks\{9B765944-D9BC-44F5-AE9B-B3ADE531A5F6}
2014-03-03 15:36 - 2014-03-03 15:36 - 00001660 _____ () C:\Users\Public\Desktop\Empire Earth.lnk
2014-03-03 15:33 - 2014-03-03 15:33 - 00000224 _____ () C:\WINDOWS\SIERRA.INI
2014-03-03 15:33 - 2014-03-03 15:33 - 00000000 ____D () C:\Sierra
2014-03-03 15:33 - 2012-09-10 21:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-02 22:04 - 2014-03-02 22:04 - 01630353 _____ () C:\Users\Miri\Documents\casta.wma
2014-03-01 21:27 - 2014-03-01 15:56 - 00000000 ____D () C:\Users\Miri\Downloads\Conan
2014-03-01 07:05 - 2014-03-12 11:41 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-01 05:58 - 2014-03-12 11:41 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-01 05:30 - 2014-03-12 11:41 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-01 05:17 - 2014-03-12 11:41 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-01 04:54 - 2014-03-12 11:41 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-01 04:47 - 2014-03-12 11:41 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-01 04:42 - 2014-03-12 11:41 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-01 04:18 - 2014-03-12 11:41 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-01 04:14 - 2014-03-12 11:41 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 11:41 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 11:41 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-01 03:57 - 2014-03-12 11:41 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 11:41 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 11:41 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 11:41 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 11:41 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 11:41 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-28 14:48 - 2012-12-03 20:26 - 00000000 ____D () C:\Users\Miri\AppData\Roaming\dvdcss
2014-02-28 14:25 - 2014-02-28 14:14 - 00000000 ____D () C:\Users\Miri\Downloads\cutmp
2014-02-28 14:14 - 2014-02-28 14:14 - 00000896 _____ () C:\Users\Miri\Desktop\mp3DirectCut.lnk
2014-02-28 14:13 - 2014-02-28 14:13 - 00300850 _____ () C:\Users\Miri\Downloads\mp3DC219.exe
2014-02-26 21:28 - 2013-09-12 19:26 - 00000000 ____D () C:\Users\Miri\Documents\Neuer Ordner
2014-02-26 20:43 - 2014-02-26 20:43 - 00000000 ____D () C:\Users\Miri\AppData\Roaming\sMedio
2014-02-17 16:18 - 2012-12-03 11:26 - 00000000 ___RD () C:\Users\Miri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-17 16:18 - 2012-12-03 11:26 - 00000000 ___RD () C:\Users\Miri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-17 16:09 - 2012-12-03 11:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-17 16:07 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-02-17 16:07 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-02-17 16:07 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-02-16 13:04 - 2013-08-15 23:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-16 13:02 - 2012-12-12 12:32 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-15 14:13 - 2014-02-15 14:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
Files to move or delete:
====================
C:\Users\Miri\AppData\Roaming\CamLayout.ini
C:\Users\Miri\AppData\Roaming\CamShapes.ini
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-12 11:40] - [2014-01-31 17:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02
LastRegBack: 2014-03-15 13:31
==================== End Of Log ============================ --- --- ---
--- --- ---
Addition: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Miri at 2014-03-17 12:45:59
Running from C:\Users\Miri\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.595.5857 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.595.5857 - ABBYY) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Anki (HKLM-x32\...\Anki) (Version: - )
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4336 - AVG Technologies)
AVG 2014 (Version: 14.0.3722 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4336 - AVG Technologies) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{5FD4B351-1567-426F-AEB4-08F41E3FA6C5}) (Version: 0.9.31 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Designer 2.0 (HKLM-x32\...\Designer 2.0_is1) (Version: 7.9.5 - Fomanu AG)
Die*Sims™*3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.42.130 - Electronic Arts)
Edna Bricht Aus - Sammler Edition (HKLM-x32\...\EdnaSE) (Version: 1.2 - Daedalic Entertainment)
Empire Earth (HKLM-x32\...\{2447500B-22D7-47BD-9B13-1A927F43A267}) (Version: - )
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden
Free YouTube Download version 3.2.20.1230 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.20.1230 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.19.1219 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.19.1219 - DVDVideoSoft Ltd.)
Harveys neue Augen Special Edition (HKLM-x32\...\Harveys neue Augen Special Edition) (Version: 1.3 - Daedalic Entertainment)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33268) (Version: 3.6.1.33268.15 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
ISOBuddy (HKLM-x32\...\ISOBuddy) (Version: - )
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Lexmark S310 Series Deinstallationsprogamm (HKLM\...\Lexmark S310 Series) (Version: - Lexmark International, Inc.)
Long Live The Queen (HKLM-x32\...\Steam App 251990) (Version: - Hanako Games)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
Nero 12 Essentials Toshiba (HKLM-x32\...\{BA8958DC-ADD7-41E5-8436-5883C7E871C7}) (Version: 12.0.00400 - Nero AG)
Nero BackItUp (x32 Version: 12.0.1000 - Nero AG) Hidden
Nero BackItUp Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.12600 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero BurnRights (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero BurnRights Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.14800.0.48 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.17600.2.3 - Nero AG) Hidden
Nero Express (x32 Version: 12.0.14001 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Kwik Media (x32 Version: 1.18.16800 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 12.0.4000 - Nero AG) Hidden
Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.1000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.7002 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pflanzen gegen Zombies (HKLM-x32\...\Pflanzen gegen Zombies) (Version: - PopCap Games)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4600 - SRS Labs, Inc.)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6687 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version: - 5th Cell Media)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
South Park Der Stab der Wahrheit Incl. Ultimate Fellowship Pack MULTI-2 1.00 (HKLM-x32\...\South Park Der Stab der Wahrheit Incl. Ultimate Fellowship Pack MULTI-2 1.00) (Version: - )
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.3 - Synaptics Incorporated)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
Toshiba Password Utility (HKLM-x32\...\InstallShield_{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}) (Version: 2.00.910 - Toshiba Corporation)
Toshiba Password Utility (x32 Version: 2.00.910 - Toshiba Corporation) Hidden
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
Toshiba Places Icon Utility (HKLM\...\{C991A8C4-307C-4FDD-8AAE-A1BF44881E95}) (Version: 2.1.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.2.1 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Welcome App (Start-up experience) (x32 Version: 12.0.13000 - Nero AG) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.37 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
28-02-2014 17:13:37 Geplanter Prüfpunkt
03-03-2014 14:32:34 Installiert Empire Earth
06-03-2014 21:58:27 DirectX wurde installiert
14-03-2014 18:18:25 Windows Update
==================== Hosts content: ==========================
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {009BADEE-9088-47E6-BA90-87B717A871DB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0CD45EEE-BA60-402C-83D0-7AE300826A81} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2012-08-14] (Toshiba Europe GmbH)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {407623CB-7CC1-436A-8B31-C36B9ACFDD39} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {66E62ACD-3729-4601-923C-80A7A03572C0} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-14] (Synaptics Incorporated)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EC2B4F12-B0FE-4020-8277-CEF6BC72BF7B} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {EF480173-AF48-44F1-B4A9-4C1247D4F06B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) =============
2011-10-13 22:38 - 2011-10-13 22:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2012-07-19 02:38 - 2012-07-19 02:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-19 02:38 - 2012-07-19 02:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-14 03:13 - 2012-08-14 03:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2013-03-20 12:47 - 2012-09-07 02:40 - 00952496 _____ () C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe
2012-08-06 05:36 - 2012-08-06 05:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-31 08:11 - 2012-07-31 08:11 - 00024576 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\de\TosDILangPack.resources.dll
2014-03-07 15:46 - 2014-03-07 15:46 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\3363e49b745a5ddf1aaf80b18c175191\Windows.UI.ni.dll
2014-03-07 15:47 - 2014-03-07 15:47 - 00521216 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\351e47290edcd65f27c75470c1ea6cd2\Windows.Data.ni.dll
2014-02-14 11:20 - 2014-02-14 11:20 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\8d0f16d53c303f545bdc3bdeeb2a7fb3\Windows.Foundation.ni.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-27 15:48 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-03-20 12:47 - 2012-08-22 06:05 - 01490944 _____ () C:\Program Files (x86)\Lexmark S310 Series\lmabdrs.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-08-10 16:50 - 2012-08-10 16:50 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
2014-02-15 14:13 - 2014-02-15 14:13 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Miri\Downloads\avg_free_x64_all_2014_4259a6848.exe:BDU
AlternateDataStreams: C:\Users\Miri\Downloads\avira_free_antivirus_de.exe:BDU
AlternateDataStreams: C:\Users\Miri\Downloads\FreeYouTubeDownload.exe:BDU
AlternateDataStreams: C:\Users\Miri\Downloads\FreeYouTubeToMP3Converter.exe:BDU
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/16/2014 09:29:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5484
Error: (03/16/2014 09:29:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5484
Error: (03/16/2014 09:29:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/16/2014 09:29:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4078
Error: (03/16/2014 09:29:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4078
Error: (03/16/2014 09:29:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/16/2014 09:29:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2812
Error: (03/16/2014 09:29:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2812
Error: (03/16/2014 09:29:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/16/2014 09:29:03 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1453
System errors:
=============
Error: (03/17/2014 00:22:15 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (03/17/2014 00:40:27 AM) (Source: DCOM) (User: WingDing)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (03/17/2014 00:40:27 AM) (Source: DCOM) (User: WingDing)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (03/17/2014 00:40:27 AM) (Source: DCOM) (User: WingDing)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (03/17/2014 00:40:27 AM) (Source: DCOM) (User: WingDing)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (03/17/2014 00:40:27 AM) (Source: DCOM) (User: WingDing)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (03/17/2014 00:40:27 AM) (Source: DCOM) (User: WingDing)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (03/17/2014 00:40:27 AM) (Source: DCOM) (User: WingDing)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (03/17/2014 00:40:27 AM) (Source: DCOM) (User: WingDing)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (03/17/2014 00:40:27 AM) (Source: DCOM) (User: WingDing)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Microsoft Office Sessions:
=========================
Error: (03/16/2014 09:29:07 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5484
Error: (03/16/2014 09:29:07 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5484
Error: (03/16/2014 09:29:07 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/16/2014 09:29:05 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4078
Error: (03/16/2014 09:29:05 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4078
Error: (03/16/2014 09:29:05 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/16/2014 09:29:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2812
Error: (03/16/2014 09:29:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2812
Error: (03/16/2014 09:29:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/16/2014 09:29:03 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1453
CodeIntegrity Errors:
===================================
Date: 2014-03-08 00:15:00.175
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-03-08 00:14:58.097
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-03-08 00:14:54.042
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-03-08 00:14:51.964
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-03-08 00:14:49.907
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 37%
Total physical RAM: 3977.22 MB
Available physical RAM: 2486.32 MB
Total Pagefile: 5129.22 MB
Available Pagefile: 3272.72 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB
==================== Drives ================================
Drive c: (TI30992300A) (Fixed) (Total:454.95 GB) (Free:333.83 GB) NTFS
Drive d: (Airy Aster) (Fixed) (Total:931.51 GB) (Free:289.82 GB) NTFS
Drive e: (DVD_VIDEO_RECORDER) (CDROM) (Total:2.09 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 5567C182)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
==================== End Of Log ============================ GMER: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-17 13:11:06
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002c TOSHIBA_MQ01ABD050 rev.AX003M 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Miri\AppData\Local\Temp\pxriqpob.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\System32\igfxpers.exe[4252] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffbfaf2169a 4 bytes [F2, FA, FB, 7F]
.text C:\Windows\System32\igfxpers.exe[4252] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffbfaf216a2 4 bytes [F2, FA, FB, 7F]
.text C:\Windows\System32\igfxpers.exe[4252] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffbfaf2181a 4 bytes [F2, FA, FB, 7F]
.text C:\Windows\System32\igfxpers.exe[4252] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffbfaf21832 4 bytes [F2, FA, FB, 7F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4976] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffbdf8e1f6a 4 bytes [8E, DF, FB, 7F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4976] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffbdf8e1f82 4 bytes [8E, DF, FB, 7F]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [936:960] fffff960008f64d0
Thread C:\WINDOWS\system32\svchost.exe [1540:3020] 00007ffbf1e31584
Thread C:\WINDOWS\system32\svchost.exe [1540:3048] 00007ffbf1a91b30
Thread C:\WINDOWS\system32\svchost.exe [1540:3300] 00007ffbf1574608
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ---- |