Windows 7: Avast meldete Infektion durch win32:bprotect-D

05/19/2014 11:37
Prüfung aller lokalen Laufwerke

Datei C:\Program Files (x86)\Movie2KDownloader.com\M2Kextsetup.exe ist infiziert von Win32:Downloader-TPG [PUP], In Container verschoben
Datei C:\Program Files (x86)\Movie2KDownloader.com\Movie2KDownloader.exe ist infiziert von Win32:Downloader-TPG [PUP], In Container verschoben
Datei C:\Users\kitty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2RZOZLS0\pack[1].7z|>bprotect.exe ist infiziert von Win32:BProtect-D [Trj], Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, In Container verschieben: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, Reparieren: Fehler 42060 {Die Datei wurde nicht repariert.}, Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, In Container verschieben: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}
Datei C:\Users\kitty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2RZOZLS0\pack[1].7z|>loader.dll ist infiziert von Win32:BProtect-G [Trj], Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, In Container verschieben: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, In Container verschieben: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, Reparieren: Fehler 42060 {Die Datei wurde nicht repariert.}, Reparieren: Fehler 42060 {Die Datei wurde nicht repariert.}
Datei C:\Users\kitty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2RZOZLS0\pack[1].7z|>protector.dll ist infiziert von Win32:BProtect-D [Trj], Reparieren: Fehler 42060 {Die Datei wurde nicht repariert.}, Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, Reparieren: Fehler 42060 {Die Datei wurde nicht repariert.}
Datei C:\Users\kitty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2RZOZLS0\pack[2].7z|>bprotect.exe ist infiziert von Win32:BProtect-F [Trj], Reparieren: Fehler 42060 {Die Datei wurde nicht repariert.}
Prüfung abgebrochen

Anzahl durchsuchter Ordner: 7144
Anzahl der geprüften Dateien: 213994
Anzahl infizierter Dateien: 6

----------------------------------------
05/23/2014 10:14
Prüfung aller lokalen Laufwerke

Datei C:\Users\kitty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2RZOZLS0\pack[1].7z|>bprotect.exe ist infiziert von Win32:BProtect-D [Trj], Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}
Datei C:\Users\kitty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2RZOZLS0\pack[1].7z|>loader.dll ist infiziert von Win32:BProtect-G [Trj]
Prüfung abgebrochen

Anzahl durchsuchter Ordner: 7199
Anzahl der geprüften Dateien: 214601
Anzahl infizierter Dateien: 2

----------------------------------------
05/23/2014 12:39
Prüfung aller lokalen Laufwerke

Datei C:\AdwCleaner\Quarantine\C\Users\kitty\AppData\Roaming\OpenCandy\C025FDA40EE948EC9460EC42417BA447\TuneUpUtilities2013-2200217-p2v1.exe.vir|>[Embedded_I#015b98]|>[Embedded_R#MSI]|>TUU.cab|>SchedAgent_2007.bpl Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\AdwCleaner\Quarantine\C\Users\kitty\AppData\Roaming\OpenCandy\C025FDA40EE948EC9460EC42417BA447\TuneUpUtilities2013-2200217-p2v1.exe.vir|>[Embedded_I#015b98]|>[Embedded_R#MSI]|>TUU.cab Fehler 42144 {OLE-Archiv ist beschädigt.}
Datei C:\Users\kitty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2RZOZLS0\pack[1].7z|>bprotect.exe ist infiziert von Win32:BProtect-D [Trj], Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, Reparieren: Fehler 42060 {Die Datei wurde nicht repariert.}, Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}
Prüfung abgebrochen

Anzahl durchsuchter Ordner: 7248
Anzahl der geprüften Dateien: 214735
Anzahl infizierter Dateien: 1

----------------------------------------
06/02/2014 22:54
Prüfung aller lokalen Laufwerke

Datei C:\AdwCleaner\Quarantine\C\Users\kitty\AppData\Roaming\OpenCandy\C025FDA40EE948EC9460EC42417BA447\TuneUpUtilities2013-2200217-p2v1.exe.vir|>[Embedded_I#015b98]|>[Embedded_R#MSI]|>TUU.cab|>SchedAgent_2007.bpl Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\AdwCleaner\Quarantine\C\Users\kitty\AppData\Roaming\OpenCandy\C025FDA40EE948EC9460EC42417BA447\TuneUpUtilities2013-2200217-p2v1.exe.vir|>[Embedded_I#015b98]|>[Embedded_R#MSI]|>TUU.cab Fehler 42144 {OLE-Archiv ist beschädigt.}
Datei C:\Users\kitty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2RZOZLS0\pack[1].7z|>bprotect.exe ist infiziert von Win32:BProtect-D [Trj], In Container verschieben: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}
Datei C:\Users\kitty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2RZOZLS0\pack[1].7z|>loader.dll ist infiziert von Win32:BProtect-G [Trj], Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}
Prüfung abgebrochen

Anzahl durchsuchter Ordner: 6036
Anzahl der geprüften Dateien: 180411
Anzahl infizierter Dateien: 2

----------------------------------------
06/03/2014 01:37
Prüfung aller lokalen Laufwerke

Datei C:\AdwCleaner\Quarantine\C\Users\kitty\AppData\Roaming\OpenCandy\C025FDA40EE948EC9460EC42417BA447\TuneUpUtilities2013-2200217-p2v1.exe.vir|>[Embedded_I#015b98]|>[Embedded_R#MSI]|>TUU.cab|>SchedAgent_2007.bpl Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\AdwCleaner\Quarantine\C\Users\kitty\AppData\Roaming\OpenCandy\C025FDA40EE948EC9460EC42417BA447\TuneUpUtilities2013-2200217-p2v1.exe.vir|>[Embedded_I#015b98]|>[Embedded_R#MSI]|>TUU.cab Fehler 42144 {OLE-Archiv ist beschädigt.}
Datei C:\Users\kitty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2RZOZLS0\pack[1].7z|>bprotect.exe ist infiziert von Win32:BProtect-D [Trj], In Container verschieben: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}
Prüfung abgebrochen

Anzahl durchsuchter Ordner: 6036
Anzahl der geprüften Dateien: 180272
Anzahl infizierter Dateien: 1
         

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by kitty (administrator) on KITTY-TOSH on 03-06-2014 00:48:48
Running from C:\Users\kitty\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
() C:\Program Files (x86)\Tor\tor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2181224 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2387752 2010-09-30] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-08-22] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1409424 2011-06-29] (Nero AG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-15] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2475384 2010-11-02] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CommonToolkitTray] => C:\Program Files (x86)\Fighters\Tray\FightersTray.exe [1425952 2013-02-13] (SPAMfighter ApS)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-23] (AVAST Software)
HKU\.DEFAULT\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-799260515-3988412925-184295380-1000\...\MountPoints2: {a97d098e-68ec-11e1-b640-806e6f6e6963} - E:\setup.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=prc265
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=a12627-175&apn_uid=3443417291004858&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM-x32 - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=a12627-175&apn_uid=3443417291004858&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=a12627-175&apn_uid=3443417291004858&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\kitty\AppData\Roaming\Mozilla\Firefox\Profiles\pwqtgth2.default-1352137203660
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://de.yhs4.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin - C:\Program Files (x86)\Java\jre6\bin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\kitty\AppData\Roaming\Mozilla\Firefox\Profiles\pwqtgth2.default-1352137203660\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Add to Amazon Wish List Button - C:\Users\kitty\AppData\Roaming\Mozilla\Firefox\Profiles\pwqtgth2.default-1352137203660\Extensions\amznUWL2@amazon.com.xpi [2013-05-12]
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-06-03]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-06-03]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-08] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2266296 2014-05-16] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1809920 2010-08-04] (Realsil Microelectronics Inc.)
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-28] ()
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-08] ()
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-03 00:48 - 2014-06-03 00:49 - 00016474 _____ () C:\Users\kitty\Desktop\FRST.txt
2014-06-03 00:48 - 2014-06-03 00:48 - 00000000 ____D () C:\FRST
2014-06-03 00:47 - 2014-06-03 00:48 - 02068992 _____ (Farbar) C:\Users\kitty\Desktop\FRST64.exe
2014-06-03 00:37 - 2014-06-03 00:38 - 00000472 _____ () C:\Users\kitty\Desktop\defogger_disable.log
2014-06-03 00:37 - 2014-06-03 00:37 - 00000000 _____ () C:\Users\kitty\defogger_reenable
2014-06-03 00:36 - 2014-06-03 00:36 - 00050477 _____ () C:\Users\kitty\Desktop\Defogger.exe
2014-06-01 21:25 - 2014-06-01 21:25 - 01327971 _____ () C:\Users\kitty\Desktop\adwcleaner_3.211.exe
2014-05-23 13:28 - 2014-05-23 13:28 - 00000000 ____D () C:\ProgramData\PDF Architect
2014-05-23 11:25 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-23 11:24 - 2014-06-03 00:04 - 00000000 ____D () C:\AdwCleaner
2014-05-23 09:45 - 2014-05-23 09:45 - 00000000 ____D () C:\Users\kitty\Documents\Simply Super Software
2014-05-23 09:31 - 2014-05-23 09:39 - 00000000 ____D () C:\ProgramData\TEMP
2014-05-23 09:31 - 2014-05-23 09:31 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-23 09:29 - 2014-05-23 09:45 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-05-23 00:27 - 2014-05-23 00:27 - 00000000 _____ () C:\autoexec.bat
2014-05-23 00:16 - 2014-05-23 00:16 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-22 23:55 - 2014-06-01 21:23 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-19 12:38 - 2014-05-23 13:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-16 00:33 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 00:33 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 00:33 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-16 00:33 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-16 00:33 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-16 00:33 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 20:16 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 20:16 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 20:15 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 20:15 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 20:15 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 20:15 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 20:15 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 20:15 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 20:15 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 20:15 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 20:15 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 20:15 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 20:15 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 20:15 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 20:14 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 20:14 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 20:14 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 20:14 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 20:14 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 20:14 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 20:14 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 20:14 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 20:14 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 20:14 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 20:14 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 20:14 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 20:14 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 20:14 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 20:14 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 20:14 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 20:14 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 20:14 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 20:14 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 20:14 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-08 13:47 - 2014-05-08 13:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-08 13:47 - 2014-05-08 13:47 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-05 14:32 - 2014-05-05 14:32 - 00000788 _____ () C:\Users\kitty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Poker at bet365.lnk
2014-05-05 14:31 - 2014-05-05 14:31 - 00000000 ____D () C:\Poker

==================== One Month Modified Files and Folders =======

2014-06-03 00:49 - 2014-06-03 00:48 - 00016474 _____ () C:\Users\kitty\Desktop\FRST.txt
2014-06-03 00:49 - 2012-06-02 15:19 - 00000000 ____D () C:\Users\kitty\AppData\Local\Temp
2014-06-03 00:48 - 2014-06-03 00:48 - 00000000 ____D () C:\FRST
2014-06-03 00:48 - 2014-06-03 00:47 - 02068992 _____ (Farbar) C:\Users\kitty\Desktop\FRST64.exe
2014-06-03 00:45 - 2012-06-02 16:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-03 00:38 - 2014-06-03 00:37 - 00000472 _____ () C:\Users\kitty\Desktop\defogger_disable.log
2014-06-03 00:37 - 2014-06-03 00:37 - 00000000 _____ () C:\Users\kitty\defogger_reenable
2014-06-03 00:37 - 2012-06-02 15:19 - 00000000 ____D () C:\Users\kitty
2014-06-03 00:36 - 2014-06-03 00:36 - 00050477 _____ () C:\Users\kitty\Desktop\Defogger.exe
2014-06-03 00:21 - 2013-07-01 00:03 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-03 00:16 - 2009-07-14 06:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-03 00:16 - 2009-07-14 06:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-03 00:10 - 2012-03-08 08:49 - 01809285 _____ () C:\Windows\WindowsUpdate.log
2014-06-03 00:06 - 2012-06-03 11:51 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-03 00:05 - 2013-07-20 20:53 - 00000384 _____ () C:\Windows\Tasks\SLOW-PCfighter64-kitty-Notification.job
2014-06-03 00:05 - 2013-07-01 00:03 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-03 00:05 - 2010-11-21 05:47 - 00269644 _____ () C:\Windows\PFRO.log
2014-06-03 00:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-03 00:05 - 2009-07-14 06:51 - 00102172 _____ () C:\Windows\setupact.log
2014-06-03 00:04 - 2014-05-23 11:24 - 00000000 ____D () C:\AdwCleaner
2014-06-02 23:49 - 2012-07-07 09:22 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-02 23:49 - 2012-06-28 18:16 - 01942016 ___SH () C:\Users\kitty\Desktop\Thumbs.db
2014-06-02 23:31 - 2013-01-30 22:20 - 00000000 ____D () C:\ProgramData\AAV
2014-06-02 14:40 - 2010-11-21 08:50 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-06-02 14:40 - 2010-11-21 08:50 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-06-02 14:40 - 2009-07-14 07:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-01 23:33 - 2012-06-02 15:42 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-01 21:25 - 2014-06-01 21:25 - 01327971 _____ () C:\Users\kitty\Desktop\adwcleaner_3.211.exe
2014-06-01 21:23 - 2014-05-22 23:55 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-23 14:08 - 2011-08-22 11:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2014-05-23 14:06 - 2011-08-22 11:16 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA
2014-05-23 14:06 - 2011-08-22 11:10 - 00000000 ____D () C:\Program Files\TOSHIBA
2014-05-23 14:00 - 2011-08-22 11:10 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-23 13:28 - 2014-05-23 13:28 - 00000000 ____D () C:\ProgramData\PDF Architect
2014-05-23 13:22 - 2014-05-19 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-23 13:22 - 2011-08-22 11:10 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-23 13:17 - 2013-12-18 11:19 - 00000000 ____D () C:\Program Files (x86)\HP
2014-05-23 13:15 - 2011-08-22 11:16 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-23 13:15 - 2011-08-22 11:16 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-23 13:12 - 2013-04-11 00:05 - 00000000 ____D () C:\Users\kitty\AppData\Roaming\Amazon
2014-05-23 13:12 - 2013-04-11 00:04 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-05-23 13:12 - 2012-06-02 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2014-05-23 09:45 - 2014-05-23 09:45 - 00000000 ____D () C:\Users\kitty\Documents\Simply Super Software
2014-05-23 09:45 - 2014-05-23 09:29 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-05-23 09:39 - 2014-05-23 09:31 - 00000000 ____D () C:\ProgramData\TEMP
2014-05-23 09:31 - 2014-05-23 09:31 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-23 00:27 - 2014-05-23 00:27 - 00000000 _____ () C:\autoexec.bat
2014-05-23 00:16 - 2014-05-23 00:16 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-22 23:40 - 2012-06-02 16:03 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-22 23:40 - 2012-06-02 16:03 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-22 23:40 - 2012-06-02 16:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-22 23:38 - 2012-06-02 15:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-22 10:58 - 2013-09-15 11:01 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-05-19 11:19 - 2012-10-25 00:42 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-19 11:15 - 2013-07-23 17:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-19 11:13 - 2012-06-02 15:24 - 00000000 ___RD () C:\Users\kitty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-19 11:13 - 2012-06-02 15:19 - 00000000 ___RD () C:\Users\kitty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-19 11:08 - 2014-04-28 10:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 00:02 - 2012-06-04 22:13 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-12 13:48 - 2013-12-27 23:20 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-12 13:48 - 2012-06-03 12:15 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-12 13:48 - 2012-06-03 12:15 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-09 14:16 - 2013-07-01 00:03 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 14:16 - 2013-07-01 00:03 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-09 08:14 - 2014-05-15 20:15 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 20:15 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 13:51 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-08 13:47 - 2014-05-08 13:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-08 13:47 - 2014-05-08 13:47 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-08 13:47 - 2013-03-14 19:18 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-08 13:47 - 2013-03-14 19:18 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-08 13:47 - 2012-06-03 12:15 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1399895288227
2014-05-08 13:47 - 2012-06-03 12:15 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1399895288227
2014-05-08 13:47 - 2012-06-03 12:15 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-08 13:47 - 2012-06-03 12:15 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-08 13:47 - 2012-06-03 12:15 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-06 06:40 - 2014-05-16 00:33 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-16 00:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-16 00:33 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-16 00:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-16 00:33 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-16 00:33 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 14:32 - 2014-05-05 14:32 - 00000788 _____ () C:\Users\kitty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Poker at bet365.lnk
2014-05-05 14:31 - 2014-05-05 14:31 - 00000000 ____D () C:\Poker
2014-05-05 14:10 - 2013-12-23 20:26 - 00000056 _____ () C:\Users\kitty\AppData\Roaming\WB.CFG

Files to move or delete:
====================
C:\Users\kitty\vlc-2.1.2-win32.exe


Some content of TEMP:
====================
C:\Users\kitty\AppData\Local\Temp\appshat-distribution.exe
C:\Users\kitty\AppData\Local\Temp\bi_cleaner.exe
C:\Users\kitty\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\kitty\AppData\Local\Temp\Delta.exe
C:\Users\kitty\AppData\Local\Temp\DeltaTB.exe
C:\Users\kitty\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\kitty\AppData\Local\Temp\install_flashplayer11x32au_mssd_aih.exe
C:\Users\kitty\AppData\Local\Temp\ja-k7axn.dll
C:\Users\kitty\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\kitty\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\kitty\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\kitty\AppData\Local\Temp\jrnidyin.dll
C:\Users\kitty\AppData\Local\Temp\MGS35FD.exe
C:\Users\kitty\AppData\Local\Temp\MGS5D99.DLL
C:\Users\kitty\AppData\Local\Temp\MGS76F3.DLL
C:\Users\kitty\AppData\Local\Temp\MGS9CF.exe
C:\Users\kitty\AppData\Local\Temp\MoviesToolbarSetup_Somoto.exe
C:\Users\kitty\AppData\Local\Temp\MybabylonTB.exe
C:\Users\kitty\AppData\Local\Temp\OfficeSetup.exe
C:\Users\kitty\AppData\Local\Temp\propsys.dll
C:\Users\kitty\AppData\Local\Temp\Quarantine.exe
C:\Users\kitty\AppData\Local\Temp\setup_3.2.20.exe
C:\Users\kitty\AppData\Local\Temp\SHSetup.exe
C:\Users\kitty\AppData\Local\Temp\SkypeSetup.exe
C:\Users\kitty\AppData\Local\Temp\uninst1.exe
C:\Users\kitty\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\kitty\AppData\Local\Temp\WSSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-16 00:34

==================== End Of Log ============================
         

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by kitty at 2014-06-03 00:50:18
Running from C:\Users\kitty\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD Media Foundation Decoders (Version: 1.0.60628.2255 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0628.2340.40663 - Ihr Firmenname) Hidden
ATI Catalyst Install Manager (HKLM\...\{6167672A-758D-9960-C32C-47A15E180A70}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0628.2340.40663 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0628.2340.40663 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0628.2340.40663 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help English (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help French (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help German (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
ccc-utility64 (Version: 2011.0628.2340.40663 - ATI) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dungeon Siege 2 (HKLM-x32\...\DungeonSiege2) (Version:  - Microsoft)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
High-Definition Video Playback (x32 Version: 7.3.10900.8.0 - Nero AG) Hidden
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4615.1002 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.1.1 (x86 de)) (Version: 24.1.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10900.8.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10400.2.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.12700.0.7 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10300.1.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.15100.59.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{2063D199-D79F-471A-9019-9E647296394D}) (Version: 10.6.10300 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
NeroKwikMedia Help (CHM) (x32 Version: 10.6.10900 - Nero AG) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poker at bet365 (HKCU\...\bet365poker) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.30.1019.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6241 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SLOW-PCfighter (HKLM\...\SLOW-PCfighter) (Version: 1.7.52 - SPAMfighter ApS.)
SLOW-PCfighter (Version: 1.7.52 - SPAMfighter ApS) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.16.0 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.01.00 - TOSHIBA CORPORATION)
TOSHIBA ConfigFree (HKLM-x32\...\{F52618B2-A995-4F8D-A6C8-9E235A470C68}) (Version: 8.0.36 - TOSHIBA CORPORATION)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.11C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.34C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.34C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.5 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (x32 Version: 1.63.51.2C - TOSHIBA CORPORATION) Hidden
TOSHIBA Supervisorkennwort (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.22.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.22.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.22.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 1.1.5.7 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 1.1.5.7 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}) (Version: 1.0.4 - TOSHIBA CORPORATION)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )
TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden
Utility Common Driver (x32 Version: 1.0.52.2C - TOSHIBA) Hidden
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

28-04-2014 08:13:02 Windows Update
28-04-2014 08:26:14 Windows Update
28-04-2014 08:45:10 Windows Update
28-04-2014 09:16:25 Windows Update
28-04-2014 09:22:35 Windows Update
06-05-2014 08:46:52 Windows Update
19-05-2014 09:22:09 Windows Update
23-05-2014 07:31:13 Windows Update
23-05-2014 11:14:12 Removed HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät
23-05-2014 11:16:22 Removed HP Update.
23-05-2014 11:19:57 Removed Java(TM) 6 Update 20
23-05-2014 11:24:08 Removed Microsoft Silverlight
23-05-2014 11:27:45 Removed PDF Architect
23-05-2014 11:31:17 Removed SpyHunter
23-05-2014 11:54:30 Steuer-Spar-Erklärung 2013 wurde entfernt.
23-05-2014 11:57:40 Konfiguriert TOSHIBA Bulletin Board
23-05-2014 12:05:41 Removed TOSHIBA Disc Creator
23-05-2014 12:07:32 Removed TOSHIBA TEMPRO
01-06-2014 19:20:44 Removed SpyHunter
01-06-2014 19:26:29 Windows Update
01-06-2014 19:40:26 SLOW-PCfighter (64-bit) Backup
02-06-2014 21:30:38 Removed AAVUpdateManager.

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0A81A88A-DED8-430F-B2AE-4306D4451D29} - System32\Tasks\SLOW-PCfighter64-kitty-Notification => C:\Program Files\Fighters\SLOW-PCfighter\Sync.exe [2013-02-25] (SPAMfighter ApS)
Task: {3266498F-225C-4981-B474-C3A939B62BAC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-05-22] (Microsoft Corporation)
Task: {506CE264-6677-49DF-93CF-90FE40422E24} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION)
Task: {69986ACF-D0BE-46DD-980A-70DCC62EFC11} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-08] (AVAST Software)
Task: {82EC200F-DACD-4989-9911-50F2984B3C93} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-01] (Google Inc.)
Task: {958FA99F-9322-4BC3-B40E-9796E5C0F5C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-01] (Google Inc.)
Task: {989C2EFE-FBCD-425D-8337-854DD9956A83} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {C6A84BEA-68DE-4446-95DF-4BFFCD7BC84D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-22] (Adobe Systems Incorporated)
Task: {EC0DCBF2-E14E-4504-8545-CD8C7B390BED} - \DealPly No Task File <==== ATTENTION
Task: {F3E8B627-B55D-4E65-89BF-0612AC81F1CF} - System32\Tasks\{F25A7CF2-5E07-4815-A965-5DC9C1B6A214} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsMain
Task: {F66E63DE-2B3C-4127-85AC-F4C5D6BD5755} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-04-15] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SLOW-PCfighter64-kitty-Notification.job => C:\Program Files\Fighters\SLOW-PCfighter\Sync.exe

==================== Loaded Modules (whitelisted) =============

2014-03-21 20:33 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-09-15 11:02 - 2014-04-15 03:39 - 00630952 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-08-28 10:49 - 2013-08-28 10:49 - 03233806 _____ () C:\Program Files (x86)\Tor\tor.exe
2010-10-28 15:27 - 2010-10-28 15:27 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-10-28 15:27 - 2010-10-28 15:27 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-10-28 15:27 - 2010-10-28 15:27 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-10-28 15:27 - 2010-10-28 15:27 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2011-08-22 11:10 - 2010-08-31 15:21 - 00017272 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-12 20:08 - 2009-03-12 20:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2011-06-29 00:38 - 2011-06-29 00:38 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-22 11:17 - 2011-03-22 11:17 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-02-05 18:44 - 2010-02-05 18:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-06-02 22:39 - 2014-06-02 22:39 - 02259456 _____ () C:\Program Files\AVAST Software\Avast\defs\14060201\algo.dll
2013-12-14 14:47 - 2013-12-14 14:47 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-19 12:38 - 2014-05-19 12:38 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2014 00:06:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 11:49:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 11:23:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 10:35:10 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (06/01/2014 10:35:12 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (06/01/2014 09:31:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/01/2014 09:29:06 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (06/01/2014 09:19:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/23/2014 02:28:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/23/2014 02:17:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/03/2014 00:06:36 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.178.23192.168.137.0255.255.255.0

Error: (06/03/2014 00:06:36 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 

Error: (06/03/2014 00:06:27 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (06/03/2014 00:05:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/03/2014 00:05:32 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (06/03/2014 00:04:41 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/02/2014 11:50:00 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.178.23192.168.137.0255.255.255.0

Error: (06/02/2014 11:49:59 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 

Error: (06/02/2014 11:49:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/02/2014 11:49:19 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126


Microsoft Office Sessions:
=========================
Error: (06/03/2014 00:06:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 11:49:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 11:23:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 10:35:10 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (06/01/2014 10:35:12 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (06/01/2014 09:31:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/01/2014 09:29:06 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (06/01/2014 09:19:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/23/2014 02:28:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/23/2014 02:17:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 41%
Total physical RAM: 3691.64 MB
Available physical RAM: 2167.61 MB
Total Pagefile: 7381.45 MB
Available Pagefile: 5581.85 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:232.88 GB) (Free:172.28 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.49 GB) (Free:202.76 GB) NTFS
Drive e: (DSII_1) (CDROM) (Total:0.55 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 41D68339)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232 GB) - (Type=07 NTFS)

==================== End Of Log ============================