| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Avast meldete Infektion durch win32:bprotect-DWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.06.2014, 23:15
| #1 |
| |  Windows 7: Avast meldete Infektion durch win32:bprotect-D Hallo, seit einigen Tagen kämpfe ich nun schon mit einem (oder mehreren) Trojanern. Am 23.05. meldetet Avast den Trojaner win32:bprotect-D. Daraufhin lies ich eine komplettprüfung mit anschließender Startzeitprüfung durchlaufen. Die befallenen/fehlerhaften Dateien ließen sich weder reparieren noch in die Quarantäne verschieben. jedes Mal kam Fehler 42111 (diese Aktion wird von diese Art Archiven nicht unterstützt). Ich ließ den Laptop einige Tage in Ruhe, versuchte Rat von Bekannten einzuholen. Einer empfohl mir den ADWcleaner. Also runter geladen, durchlaufen lassen und Meldungen mehrerer Fehler/Trojaner/Adware kamen und wurden auch anscheinend in die Quarantäne verschoben bzw. gelöscht. Neuer Scan und siehe da: bprotect-D ist unter anderem immernoch da. Nun habe ich hoffentlich, wie in der Voranleitung beschrieben, die Logs gesammelt, die ihr braucht. Fange nun an mit dem Avast Log und dann den ersten geforderten FRST Log. Code:
ATTFilter 05/19/2014 11:37
Prüfung aller lokalen Laufwerke
Datei C:\Program Files (x86)\Movie2KDownloader.com\M2Kextsetup.exe ist infiziert von Win32:Downloader-TPG [PUP], In Container verschoben
Datei C:\Program Files (x86)\Movie2KDownloader.com\Movie2KDownloader.exe ist infiziert von Win32:Downloader-TPG [PUP], In Container verschoben
Datei C:\Users\kitty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2RZOZLS0\pack[1].7z|>bprotect.exe ist infiziert von Win32:BProtect-D [Trj], Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, In Container verschieben: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, Reparieren: Fehler 42060 {Die Datei wurde nicht repariert.}, Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, In Container verschieben: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}
Datei C:\Users\kitty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2RZOZLS0\pack[1].7z|>loader.dll ist infiziert von Win32:BProtect-G [Trj], Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, In Container verschieben: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, In Container verschieben: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, Reparieren: Fehler 42060 {Die Datei wurde nicht repariert.}, Reparieren: Fehler 42060 {Die Datei wurde nicht repariert.}
Datei C:\Users\kitty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2RZOZLS0\pack[1].7z|>protector.dll ist infiziert von Win32:BProtect-D [Trj], Reparieren: Fehler 42060 {Die Datei wurde nicht repariert.}, Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, Reparieren: Fehler 42060 {Die Datei wurde nicht repariert.}
Datei C:\Users\kitty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2RZOZLS0\pack[2].7z|>bprotect.exe ist infiziert von Win32:BProtect-F [Trj], Reparieren: Fehler 42060 {Die Datei wurde nicht repariert.}
Prüfung abgebrochen
Anzahl durchsuchter Ordner: 7144
Anzahl der geprüften Dateien: 213994
Anzahl infizierter Dateien: 6
----------------------------------------
05/23/2014 10:14
Prüfung aller lokalen Laufwerke
Datei C:\Users\kitty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2RZOZLS0\pack[1].7z|>bprotect.exe ist infiziert von Win32:BProtect-D [Trj], Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}
Datei C:\Users\kitty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2RZOZLS0\pack[1].7z|>loader.dll ist infiziert von Win32:BProtect-G [Trj]
Prüfung abgebrochen
Anzahl durchsuchter Ordner: 7199
Anzahl der geprüften Dateien: 214601
Anzahl infizierter Dateien: 2
----------------------------------------
05/23/2014 12:39
Prüfung aller lokalen Laufwerke
Datei C:\AdwCleaner\Quarantine\C\Users\kitty\AppData\Roaming\OpenCandy\C025FDA40EE948EC9460EC42417BA447\TuneUpUtilities2013-2200217-p2v1.exe.vir|>[Embedded_I#015b98]|>[Embedded_R#MSI]|>TUU.cab|>SchedAgent_2007.bpl Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\AdwCleaner\Quarantine\C\Users\kitty\AppData\Roaming\OpenCandy\C025FDA40EE948EC9460EC42417BA447\TuneUpUtilities2013-2200217-p2v1.exe.vir|>[Embedded_I#015b98]|>[Embedded_R#MSI]|>TUU.cab Fehler 42144 {OLE-Archiv ist beschädigt.}
Datei C:\Users\kitty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2RZOZLS0\pack[1].7z|>bprotect.exe ist infiziert von Win32:BProtect-D [Trj], Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, Reparieren: Fehler 42060 {Die Datei wurde nicht repariert.}, Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}
Prüfung abgebrochen
Anzahl durchsuchter Ordner: 7248
Anzahl der geprüften Dateien: 214735
Anzahl infizierter Dateien: 1
----------------------------------------
06/02/2014 22:54
Prüfung aller lokalen Laufwerke
Datei C:\AdwCleaner\Quarantine\C\Users\kitty\AppData\Roaming\OpenCandy\C025FDA40EE948EC9460EC42417BA447\TuneUpUtilities2013-2200217-p2v1.exe.vir|>[Embedded_I#015b98]|>[Embedded_R#MSI]|>TUU.cab|>SchedAgent_2007.bpl Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\AdwCleaner\Quarantine\C\Users\kitty\AppData\Roaming\OpenCandy\C025FDA40EE948EC9460EC42417BA447\TuneUpUtilities2013-2200217-p2v1.exe.vir|>[Embedded_I#015b98]|>[Embedded_R#MSI]|>TUU.cab Fehler 42144 {OLE-Archiv ist beschädigt.}
Datei C:\Users\kitty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2RZOZLS0\pack[1].7z|>bprotect.exe ist infiziert von Win32:BProtect-D [Trj], In Container verschieben: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}, Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}
Datei C:\Users\kitty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2RZOZLS0\pack[1].7z|>loader.dll ist infiziert von Win32:BProtect-G [Trj], Löschen: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}
Prüfung abgebrochen
Anzahl durchsuchter Ordner: 6036
Anzahl der geprüften Dateien: 180411
Anzahl infizierter Dateien: 2
----------------------------------------
06/03/2014 01:37
Prüfung aller lokalen Laufwerke
Datei C:\AdwCleaner\Quarantine\C\Users\kitty\AppData\Roaming\OpenCandy\C025FDA40EE948EC9460EC42417BA447\TuneUpUtilities2013-2200217-p2v1.exe.vir|>[Embedded_I#015b98]|>[Embedded_R#MSI]|>TUU.cab|>SchedAgent_2007.bpl Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\AdwCleaner\Quarantine\C\Users\kitty\AppData\Roaming\OpenCandy\C025FDA40EE948EC9460EC42417BA447\TuneUpUtilities2013-2200217-p2v1.exe.vir|>[Embedded_I#015b98]|>[Embedded_R#MSI]|>TUU.cab Fehler 42144 {OLE-Archiv ist beschädigt.}
Datei C:\Users\kitty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2RZOZLS0\pack[1].7z|>bprotect.exe ist infiziert von Win32:BProtect-D [Trj], In Container verschieben: Fehler 42111 {Diese Aktion wird für diese Art von Archiven nicht unterstützt.}
Prüfung abgebrochen
Anzahl durchsuchter Ordner: 6036
Anzahl der geprüften Dateien: 180272
Anzahl infizierter Dateien: 1
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by kitty (administrator) on KITTY-TOSH on 03-06-2014 00:48:48
Running from C:\Users\kitty\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
() C:\Program Files (x86)\Tor\tor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2181224 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2387752 2010-09-30] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-08-22] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1409424 2011-06-29] (Nero AG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-15] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2475384 2010-11-02] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CommonToolkitTray] => C:\Program Files (x86)\Fighters\Tray\FightersTray.exe [1425952 2013-02-13] (SPAMfighter ApS)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-23] (AVAST Software)
HKU\.DEFAULT\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-799260515-3988412925-184295380-1000\...\MountPoints2: {a97d098e-68ec-11e1-b640-806e6f6e6963} - E:\setup.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=prc265
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=a12627-175&apn_uid=3443417291004858&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM-x32 - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=a12627-175&apn_uid=3443417291004858&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=a12627-175&apn_uid=3443417291004858&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\kitty\AppData\Roaming\Mozilla\Firefox\Profiles\pwqtgth2.default-1352137203660
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://de.yhs4.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin - C:\Program Files (x86)\Java\jre6\bin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\kitty\AppData\Roaming\Mozilla\Firefox\Profiles\pwqtgth2.default-1352137203660\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Add to Amazon Wish List Button - C:\Users\kitty\AppData\Roaming\Mozilla\Firefox\Profiles\pwqtgth2.default-1352137203660\Extensions\amznUWL2@amazon.com.xpi [2013-05-12]
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-06-03]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-06-03]
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-08] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2266296 2014-05-16] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1809920 2010-08-04] (Realsil Microelectronics Inc.)
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-28] ()
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
==================== Drivers (Whitelisted) ====================
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-08] ()
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-03 00:48 - 2014-06-03 00:49 - 00016474 _____ () C:\Users\kitty\Desktop\FRST.txt
2014-06-03 00:48 - 2014-06-03 00:48 - 00000000 ____D () C:\FRST
2014-06-03 00:47 - 2014-06-03 00:48 - 02068992 _____ (Farbar) C:\Users\kitty\Desktop\FRST64.exe
2014-06-03 00:37 - 2014-06-03 00:38 - 00000472 _____ () C:\Users\kitty\Desktop\defogger_disable.log
2014-06-03 00:37 - 2014-06-03 00:37 - 00000000 _____ () C:\Users\kitty\defogger_reenable
2014-06-03 00:36 - 2014-06-03 00:36 - 00050477 _____ () C:\Users\kitty\Desktop\Defogger.exe
2014-06-01 21:25 - 2014-06-01 21:25 - 01327971 _____ () C:\Users\kitty\Desktop\adwcleaner_3.211.exe
2014-05-23 13:28 - 2014-05-23 13:28 - 00000000 ____D () C:\ProgramData\PDF Architect
2014-05-23 11:25 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-23 11:24 - 2014-06-03 00:04 - 00000000 ____D () C:\AdwCleaner
2014-05-23 09:45 - 2014-05-23 09:45 - 00000000 ____D () C:\Users\kitty\Documents\Simply Super Software
2014-05-23 09:31 - 2014-05-23 09:39 - 00000000 ____D () C:\ProgramData\TEMP
2014-05-23 09:31 - 2014-05-23 09:31 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-23 09:29 - 2014-05-23 09:45 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-05-23 00:27 - 2014-05-23 00:27 - 00000000 _____ () C:\autoexec.bat
2014-05-23 00:16 - 2014-05-23 00:16 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-22 23:55 - 2014-06-01 21:23 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-19 12:38 - 2014-05-23 13:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-16 00:33 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 00:33 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 00:33 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-16 00:33 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-16 00:33 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-16 00:33 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 20:16 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 20:16 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 20:15 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 20:15 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 20:15 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 20:15 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 20:15 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 20:15 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 20:15 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 20:15 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 20:15 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 20:15 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 20:15 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 20:15 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 20:14 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 20:14 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 20:14 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 20:14 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 20:14 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 20:14 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 20:14 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 20:14 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 20:14 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 20:14 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 20:14 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 20:14 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 20:14 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 20:14 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 20:14 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 20:14 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 20:14 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 20:14 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 20:14 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 20:14 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-08 13:47 - 2014-05-08 13:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-08 13:47 - 2014-05-08 13:47 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-05 14:32 - 2014-05-05 14:32 - 00000788 _____ () C:\Users\kitty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Poker at bet365.lnk
2014-05-05 14:31 - 2014-05-05 14:31 - 00000000 ____D () C:\Poker
==================== One Month Modified Files and Folders =======
2014-06-03 00:49 - 2014-06-03 00:48 - 00016474 _____ () C:\Users\kitty\Desktop\FRST.txt
2014-06-03 00:49 - 2012-06-02 15:19 - 00000000 ____D () C:\Users\kitty\AppData\Local\Temp
2014-06-03 00:48 - 2014-06-03 00:48 - 00000000 ____D () C:\FRST
2014-06-03 00:48 - 2014-06-03 00:47 - 02068992 _____ (Farbar) C:\Users\kitty\Desktop\FRST64.exe
2014-06-03 00:45 - 2012-06-02 16:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-03 00:38 - 2014-06-03 00:37 - 00000472 _____ () C:\Users\kitty\Desktop\defogger_disable.log
2014-06-03 00:37 - 2014-06-03 00:37 - 00000000 _____ () C:\Users\kitty\defogger_reenable
2014-06-03 00:37 - 2012-06-02 15:19 - 00000000 ____D () C:\Users\kitty
2014-06-03 00:36 - 2014-06-03 00:36 - 00050477 _____ () C:\Users\kitty\Desktop\Defogger.exe
2014-06-03 00:21 - 2013-07-01 00:03 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-03 00:16 - 2009-07-14 06:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-03 00:16 - 2009-07-14 06:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-03 00:10 - 2012-03-08 08:49 - 01809285 _____ () C:\Windows\WindowsUpdate.log
2014-06-03 00:06 - 2012-06-03 11:51 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-03 00:05 - 2013-07-20 20:53 - 00000384 _____ () C:\Windows\Tasks\SLOW-PCfighter64-kitty-Notification.job
2014-06-03 00:05 - 2013-07-01 00:03 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-03 00:05 - 2010-11-21 05:47 - 00269644 _____ () C:\Windows\PFRO.log
2014-06-03 00:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-03 00:05 - 2009-07-14 06:51 - 00102172 _____ () C:\Windows\setupact.log
2014-06-03 00:04 - 2014-05-23 11:24 - 00000000 ____D () C:\AdwCleaner
2014-06-02 23:49 - 2012-07-07 09:22 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-02 23:49 - 2012-06-28 18:16 - 01942016 ___SH () C:\Users\kitty\Desktop\Thumbs.db
2014-06-02 23:31 - 2013-01-30 22:20 - 00000000 ____D () C:\ProgramData\AAV
2014-06-02 14:40 - 2010-11-21 08:50 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-06-02 14:40 - 2010-11-21 08:50 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-06-02 14:40 - 2009-07-14 07:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-01 23:33 - 2012-06-02 15:42 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-01 21:25 - 2014-06-01 21:25 - 01327971 _____ () C:\Users\kitty\Desktop\adwcleaner_3.211.exe
2014-06-01 21:23 - 2014-05-22 23:55 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-23 14:08 - 2011-08-22 11:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2014-05-23 14:06 - 2011-08-22 11:16 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA
2014-05-23 14:06 - 2011-08-22 11:10 - 00000000 ____D () C:\Program Files\TOSHIBA
2014-05-23 14:00 - 2011-08-22 11:10 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-23 13:28 - 2014-05-23 13:28 - 00000000 ____D () C:\ProgramData\PDF Architect
2014-05-23 13:22 - 2014-05-19 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-23 13:22 - 2011-08-22 11:10 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-23 13:17 - 2013-12-18 11:19 - 00000000 ____D () C:\Program Files (x86)\HP
2014-05-23 13:15 - 2011-08-22 11:16 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-23 13:15 - 2011-08-22 11:16 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-23 13:12 - 2013-04-11 00:05 - 00000000 ____D () C:\Users\kitty\AppData\Roaming\Amazon
2014-05-23 13:12 - 2013-04-11 00:04 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-05-23 13:12 - 2012-06-02 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2014-05-23 09:45 - 2014-05-23 09:45 - 00000000 ____D () C:\Users\kitty\Documents\Simply Super Software
2014-05-23 09:45 - 2014-05-23 09:29 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-05-23 09:39 - 2014-05-23 09:31 - 00000000 ____D () C:\ProgramData\TEMP
2014-05-23 09:31 - 2014-05-23 09:31 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-23 00:27 - 2014-05-23 00:27 - 00000000 _____ () C:\autoexec.bat
2014-05-23 00:16 - 2014-05-23 00:16 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-22 23:40 - 2012-06-02 16:03 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-22 23:40 - 2012-06-02 16:03 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-22 23:40 - 2012-06-02 16:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-22 23:38 - 2012-06-02 15:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-22 10:58 - 2013-09-15 11:01 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-05-19 11:19 - 2012-10-25 00:42 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-19 11:15 - 2013-07-23 17:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-19 11:13 - 2012-06-02 15:24 - 00000000 ___RD () C:\Users\kitty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-19 11:13 - 2012-06-02 15:19 - 00000000 ___RD () C:\Users\kitty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-19 11:08 - 2014-04-28 10:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 00:02 - 2012-06-04 22:13 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-12 13:48 - 2013-12-27 23:20 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-12 13:48 - 2012-06-03 12:15 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-12 13:48 - 2012-06-03 12:15 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-09 14:16 - 2013-07-01 00:03 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 14:16 - 2013-07-01 00:03 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-09 08:14 - 2014-05-15 20:15 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 20:15 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 13:51 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-08 13:47 - 2014-05-08 13:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-08 13:47 - 2014-05-08 13:47 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-08 13:47 - 2013-03-14 19:18 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-08 13:47 - 2013-03-14 19:18 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-08 13:47 - 2012-06-03 12:15 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1399895288227
2014-05-08 13:47 - 2012-06-03 12:15 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1399895288227
2014-05-08 13:47 - 2012-06-03 12:15 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-08 13:47 - 2012-06-03 12:15 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-08 13:47 - 2012-06-03 12:15 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-06 06:40 - 2014-05-16 00:33 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-16 00:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-16 00:33 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-16 00:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-16 00:33 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-16 00:33 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 14:32 - 2014-05-05 14:32 - 00000788 _____ () C:\Users\kitty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Poker at bet365.lnk
2014-05-05 14:31 - 2014-05-05 14:31 - 00000000 ____D () C:\Poker
2014-05-05 14:10 - 2013-12-23 20:26 - 00000056 _____ () C:\Users\kitty\AppData\Roaming\WB.CFG
Files to move or delete:
====================
C:\Users\kitty\vlc-2.1.2-win32.exe
Some content of TEMP:
====================
C:\Users\kitty\AppData\Local\Temp\appshat-distribution.exe
C:\Users\kitty\AppData\Local\Temp\bi_cleaner.exe
C:\Users\kitty\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\kitty\AppData\Local\Temp\Delta.exe
C:\Users\kitty\AppData\Local\Temp\DeltaTB.exe
C:\Users\kitty\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\kitty\AppData\Local\Temp\install_flashplayer11x32au_mssd_aih.exe
C:\Users\kitty\AppData\Local\Temp\ja-k7axn.dll
C:\Users\kitty\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\kitty\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\kitty\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\kitty\AppData\Local\Temp\jrnidyin.dll
C:\Users\kitty\AppData\Local\Temp\MGS35FD.exe
C:\Users\kitty\AppData\Local\Temp\MGS5D99.DLL
C:\Users\kitty\AppData\Local\Temp\MGS76F3.DLL
C:\Users\kitty\AppData\Local\Temp\MGS9CF.exe
C:\Users\kitty\AppData\Local\Temp\MoviesToolbarSetup_Somoto.exe
C:\Users\kitty\AppData\Local\Temp\MybabylonTB.exe
C:\Users\kitty\AppData\Local\Temp\OfficeSetup.exe
C:\Users\kitty\AppData\Local\Temp\propsys.dll
C:\Users\kitty\AppData\Local\Temp\Quarantine.exe
C:\Users\kitty\AppData\Local\Temp\setup_3.2.20.exe
C:\Users\kitty\AppData\Local\Temp\SHSetup.exe
C:\Users\kitty\AppData\Local\Temp\SkypeSetup.exe
C:\Users\kitty\AppData\Local\Temp\uninst1.exe
C:\Users\kitty\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\kitty\AppData\Local\Temp\WSSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-16 00:34
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by kitty at 2014-06-03 00:50:18
Running from C:\Users\kitty\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD Media Foundation Decoders (Version: 1.0.60628.2255 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0628.2340.40663 - Ihr Firmenname) Hidden
ATI Catalyst Install Manager (HKLM\...\{6167672A-758D-9960-C32C-47A15E180A70}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0628.2340.40663 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0628.2340.40663 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0628.2340.40663 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help English (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help French (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help German (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
ccc-utility64 (Version: 2011.0628.2340.40663 - ATI) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dungeon Siege 2 (HKLM-x32\...\DungeonSiege2) (Version: - Microsoft)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
High-Definition Video Playback (x32 Version: 7.3.10900.8.0 - Nero AG) Hidden
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4615.1002 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.1.1 (x86 de)) (Version: 24.1.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10900.8.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10400.2.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.12700.0.7 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10300.1.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.15100.59.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{2063D199-D79F-471A-9019-9E647296394D}) (Version: 10.6.10300 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
NeroKwikMedia Help (CHM) (x32 Version: 10.6.10900 - Nero AG) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poker at bet365 (HKCU\...\bet365poker) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.30.1019.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6241 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SLOW-PCfighter (HKLM\...\SLOW-PCfighter) (Version: 1.7.52 - SPAMfighter ApS.)
SLOW-PCfighter (Version: 1.7.52 - SPAMfighter ApS) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.16.0 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.01.00 - TOSHIBA CORPORATION)
TOSHIBA ConfigFree (HKLM-x32\...\{F52618B2-A995-4F8D-A6C8-9E235A470C68}) (Version: 8.0.36 - TOSHIBA CORPORATION)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.11C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.34C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.34C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.5 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (x32 Version: 1.63.51.2C - TOSHIBA CORPORATION) Hidden
TOSHIBA Supervisorkennwort (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.22.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.22.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.22.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 1.1.5.7 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 1.1.5.7 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}) (Version: 1.0.4 - TOSHIBA CORPORATION)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: - )
TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden
Utility Common Driver (x32 Version: 1.0.52.2C - TOSHIBA) Hidden
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Restore Points =========================
28-04-2014 08:13:02 Windows Update
28-04-2014 08:26:14 Windows Update
28-04-2014 08:45:10 Windows Update
28-04-2014 09:16:25 Windows Update
28-04-2014 09:22:35 Windows Update
06-05-2014 08:46:52 Windows Update
19-05-2014 09:22:09 Windows Update
23-05-2014 07:31:13 Windows Update
23-05-2014 11:14:12 Removed HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät
23-05-2014 11:16:22 Removed HP Update.
23-05-2014 11:19:57 Removed Java(TM) 6 Update 20
23-05-2014 11:24:08 Removed Microsoft Silverlight
23-05-2014 11:27:45 Removed PDF Architect
23-05-2014 11:31:17 Removed SpyHunter
23-05-2014 11:54:30 Steuer-Spar-Erklärung 2013 wurde entfernt.
23-05-2014 11:57:40 Konfiguriert TOSHIBA Bulletin Board
23-05-2014 12:05:41 Removed TOSHIBA Disc Creator
23-05-2014 12:07:32 Removed TOSHIBA TEMPRO
01-06-2014 19:20:44 Removed SpyHunter
01-06-2014 19:26:29 Windows Update
01-06-2014 19:40:26 SLOW-PCfighter (64-bit) Backup
02-06-2014 21:30:38 Removed AAVUpdateManager.
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0A81A88A-DED8-430F-B2AE-4306D4451D29} - System32\Tasks\SLOW-PCfighter64-kitty-Notification => C:\Program Files\Fighters\SLOW-PCfighter\Sync.exe [2013-02-25] (SPAMfighter ApS)
Task: {3266498F-225C-4981-B474-C3A939B62BAC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-05-22] (Microsoft Corporation)
Task: {506CE264-6677-49DF-93CF-90FE40422E24} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION)
Task: {69986ACF-D0BE-46DD-980A-70DCC62EFC11} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-08] (AVAST Software)
Task: {82EC200F-DACD-4989-9911-50F2984B3C93} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-01] (Google Inc.)
Task: {958FA99F-9322-4BC3-B40E-9796E5C0F5C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-01] (Google Inc.)
Task: {989C2EFE-FBCD-425D-8337-854DD9956A83} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {C6A84BEA-68DE-4446-95DF-4BFFCD7BC84D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-22] (Adobe Systems Incorporated)
Task: {EC0DCBF2-E14E-4504-8545-CD8C7B390BED} - \DealPly No Task File <==== ATTENTION
Task: {F3E8B627-B55D-4E65-89BF-0612AC81F1CF} - System32\Tasks\{F25A7CF2-5E07-4815-A965-5DC9C1B6A214} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsMain
Task: {F66E63DE-2B3C-4127-85AC-F4C5D6BD5755} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-04-15] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SLOW-PCfighter64-kitty-Notification.job => C:\Program Files\Fighters\SLOW-PCfighter\Sync.exe
==================== Loaded Modules (whitelisted) =============
2014-03-21 20:33 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-09-15 11:02 - 2014-04-15 03:39 - 00630952 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-08-28 10:49 - 2013-08-28 10:49 - 03233806 _____ () C:\Program Files (x86)\Tor\tor.exe
2010-10-28 15:27 - 2010-10-28 15:27 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-10-28 15:27 - 2010-10-28 15:27 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-10-28 15:27 - 2010-10-28 15:27 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-10-28 15:27 - 2010-10-28 15:27 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2011-08-22 11:10 - 2010-08-31 15:21 - 00017272 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-12 20:08 - 2009-03-12 20:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2011-06-29 00:38 - 2011-06-29 00:38 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-22 11:17 - 2011-03-22 11:17 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-02-05 18:44 - 2010-02-05 18:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-06-02 22:39 - 2014-06-02 22:39 - 02259456 _____ () C:\Program Files\AVAST Software\Avast\defs\14060201\algo.dll
2013-12-14 14:47 - 2013-12-14 14:47 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-19 12:38 - 2014-05-19 12:38 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/03/2014 00:06:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/02/2014 11:49:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/02/2014 11:23:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/02/2014 10:35:10 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (06/01/2014 10:35:12 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (06/01/2014 09:31:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/01/2014 09:29:06 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (06/01/2014 09:19:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/23/2014 02:28:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/23/2014 02:17:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (06/03/2014 00:06:36 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.178.23192.168.137.0255.255.255.0
Error: (06/03/2014 00:06:36 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:
Error: (06/03/2014 00:06:27 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (06/03/2014 00:05:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/03/2014 00:05:32 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126
Error: (06/03/2014 00:04:41 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (06/02/2014 11:50:00 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.178.23192.168.137.0255.255.255.0
Error: (06/02/2014 11:49:59 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:
Error: (06/02/2014 11:49:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/02/2014 11:49:19 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126
Microsoft Office Sessions:
=========================
Error: (06/03/2014 00:06:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/02/2014 11:49:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/02/2014 11:23:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/02/2014 10:35:10 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (06/01/2014 10:35:12 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (06/01/2014 09:31:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/01/2014 09:29:06 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (06/01/2014 09:19:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/23/2014 02:28:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/23/2014 02:17:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 41%
Total physical RAM: 3691.64 MB
Available physical RAM: 2167.61 MB
Total Pagefile: 7381.45 MB
Available Pagefile: 5581.85 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (WINDOWS) (Fixed) (Total:232.88 GB) (Free:172.28 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.49 GB) (Free:202.76 GB) NTFS
Drive e: (DSII_1) (CDROM) (Total:0.55 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 41D68339)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Ich hoffe, ich hab nicht selber zu viel falsch gemacht:-/ Ich finde auch den Log vom ADWcleaner nicht... Danke schonmal vorab fürs Lesen Liebe Grüße Nicole Geändert von kitty79 (04.06.2014 um 23:17 Uhr) Grund: addition Log hinzugefügt |
|
05.06.2014, 00:25
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows 7: Avast meldete Infektion durch win32:bprotect-D Hallo und
__________________ Zitat:
Du wirst dauerhaft das Problem nicht in den Griff bekommen wenn du derartige Müllseiten besuchst.
__________________ |
|
05.06.2014, 08:40
| #3 |
| | Windows 7: Avast meldete Infektion durch win32:bprotect-D Hallo und danke für den Willkommmensgruß!
__________________Die Seite kannte ich bis dato nicht^^ Hab den Eintrag in den Logs auch überlesen. Das wird dann wohl eine Seite sein, die mein Neffe besucht hat, als er hier war...obwohl das bestimmt schon 3 Monate oder länger her ist  Warum hat mein Avast das dann noch nicht eher gefunden? Oha... Ja, nur wie bekomm ich den ganzen Müll nun wieder runter? Zumal ich movie2k garnicht auf dem Laptop finde  LG Nicole |
|
05.06.2014, 09:24
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Avast meldete Infektion durch win32:bprotect-DZitat:
Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.06.2014, 22:58
| #5 |
| | Windows 7: Avast meldete Infektion durch win32:bprotect-D Gesagt, getan ;-) Code:
ATTFilter ComboFix 14-06-04.01 - kitty 05.06.2014 23:19:06.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3692.2106 [GMT 2:00]
ausgeführt von:: c:\users\kitty\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\kitty\vlc-2.1.2-win32.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-05-05 bis 2014-06-05 ))))))))))))))))))))))))))))))
.
.
2014-06-05 21:36 . 2014-06-05 21:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-05 21:20 . 2014-06-05 21:20 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EA787F2-1F84-4898-B0CC-BB558DBF1847}\offreg.dll
2014-06-03 09:16 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EA787F2-1F84-4898-B0CC-BB558DBF1847}\mpengine.dll
2014-06-03 08:17 . 2014-06-03 08:17 -------- d-----w- c:\program files\Tracker Software
2014-06-03 07:24 . 2014-06-03 07:24 -------- d-----w- c:\program files\gs
2014-06-03 07:21 . 2014-06-03 07:22 -------- d-----w- c:\program files\Ghostgum
2014-06-02 22:48 . 2014-06-02 22:51 -------- d-----w- C:\FRST
2014-05-23 11:28 . 2014-05-23 11:28 -------- d-----w- c:\programdata\PDF Architect
2014-05-23 09:25 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-23 09:24 . 2014-06-03 17:33 -------- d-----w- C:\AdwCleaner
2014-05-23 07:31 . 2014-05-23 07:31 -------- d-----w- c:\programdata\Licenses
2014-05-23 07:29 . 2014-05-23 07:45 -------- d-----w- c:\program files (x86)\Trojan Remover
2014-05-22 22:16 . 2014-05-22 22:16 -------- d-----w- c:\program files\Enigma Software Group
2014-05-22 21:55 . 2014-06-01 19:23 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-15 22:33 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-15 22:33 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-15 22:33 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-15 22:33 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-15 18:16 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-05-15 18:15 . 2014-05-09 06:14 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-15 18:15 . 2014-05-09 06:11 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-15 18:15 . 2014-04-12 02:19 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-15 18:15 . 2014-03-04 09:44 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-05-15 18:15 . 2014-03-04 09:20 3969984 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2014-05-15 18:15 . 2014-03-04 09:17 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-05-15 18:15 . 2014-03-04 09:43 455168 ----a-w- c:\windows\system32\winlogon.exe
2014-05-15 18:15 . 2014-03-04 09:20 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2014-05-15 18:15 . 2014-03-04 09:44 722944 ----a-w- c:\windows\system32\objsel.dll
2014-05-15 18:15 . 2014-03-04 09:44 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-15 18:15 . 2014-03-04 09:17 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-05-15 18:15 . 2014-03-04 09:47 5550016 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-05-08 11:47 . 2014-05-08 11:47 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-08 11:47 . 2014-05-08 11:47 43152 ----a-w- c:\windows\avastSS.scr
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-22 21:40 . 2012-06-02 14:03 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-22 21:40 . 2012-06-02 14:03 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-22 08:55 . 2013-09-15 09:18 589008 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-05-15 22:02 . 2012-06-04 20:13 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-12 11:48 . 2012-06-03 10:15 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-12 11:48 . 2013-12-27 21:20 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-05-12 11:48 . 2012-06-03 10:15 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-08 11:47 . 2013-03-14 17:18 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-05-08 11:47 . 2013-03-14 17:18 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-08 11:47 . 2012-06-03 10:15 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-08 11:47 . 2012-06-03 10:15 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-05-08 11:47 . 2012-06-03 10:15 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-03-31 07:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-06-29 1409424]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-28 336384]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-15 34160]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-11-02 2475384]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"CommonToolkitTray"="c:\program files (x86)\Fighters\Tray\FightersTray.exe" [2013-02-13 1425952]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-23 3888648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 tor;Tor Win32 Service;c:\program files (x86)\Tor\tor.exe;c:\program files (x86)\Tor\tor.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\DRIVERS\optousb.sys;c:\windows\SYSNATIVE\DRIVERS\optousb.sys [x]
R3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\DRIVERS\optovcm.sys;c:\windows\SYSNATIVE\DRIVERS\optovcm.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-15 21:40]
.
2014-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-30 22:03]
.
2014-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-30 22:03]
.
2014-06-05 c:\windows\Tasks\SLOW-PCfighter64-kitty-Notification.job
- c:\program files\Fighters\SLOW-PCfighter\Sync.exe [2013-02-25 08:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-05-22 08:56 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-05-22 08:56 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-05-22 08:56 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-08 11:47 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-10 11580520]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-11-03 2181224]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-08-22 150992]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://de.yahoo.com?fr=hp-avast&type=prc265
mStart Page = https://de.yahoo.com?fr=hp-avast&type=prc265
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\kitty\AppData\Roaming\Mozilla\Firefox\Profiles\pwqtgth2.default-1352137203660\
FF - prefs.js: browser.search.defaulturl - hxxp://de.yhs4.search.yahoo.com/yhs/search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: keyword.URL - hxxp://de.yhs4.search.yahoo.com/yhs/search
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_182_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_182_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_182_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_182_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-06-05 23:44:11
ComboFix-quarantined-files.txt 2014-06-05 21:44
.
Vor Suchlauf: 12 Verzeichnis(se), 184.627.929.088 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 188.026.568.704 Bytes frei
.
- - End Of File - - A6B64046007FF39599D363D0B6BA971B
A36C5E4F47E84449FF07ED3517B43A31
|
|
06.06.2014, 08:22
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Avast meldete Infektion durch win32:bprotect-D Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ --> Windows 7: Avast meldete Infektion durch win32:bprotect-D |
|
06.06.2014, 22:06
| #7 |
| | Windows 7: Avast meldete Infektion durch win32:bprotect-D ADWcleaner Code:
ATTFilter # AdwCleaner v3.212 - Bericht erstellt am 06/06/2014 um 22:08:34
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : kitty - KITTY-TOSH
# Gestartet von : C:\Users\kitty\Desktop\adwcleaner_3.212.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v29.0.1 (de)
[ Datei : C:\Users\kitty\AppData\Roaming\Mozilla\Firefox\Profiles\pwqtgth2.default-1352137203660\prefs.js ]
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [15017 octets] - [23/05/2014 11:24:38]
AdwCleaner[R1].txt - [1593 octets] - [23/05/2014 14:13:08]
AdwCleaner[R2].txt - [1093 octets] - [23/05/2014 14:19:01]
AdwCleaner[R3].txt - [1269 octets] - [01/06/2014 21:26:47]
AdwCleaner[R4].txt - [1333 octets] - [03/06/2014 00:00:35]
AdwCleaner[R5].txt - [1454 octets] - [03/06/2014 19:30:03]
AdwCleaner[R6].txt - [1574 octets] - [06/06/2014 22:06:18]
AdwCleaner[S0].txt - [12031 octets] - [23/05/2014 11:28:25]
AdwCleaner[S1].txt - [1476 octets] - [23/05/2014 14:15:14]
AdwCleaner[S2].txt - [1155 octets] - [23/05/2014 14:26:31]
AdwCleaner[S3].txt - [1331 octets] - [01/06/2014 21:28:59]
AdwCleaner[S4].txt - [1395 octets] - [03/06/2014 00:04:32]
AdwCleaner[S5].txt - [1515 octets] - [03/06/2014 19:33:39]
AdwCleaner[S6].txt - [1495 octets] - [06/06/2014 22:08:34]
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1555 octets] ##########
JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by kitty on 06.06.2014 at 22:18:39,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\commontoolkittray
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-799260515-3988412925-184295380-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}
~~~ Files
Successfully deleted: [File] C:\Windows\syswow64\shoC052.tmp
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\Users\kitty\AppData\Roaming\fighters"
Successfully deleted: [Folder] "C:\Program Files (x86)\fighters"
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{088BB931-5A61-4229-9E85-4DA8616FC0E4}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{08CB02A6-3B0A-4A39-B976-7AA0DCC9D28E}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{0E524190-90A8-4C0B-BE95-52E9E207C4D4}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{0F4F5415-59FF-40BE-A7E2-5BABDEAC1C63}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{13C5F226-5B3E-486F-91AD-4E3522913F4B}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{1FE28E4B-FEB1-4D55-A83E-9DB7E8D0996F}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{246637A0-028F-4E80-AEA7-4E447E0B5CB7}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{2758CDC9-FA68-4B3B-97DA-5FD3818DA1C7}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{2BFC5853-42FF-448E-AEC0-7AFF60A934F8}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{30890E1D-EBD6-459C-9BB1-0374AC0C3B01}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{35395572-6520-42AA-833B-754F32112EFD}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{3DCA3901-03BD-4488-AF68-B310460A7A4A}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{3F15F4DB-98B5-42F5-845D-A53F9768AA87}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{41F71923-12F7-48E2-825E-613B7A6C20CD}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{485EE139-CB70-43E4-919B-22AC527CA11B}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{4B313374-39F4-4BF3-B60D-D3BBD4AB6E8C}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{5047808E-7910-45C5-A9C7-732C107A5F90}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{57757695-43CE-48BC-82B6-68B281C554F3}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{6AFE581E-6FA1-44D8-98F6-001B45B4B7BB}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{7FF08319-80CF-4226-943E-876567B3E8FC}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{8676BFF3-91DD-4EF7-B8CB-E9BCCB3B0BFE}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{87B775F2-19BD-4F58-AD02-F4AA4665815D}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{A00D0BDA-0396-4BEB-B859-DFE863B8F13C}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{A215E177-08E4-481B-A44B-5B00089DC1AC}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{BA24917C-F041-406B-9448-1107AEC496D9}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{BC3DB9DA-72B2-4754-B939-7D4B5F1EF8CA}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{CACE40A9-A4D1-4C61-9F65-A3B53E34AFC8}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{D4C81B08-3FAD-423E-8B46-0CB5A48FE83C}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{DB11EE85-4E98-4B05-A392-4D280CDB3D96}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{DF5C0A85-C818-44CC-A4D9-F723BEC536FE}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{E6AD5D7A-B143-4816-A048-FA99DC96C889}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{F0DBFA83-2471-414A-AC47-8DE7E77308B7}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{F4053DB7-D107-455C-9F7E-815A99BFA451}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{F9D397E8-5C07-4433-A374-4B3B734068F8}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{FA9799C8-8CE6-40C5-AE62-3E023B641472}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{FB2FF7ED-7E72-4BAB-B183-6FB6D74AA6F2}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{FBE4227D-0A52-4097-B542-774792F82545}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{FBED53C1-3280-4A3B-970C-39179ADD281E}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{FC86C0AD-C676-43B4-A06E-26D2ACCC9A26}
Successfully deleted: [Empty Folder] C:\Users\kitty\appdata\local\{FD8C6852-18EA-4FAF-AA8A-2676D43E73B2}
~~~ FireFox
Emptied folder: C:\Users\kitty\AppData\Roaming\mozilla\firefox\profiles\pwqtgth2.default-1352137203660\minidumps [248 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.06.2014 at 22:44:03,19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by kitty (administrator) on KITTY-TOSH on 06-06-2014 22:56:51
Running from C:\Users\kitty\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
() C:\Program Files (x86)\Tor\tor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2181224 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2387752 2010-09-30] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-08-22] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1409424 2011-06-29] (Nero AG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-15] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2475384 2010-11-02] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-05] (AVAST Software)
HKU\.DEFAULT\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=a12627-175&apn_uid=3443417291004858&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\kitty\AppData\Roaming\Mozilla\Firefox\Profiles\pwqtgth2.default-1352137203660
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://de.yhs4.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin - C:\Program Files (x86)\Java\jre6\bin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\kitty\AppData\Roaming\Mozilla\Firefox\Profiles\pwqtgth2.default-1352137203660\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Add to Amazon Wish List Button - C:\Users\kitty\AppData\Roaming\Mozilla\Firefox\Profiles\pwqtgth2.default-1352137203660\Extensions\amznUWL2@amazon.com.xpi [2013-05-12]
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-06-03]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-06-03]
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-08] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2266296 2014-05-16] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1809920 2010-08-04] (Realsil Microelectronics Inc.)
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-28] ()
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-12] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-08] ()
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-06 22:56 - 2014-06-06 22:56 - 00015746 _____ () C:\Users\kitty\Desktop\FRST.txt
2014-06-06 22:44 - 2014-06-06 22:44 - 00006081 _____ () C:\Users\kitty\Desktop\JRT.txt
2014-06-06 22:18 - 2014-06-06 22:18 - 00000000 ____D () C:\Windows\ERUNT
2014-06-06 22:10 - 2014-06-06 22:10 - 00001635 _____ () C:\Users\kitty\Desktop\AdwCleaner[S6].txt
2014-06-06 22:04 - 2014-06-06 22:04 - 01333465 _____ () C:\Users\kitty\Desktop\adwcleaner_3.212.exe
2014-06-06 21:58 - 2014-06-06 21:58 - 01016261 _____ (Thisisu) C:\Users\kitty\Desktop\JRT.exe
2014-06-05 23:45 - 2014-06-05 23:45 - 00022952 _____ () C:\Users\kitty\Desktop\Combo.txt
2014-06-05 23:44 - 2014-06-05 23:44 - 00022952 _____ () C:\ComboFix.txt
2014-06-05 23:44 - 2014-06-05 23:44 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-05 23:44 - 2014-06-05 23:44 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-05 23:44 - 2014-06-05 23:44 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-05 23:14 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-05 23:14 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-05 23:14 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-05 23:14 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-05 23:14 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-05 23:14 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-05 23:14 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-05 23:14 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-05 23:12 - 2014-06-05 23:44 - 00000000 ____D () C:\Qoobox
2014-06-05 23:11 - 2014-06-05 23:40 - 00000000 ____D () C:\Windows\erdnt
2014-06-05 23:10 - 2014-06-05 23:11 - 05205146 ____R (Swearware) C:\Users\kitty\Desktop\ComboFix.exe
2014-06-03 19:32 - 2014-06-03 19:32 - 00001454 _____ () C:\Users\kitty\Desktop\AdwCleaner[R5].txt
2014-06-03 19:29 - 2014-06-03 19:29 - 00007063 _____ () C:\Users\kitty\Desktop\aswBoot.txt
2014-06-03 11:06 - 2014-06-03 11:06 - 00237568 _____ (www.CompulsiveCode.com) C:\Users\kitty\Desktop\JPEGtoPDF37.exe
2014-06-03 10:17 - 2014-06-03 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
2014-06-03 10:17 - 2014-06-03 10:17 - 00000000 ____D () C:\Program Files\Tracker Software
2014-06-03 09:24 - 2014-06-03 09:24 - 00000000 ____D () C:\Program Files\gs
2014-06-03 09:22 - 2014-06-03 10:35 - 00011290 _____ () C:\Users\kitty\gsview64.ini
2014-06-03 09:21 - 2014-06-03 09:22 - 00000000 ____D () C:\Program Files\Ghostgum
2014-06-03 01:10 - 2014-06-03 01:10 - 00008955 _____ () C:\Users\kitty\Desktop\Gmer.txt
2014-06-03 00:53 - 2014-06-03 00:53 - 00380416 _____ () C:\Users\kitty\Desktop\Gmer-19357.exe
2014-06-03 00:48 - 2014-06-06 22:57 - 00000000 ____D () C:\FRST
2014-06-03 00:47 - 2014-06-06 22:48 - 02072576 _____ (Farbar) C:\Users\kitty\Desktop\FRST64.exe
2014-06-03 00:37 - 2014-06-03 00:38 - 00000472 _____ () C:\Users\kitty\Desktop\defogger_disable.log
2014-06-03 00:37 - 2014-06-03 00:37 - 00000000 _____ () C:\Users\kitty\defogger_reenable
2014-06-03 00:36 - 2014-06-03 00:36 - 00050477 _____ () C:\Users\kitty\Desktop\Defogger.exe
2014-05-23 13:28 - 2014-05-23 13:28 - 00000000 ____D () C:\ProgramData\PDF Architect
2014-05-23 11:25 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-23 11:24 - 2014-06-06 22:08 - 00000000 ____D () C:\AdwCleaner
2014-05-23 09:45 - 2014-05-23 09:45 - 00000000 ____D () C:\Users\kitty\Documents\Simply Super Software
2014-05-23 09:31 - 2014-06-05 23:28 - 00000000 ____D () C:\ProgramData\TEMP
2014-05-23 09:31 - 2014-05-23 09:31 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-23 09:29 - 2014-05-23 09:45 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-05-23 00:27 - 2014-05-23 00:27 - 00000000 _____ () C:\autoexec.bat
2014-05-23 00:16 - 2014-05-23 00:16 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-22 23:55 - 2014-06-01 21:23 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-19 12:38 - 2014-05-23 13:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-16 00:33 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 00:33 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 00:33 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-16 00:33 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-16 00:33 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-16 00:33 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 20:16 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 20:16 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 20:15 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 20:15 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 20:15 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 20:15 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 20:15 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 20:15 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 20:15 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 20:15 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 20:15 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 20:15 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 20:15 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 20:15 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 20:14 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 20:14 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 20:14 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 20:14 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 20:14 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 20:14 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 20:14 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 20:14 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 20:14 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 20:14 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 20:14 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 20:14 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 20:14 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 20:14 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 20:14 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 20:14 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 20:14 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 20:14 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 20:14 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 20:14 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-08 13:47 - 2014-05-08 13:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-08 13:47 - 2014-05-08 13:47 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
==================== One Month Modified Files and Folders =======
2014-06-06 22:57 - 2014-06-06 22:56 - 00015746 _____ () C:\Users\kitty\Desktop\FRST.txt
2014-06-06 22:57 - 2014-06-03 00:48 - 00000000 ____D () C:\FRST
2014-06-06 22:57 - 2012-06-02 15:19 - 00000000 ____D () C:\Users\kitty\AppData\Local\Temp
2014-06-06 22:48 - 2014-06-03 00:47 - 02072576 _____ (Farbar) C:\Users\kitty\Desktop\FRST64.exe
2014-06-06 22:45 - 2012-06-02 16:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-06 22:44 - 2014-06-06 22:44 - 00006081 _____ () C:\Users\kitty\Desktop\JRT.txt
2014-06-06 22:21 - 2013-07-01 00:03 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-06 22:18 - 2014-06-06 22:18 - 00000000 ____D () C:\Windows\ERUNT
2014-06-06 22:17 - 2009-07-14 06:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-06 22:17 - 2009-07-14 06:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-06 22:14 - 2012-03-08 08:49 - 01942653 _____ () C:\Windows\WindowsUpdate.log
2014-06-06 22:10 - 2014-06-06 22:10 - 00001635 _____ () C:\Users\kitty\Desktop\AdwCleaner[S6].txt
2014-06-06 22:10 - 2013-07-20 20:53 - 00000384 _____ () C:\Windows\Tasks\SLOW-PCfighter64-kitty-Notification.job
2014-06-06 22:10 - 2012-06-03 11:51 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-06 22:09 - 2013-07-01 00:03 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-06 22:09 - 2010-11-21 05:47 - 00270800 _____ () C:\Windows\PFRO.log
2014-06-06 22:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-06 22:09 - 2009-07-14 06:51 - 00102788 _____ () C:\Windows\setupact.log
2014-06-06 22:08 - 2014-05-23 11:24 - 00000000 ____D () C:\AdwCleaner
2014-06-06 22:04 - 2014-06-06 22:04 - 01333465 _____ () C:\Users\kitty\Desktop\adwcleaner_3.212.exe
2014-06-06 21:58 - 2014-06-06 21:58 - 01016261 _____ (Thisisu) C:\Users\kitty\Desktop\JRT.exe
2014-06-06 21:30 - 2013-12-22 23:22 - 00000000 ____D () C:\Users\kitty\AppData\Roaming\vlc
2014-06-06 21:28 - 2010-11-21 08:50 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-06-06 21:28 - 2010-11-21 08:50 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-06-06 21:28 - 2009-07-14 07:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-06 21:19 - 2012-07-07 09:22 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-05 23:45 - 2014-06-05 23:45 - 00022952 _____ () C:\Users\kitty\Desktop\Combo.txt
2014-06-05 23:44 - 2014-06-05 23:44 - 00022952 _____ () C:\ComboFix.txt
2014-06-05 23:44 - 2014-06-05 23:44 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-05 23:44 - 2014-06-05 23:44 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-05 23:44 - 2014-06-05 23:44 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-05 23:44 - 2014-06-05 23:12 - 00000000 ____D () C:\Qoobox
2014-06-05 23:40 - 2014-06-05 23:11 - 00000000 ____D () C:\Windows\erdnt
2014-06-05 23:38 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-05 23:35 - 2012-06-02 15:19 - 00000000 ____D () C:\Users\kitty
2014-06-05 23:28 - 2014-05-23 09:31 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-05 23:11 - 2014-06-05 23:10 - 05205146 ____R (Swearware) C:\Users\kitty\Desktop\ComboFix.exe
2014-06-03 19:32 - 2014-06-03 19:32 - 00001454 _____ () C:\Users\kitty\Desktop\AdwCleaner[R5].txt
2014-06-03 19:29 - 2014-06-03 19:29 - 00007063 _____ () C:\Users\kitty\Desktop\aswBoot.txt
2014-06-03 11:09 - 2012-06-28 18:16 - 02011648 ___SH () C:\Users\kitty\Desktop\Thumbs.db
2014-06-03 11:06 - 2014-06-03 11:06 - 00237568 _____ (www.CompulsiveCode.com) C:\Users\kitty\Desktop\JPEGtoPDF37.exe
2014-06-03 10:35 - 2014-06-03 09:22 - 00011290 _____ () C:\Users\kitty\gsview64.ini
2014-06-03 10:17 - 2014-06-03 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
2014-06-03 10:17 - 2014-06-03 10:17 - 00000000 ____D () C:\Program Files\Tracker Software
2014-06-03 09:37 - 2012-06-02 15:24 - 00000000 ____D () C:\Users\kitty\AppData\Local\VirtualStore
2014-06-03 09:24 - 2014-06-03 09:24 - 00000000 ____D () C:\Program Files\gs
2014-06-03 09:22 - 2014-06-03 09:21 - 00000000 ____D () C:\Program Files\Ghostgum
2014-06-03 01:10 - 2014-06-03 01:10 - 00008955 _____ () C:\Users\kitty\Desktop\Gmer.txt
2014-06-03 00:53 - 2014-06-03 00:53 - 00380416 _____ () C:\Users\kitty\Desktop\Gmer-19357.exe
2014-06-03 00:38 - 2014-06-03 00:37 - 00000472 _____ () C:\Users\kitty\Desktop\defogger_disable.log
2014-06-03 00:37 - 2014-06-03 00:37 - 00000000 _____ () C:\Users\kitty\defogger_reenable
2014-06-03 00:36 - 2014-06-03 00:36 - 00050477 _____ () C:\Users\kitty\Desktop\Defogger.exe
2014-06-02 23:31 - 2013-01-30 22:20 - 00000000 ____D () C:\ProgramData\AAV
2014-06-01 23:33 - 2012-06-02 15:42 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-01 21:23 - 2014-05-22 23:55 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-23 14:08 - 2011-08-22 11:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2014-05-23 14:06 - 2011-08-22 11:16 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA
2014-05-23 14:06 - 2011-08-22 11:10 - 00000000 ____D () C:\Program Files\TOSHIBA
2014-05-23 14:00 - 2011-08-22 11:10 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-23 13:28 - 2014-05-23 13:28 - 00000000 ____D () C:\ProgramData\PDF Architect
2014-05-23 13:22 - 2014-05-19 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-23 13:22 - 2011-08-22 11:10 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-23 13:17 - 2013-12-18 11:19 - 00000000 ____D () C:\Program Files (x86)\HP
2014-05-23 13:15 - 2011-08-22 11:16 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-23 13:15 - 2011-08-22 11:16 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-23 13:12 - 2013-04-11 00:05 - 00000000 ____D () C:\Users\kitty\AppData\Roaming\Amazon
2014-05-23 13:12 - 2013-04-11 00:04 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-05-23 13:12 - 2012-06-02 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2014-05-23 09:45 - 2014-05-23 09:45 - 00000000 ____D () C:\Users\kitty\Documents\Simply Super Software
2014-05-23 09:45 - 2014-05-23 09:29 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-05-23 09:31 - 2014-05-23 09:31 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-23 00:27 - 2014-05-23 00:27 - 00000000 _____ () C:\autoexec.bat
2014-05-23 00:16 - 2014-05-23 00:16 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-22 23:40 - 2012-06-02 16:03 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-22 23:40 - 2012-06-02 16:03 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-22 23:40 - 2012-06-02 16:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-22 23:38 - 2012-06-02 15:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-22 10:58 - 2013-09-15 11:01 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-05-19 11:19 - 2012-10-25 00:42 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-19 11:15 - 2013-07-23 17:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-19 11:13 - 2012-06-02 15:24 - 00000000 ___RD () C:\Users\kitty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-19 11:13 - 2012-06-02 15:19 - 00000000 ___RD () C:\Users\kitty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-19 11:08 - 2014-04-28 10:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 00:02 - 2012-06-04 22:13 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-12 13:48 - 2013-12-27 23:20 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-12 13:48 - 2012-06-03 12:15 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-12 13:48 - 2012-06-03 12:15 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-09 14:16 - 2013-07-01 00:03 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 14:16 - 2013-07-01 00:03 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-09 08:14 - 2014-05-15 20:15 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 20:15 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 13:51 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-08 13:47 - 2014-05-08 13:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-08 13:47 - 2014-05-08 13:47 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-08 13:47 - 2013-03-14 19:18 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-08 13:47 - 2013-03-14 19:18 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-08 13:47 - 2012-06-03 12:15 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1399895288227
2014-05-08 13:47 - 2012-06-03 12:15 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1399895288227
2014-05-08 13:47 - 2012-06-03 12:15 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-08 13:47 - 2012-06-03 12:15 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-08 13:47 - 2012-06-03 12:15 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
Some content of TEMP:
====================
C:\Users\kitty\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-16 00:34
==================== End Of Log ============================
Dieses Mal hat FRST keine addition.txt erstellt. Habs extra nochmal laufen lassen und auch beim zweiten Mal nicht. LG Nicole |
|
07.06.2014, 00:01
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Avast meldete Infektion durch win32:bprotect-D Warum wohl  
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.06.2014, 09:43
| #9 |
| | Windows 7: Avast meldete Infektion durch win32:bprotect-D Ähm, ja^^FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2014
Ran by kitty (administrator) on KITTY-TOSH on 11-06-2014 10:32:45
Running from C:\Users\kitty\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
() C:\Program Files (x86)\Tor\tor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2181224 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2387752 2010-09-30] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-08-22] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1409424 2011-06-29] (Nero AG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-15] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2475384 2010-11-02] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-05] (AVAST Software)
HKU\.DEFAULT\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=a12627-175&apn_uid=3443417291004858&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\kitty\AppData\Roaming\Mozilla\Firefox\Profiles\pwqtgth2.default-1352137203660
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://de.yhs4.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin - C:\Program Files (x86)\Java\jre6\bin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\kitty\AppData\Roaming\Mozilla\Firefox\Profiles\pwqtgth2.default-1352137203660\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-06-03]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-06-03]
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-08] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2266296 2014-05-16] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1809920 2010-08-04] (Realsil Microelectronics Inc.) [File not signed]
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-28] () [File not signed]
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-12] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-08] ()
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
S3 optousb; C:\Windows\System32\DRIVERS\optousb.sys [22656 2009-08-26] (OPTO ELECTRONICS CO.,LTD.) [File not signed]
S3 optovcm; C:\Windows\System32\DRIVERS\optovcm.sys [31744 2009-08-26] (OPTO ELECTRONICS CO.,LTD.) [File not signed]
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-11 10:32 - 2014-06-11 10:32 - 00000000 ____D () C:\Users\kitty\Desktop\FRST-OlderVersion
2014-06-06 22:56 - 2014-06-11 10:34 - 00016686 _____ () C:\Users\kitty\Desktop\FRST.txt
2014-06-06 22:44 - 2014-06-06 22:44 - 00006081 _____ () C:\Users\kitty\Desktop\JRT.txt
2014-06-06 22:18 - 2014-06-06 22:18 - 00000000 ____D () C:\Windows\ERUNT
2014-06-06 22:10 - 2014-06-06 22:10 - 00001635 _____ () C:\Users\kitty\Desktop\AdwCleaner[S6].txt
2014-06-06 22:04 - 2014-06-06 22:04 - 01333465 _____ () C:\Users\kitty\Desktop\adwcleaner_3.212.exe
2014-06-06 21:58 - 2014-06-06 21:58 - 01016261 _____ (Thisisu) C:\Users\kitty\Desktop\JRT.exe
2014-06-05 23:45 - 2014-06-05 23:45 - 00022952 _____ () C:\Users\kitty\Desktop\Combo.txt
2014-06-05 23:44 - 2014-06-05 23:44 - 00022952 _____ () C:\ComboFix.txt
2014-06-05 23:44 - 2014-06-05 23:44 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-05 23:44 - 2014-06-05 23:44 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-05 23:44 - 2014-06-05 23:44 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-05 23:14 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-05 23:14 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-05 23:14 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-05 23:14 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-05 23:14 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-05 23:14 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-05 23:14 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-05 23:14 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-05 23:12 - 2014-06-05 23:44 - 00000000 ____D () C:\Qoobox
2014-06-05 23:11 - 2014-06-05 23:40 - 00000000 ____D () C:\Windows\erdnt
2014-06-05 23:10 - 2014-06-05 23:11 - 05205146 ____R (Swearware) C:\Users\kitty\Desktop\ComboFix.exe
2014-06-03 19:32 - 2014-06-03 19:32 - 00001454 _____ () C:\Users\kitty\Desktop\AdwCleaner[R5].txt
2014-06-03 19:29 - 2014-06-03 19:29 - 00007063 _____ () C:\Users\kitty\Desktop\aswBoot.txt
2014-06-03 11:06 - 2014-06-03 11:06 - 00237568 _____ (www.CompulsiveCode.com) C:\Users\kitty\Desktop\JPEGtoPDF37.exe
2014-06-03 10:17 - 2014-06-03 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
2014-06-03 10:17 - 2014-06-03 10:17 - 00000000 ____D () C:\Program Files\Tracker Software
2014-06-03 09:24 - 2014-06-03 09:24 - 00000000 ____D () C:\Program Files\gs
2014-06-03 09:22 - 2014-06-03 10:35 - 00011290 _____ () C:\Users\kitty\gsview64.ini
2014-06-03 09:21 - 2014-06-03 09:22 - 00000000 ____D () C:\Program Files\Ghostgum
2014-06-03 01:10 - 2014-06-03 01:10 - 00008955 _____ () C:\Users\kitty\Desktop\Gmer.txt
2014-06-03 00:53 - 2014-06-03 00:53 - 00380416 _____ () C:\Users\kitty\Desktop\Gmer-19357.exe
2014-06-03 00:48 - 2014-06-11 10:32 - 00000000 ____D () C:\FRST
2014-06-03 00:47 - 2014-06-11 10:32 - 02081792 _____ (Farbar) C:\Users\kitty\Desktop\FRST64.exe
2014-06-03 00:37 - 2014-06-03 00:38 - 00000472 _____ () C:\Users\kitty\Desktop\defogger_disable.log
2014-06-03 00:37 - 2014-06-03 00:37 - 00000000 _____ () C:\Users\kitty\defogger_reenable
2014-06-03 00:36 - 2014-06-03 00:36 - 00050477 _____ () C:\Users\kitty\Desktop\Defogger.exe
2014-05-23 13:28 - 2014-05-23 13:28 - 00000000 ____D () C:\ProgramData\PDF Architect
2014-05-23 11:25 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-23 11:24 - 2014-06-06 22:08 - 00000000 ____D () C:\AdwCleaner
2014-05-23 09:45 - 2014-05-23 09:45 - 00000000 ____D () C:\Users\kitty\Documents\Simply Super Software
2014-05-23 09:31 - 2014-06-05 23:28 - 00000000 ____D () C:\ProgramData\TEMP
2014-05-23 09:31 - 2014-05-23 09:31 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-23 09:29 - 2014-05-23 09:45 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-05-23 00:27 - 2014-05-23 00:27 - 00000000 _____ () C:\autoexec.bat
2014-05-23 00:16 - 2014-05-23 00:16 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-22 23:55 - 2014-06-01 21:23 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-19 12:38 - 2014-05-23 13:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-16 00:33 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 00:33 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 00:33 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-16 00:33 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-16 00:33 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-16 00:33 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 20:16 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 20:16 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 20:15 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 20:15 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 20:15 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 20:15 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 20:15 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 20:15 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 20:15 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 20:15 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 20:15 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 20:15 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 20:15 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 20:15 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 20:14 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 20:14 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 20:14 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 20:14 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 20:14 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 20:14 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 20:14 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 20:14 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 20:14 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 20:14 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 20:14 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 20:14 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 20:14 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 20:14 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 20:14 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 20:14 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 20:14 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 20:14 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 20:14 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 20:14 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 20:14 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
==================== One Month Modified Files and Folders =======
2014-06-11 10:34 - 2014-06-06 22:56 - 00016686 _____ () C:\Users\kitty\Desktop\FRST.txt
2014-06-11 10:34 - 2012-06-02 15:19 - 00000000 ____D () C:\Users\kitty\AppData\Local\Temp
2014-06-11 10:33 - 2012-03-08 08:49 - 01954869 _____ () C:\Windows\WindowsUpdate.log
2014-06-11 10:32 - 2014-06-11 10:32 - 00000000 ____D () C:\Users\kitty\Desktop\FRST-OlderVersion
2014-06-11 10:32 - 2014-06-03 00:48 - 00000000 ____D () C:\FRST
2014-06-11 10:32 - 2014-06-03 00:47 - 02081792 _____ (Farbar) C:\Users\kitty\Desktop\FRST64.exe
2014-06-11 10:29 - 2012-07-07 09:22 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-11 10:29 - 2012-06-03 11:51 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-11 10:28 - 2013-07-20 20:53 - 00000384 _____ () C:\Windows\Tasks\SLOW-PCfighter64-kitty-Notification.job
2014-06-11 10:28 - 2013-07-01 00:03 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-11 10:28 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-11 10:28 - 2009-07-14 06:51 - 00102844 _____ () C:\Windows\setupact.log
2014-06-06 22:45 - 2012-06-02 16:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-06 22:44 - 2014-06-06 22:44 - 00006081 _____ () C:\Users\kitty\Desktop\JRT.txt
2014-06-06 22:21 - 2013-07-01 00:03 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-06 22:18 - 2014-06-06 22:18 - 00000000 ____D () C:\Windows\ERUNT
2014-06-06 22:17 - 2009-07-14 06:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-06 22:17 - 2009-07-14 06:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-06 22:10 - 2014-06-06 22:10 - 00001635 _____ () C:\Users\kitty\Desktop\AdwCleaner[S6].txt
2014-06-06 22:09 - 2010-11-21 05:47 - 00270800 _____ () C:\Windows\PFRO.log
2014-06-06 22:08 - 2014-05-23 11:24 - 00000000 ____D () C:\AdwCleaner
2014-06-06 22:04 - 2014-06-06 22:04 - 01333465 _____ () C:\Users\kitty\Desktop\adwcleaner_3.212.exe
2014-06-06 21:58 - 2014-06-06 21:58 - 01016261 _____ (Thisisu) C:\Users\kitty\Desktop\JRT.exe
2014-06-06 21:30 - 2013-12-22 23:22 - 00000000 ____D () C:\Users\kitty\AppData\Roaming\vlc
2014-06-06 21:28 - 2010-11-21 08:50 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-06-06 21:28 - 2010-11-21 08:50 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-06-06 21:28 - 2009-07-14 07:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-05 23:45 - 2014-06-05 23:45 - 00022952 _____ () C:\Users\kitty\Desktop\Combo.txt
2014-06-05 23:44 - 2014-06-05 23:44 - 00022952 _____ () C:\ComboFix.txt
2014-06-05 23:44 - 2014-06-05 23:44 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-05 23:44 - 2014-06-05 23:44 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-05 23:44 - 2014-06-05 23:44 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-05 23:44 - 2014-06-05 23:12 - 00000000 ____D () C:\Qoobox
2014-06-05 23:40 - 2014-06-05 23:11 - 00000000 ____D () C:\Windows\erdnt
2014-06-05 23:38 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-05 23:35 - 2012-06-02 15:19 - 00000000 ____D () C:\Users\kitty
2014-06-05 23:28 - 2014-05-23 09:31 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-05 23:11 - 2014-06-05 23:10 - 05205146 ____R (Swearware) C:\Users\kitty\Desktop\ComboFix.exe
2014-06-03 19:32 - 2014-06-03 19:32 - 00001454 _____ () C:\Users\kitty\Desktop\AdwCleaner[R5].txt
2014-06-03 19:29 - 2014-06-03 19:29 - 00007063 _____ () C:\Users\kitty\Desktop\aswBoot.txt
2014-06-03 11:09 - 2012-06-28 18:16 - 02011648 ___SH () C:\Users\kitty\Desktop\Thumbs.db
2014-06-03 11:06 - 2014-06-03 11:06 - 00237568 _____ (www.CompulsiveCode.com) C:\Users\kitty\Desktop\JPEGtoPDF37.exe
2014-06-03 10:35 - 2014-06-03 09:22 - 00011290 _____ () C:\Users\kitty\gsview64.ini
2014-06-03 10:17 - 2014-06-03 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
2014-06-03 10:17 - 2014-06-03 10:17 - 00000000 ____D () C:\Program Files\Tracker Software
2014-06-03 09:37 - 2012-06-02 15:24 - 00000000 ____D () C:\Users\kitty\AppData\Local\VirtualStore
2014-06-03 09:24 - 2014-06-03 09:24 - 00000000 ____D () C:\Program Files\gs
2014-06-03 09:22 - 2014-06-03 09:21 - 00000000 ____D () C:\Program Files\Ghostgum
2014-06-03 01:10 - 2014-06-03 01:10 - 00008955 _____ () C:\Users\kitty\Desktop\Gmer.txt
2014-06-03 00:53 - 2014-06-03 00:53 - 00380416 _____ () C:\Users\kitty\Desktop\Gmer-19357.exe
2014-06-03 00:38 - 2014-06-03 00:37 - 00000472 _____ () C:\Users\kitty\Desktop\defogger_disable.log
2014-06-03 00:37 - 2014-06-03 00:37 - 00000000 _____ () C:\Users\kitty\defogger_reenable
2014-06-03 00:36 - 2014-06-03 00:36 - 00050477 _____ () C:\Users\kitty\Desktop\Defogger.exe
2014-06-02 23:31 - 2013-01-30 22:20 - 00000000 ____D () C:\ProgramData\AAV
2014-06-01 23:33 - 2012-06-02 15:42 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-01 21:23 - 2014-05-22 23:55 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-23 14:08 - 2011-08-22 11:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2014-05-23 14:06 - 2011-08-22 11:16 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA
2014-05-23 14:06 - 2011-08-22 11:10 - 00000000 ____D () C:\Program Files\TOSHIBA
2014-05-23 14:00 - 2011-08-22 11:10 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-23 13:28 - 2014-05-23 13:28 - 00000000 ____D () C:\ProgramData\PDF Architect
2014-05-23 13:22 - 2014-05-19 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-23 13:22 - 2011-08-22 11:10 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-23 13:17 - 2013-12-18 11:19 - 00000000 ____D () C:\Program Files (x86)\HP
2014-05-23 13:15 - 2011-08-22 11:16 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-23 13:15 - 2011-08-22 11:16 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-23 13:12 - 2013-04-11 00:05 - 00000000 ____D () C:\Users\kitty\AppData\Roaming\Amazon
2014-05-23 13:12 - 2013-04-11 00:04 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-05-23 13:12 - 2012-06-02 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2014-05-23 09:45 - 2014-05-23 09:45 - 00000000 ____D () C:\Users\kitty\Documents\Simply Super Software
2014-05-23 09:45 - 2014-05-23 09:29 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-05-23 09:31 - 2014-05-23 09:31 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-23 00:27 - 2014-05-23 00:27 - 00000000 _____ () C:\autoexec.bat
2014-05-23 00:16 - 2014-05-23 00:16 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-22 23:40 - 2012-06-02 16:03 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-22 23:40 - 2012-06-02 16:03 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-22 23:40 - 2012-06-02 16:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-22 23:38 - 2012-06-02 15:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-22 10:58 - 2013-09-15 11:01 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-05-19 11:19 - 2012-10-25 00:42 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-19 11:15 - 2013-07-23 17:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-19 11:13 - 2012-06-02 15:24 - 00000000 ___RD () C:\Users\kitty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-19 11:13 - 2012-06-02 15:19 - 00000000 ___RD () C:\Users\kitty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-19 11:08 - 2014-04-28 10:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 00:02 - 2012-06-04 22:13 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-12 13:48 - 2013-12-27 23:20 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-12 13:48 - 2012-06-03 12:15 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-12 13:48 - 2012-06-03 12:15 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
Some content of TEMP:
====================
C:\Users\kitty\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-05-16 00:34
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-06-2014
Ran by kitty at 2014-06-11 10:35:33
Running from C:\Users\kitty\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD Media Foundation Decoders (Version: 1.0.60628.2255 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0628.2340.40663 - Ihr Firmenname) Hidden
ATI Catalyst Install Manager (HKLM\...\{6167672A-758D-9960-C32C-47A15E180A70}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0628.2340.40663 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0628.2340.40663 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0628.2340.40663 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help English (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help French (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help German (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
ccc-utility64 (Version: 2011.0628.2340.40663 - ATI) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dungeon Siege 2 (HKLM-x32\...\DungeonSiege2) (Version: - Microsoft)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
High-Definition Video Playback (x32 Version: 7.3.10900.8.0 - Nero AG) Hidden
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4615.1002 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.1.1 (x86 de)) (Version: 24.1.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10900.8.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10400.2.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.12700.0.7 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10300.1.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.15100.59.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{2063D199-D79F-471A-9019-9E647296394D}) (Version: 10.6.10300 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
NeroKwikMedia Help (CHM) (x32 Version: 10.6.10900 - Nero AG) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.308.0 - Tracker Software Products Ltd)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poker at bet365 (HKCU\...\bet365poker) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.30.1019.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6241 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SLOW-PCfighter (HKLM\...\SLOW-PCfighter) (Version: 1.7.52 - SPAMfighter ApS.)
SLOW-PCfighter (Version: 1.7.52 - SPAMfighter ApS) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.16.0 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.01.00 - TOSHIBA CORPORATION)
TOSHIBA ConfigFree (HKLM-x32\...\{F52618B2-A995-4F8D-A6C8-9E235A470C68}) (Version: 8.0.36 - TOSHIBA CORPORATION)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.11C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.34C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.34C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.5 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (x32 Version: 1.63.51.2C - TOSHIBA CORPORATION) Hidden
TOSHIBA Supervisorkennwort (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.22.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.22.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.22.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 1.1.5.7 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 1.1.5.7 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}) (Version: 1.0.4 - TOSHIBA CORPORATION)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: - )
TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden
Utility Common Driver (x32 Version: 1.0.52.2C - TOSHIBA) Hidden
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Restore Points =========================
06-05-2014 08:46:52 Windows Update
19-05-2014 09:22:09 Windows Update
23-05-2014 07:31:13 Windows Update
23-05-2014 11:14:12 Removed HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät
23-05-2014 11:16:22 Removed HP Update.
23-05-2014 11:19:57 Removed Java(TM) 6 Update 20
23-05-2014 11:24:08 Removed Microsoft Silverlight
23-05-2014 11:27:45 Removed PDF Architect
23-05-2014 11:31:17 Removed SpyHunter
23-05-2014 11:54:30 Steuer-Spar-Erklärung 2013 wurde entfernt.
23-05-2014 11:57:40 Konfiguriert TOSHIBA Bulletin Board
23-05-2014 12:05:41 Removed TOSHIBA Disc Creator
23-05-2014 12:07:32 Removed TOSHIBA TEMPRO
01-06-2014 19:20:44 Removed SpyHunter
01-06-2014 19:26:29 Windows Update
01-06-2014 19:40:26 SLOW-PCfighter (64-bit) Backup
02-06-2014 21:30:38 Removed AAVUpdateManager.
05-06-2014 21:14:41 ComboFix created restore point
06-06-2014 19:24:50 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2014-06-05 23:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0A81A88A-DED8-430F-B2AE-4306D4451D29} - System32\Tasks\SLOW-PCfighter64-kitty-Notification => C:\Program Files\Fighters\SLOW-PCfighter\Sync.exe [2013-02-25] (SPAMfighter ApS)
Task: {3266498F-225C-4981-B474-C3A939B62BAC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-05-22] (Microsoft Corporation)
Task: {506CE264-6677-49DF-93CF-90FE40422E24} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION)
Task: {69986ACF-D0BE-46DD-980A-70DCC62EFC11} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-08] (AVAST Software)
Task: {82EC200F-DACD-4989-9911-50F2984B3C93} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-01] (Google Inc.)
Task: {958FA99F-9322-4BC3-B40E-9796E5C0F5C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-01] (Google Inc.)
Task: {989C2EFE-FBCD-425D-8337-854DD9956A83} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {C6A84BEA-68DE-4446-95DF-4BFFCD7BC84D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-22] (Adobe Systems Incorporated)
Task: {EC0DCBF2-E14E-4504-8545-CD8C7B390BED} - \DealPly No Task File <==== ATTENTION
Task: {F3E8B627-B55D-4E65-89BF-0612AC81F1CF} - System32\Tasks\{F25A7CF2-5E07-4815-A965-5DC9C1B6A214} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsMain
Task: {F66E63DE-2B3C-4127-85AC-F4C5D6BD5755} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-04-15] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SLOW-PCfighter64-kitty-Notification.job => C:\Program Files\Fighters\SLOW-PCfighter\Sync.exe
==================== Loaded Modules (whitelisted) =============
2014-03-21 20:33 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-09-15 11:02 - 2014-04-15 03:39 - 00630952 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-08-28 10:49 - 2013-08-28 10:49 - 03233806 _____ () C:\Program Files (x86)\Tor\tor.exe
2010-10-28 15:27 - 2010-10-28 15:27 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-10-28 15:27 - 2010-10-28 15:27 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-10-28 15:27 - 2010-10-28 15:27 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-10-28 15:27 - 2010-10-28 15:27 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2011-08-22 11:10 - 2010-08-31 15:21 - 00017272 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-12 20:08 - 2009-03-12 20:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2011-06-29 00:38 - 2011-06-29 00:38 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-22 11:17 - 2011-03-22 11:17 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-02-05 18:44 - 2010-02-05 18:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-06-11 10:29 - 2014-06-11 10:29 - 02774528 _____ () C:\Program Files\AVAST Software\Avast\defs\14061002\algo.dll
2013-12-14 14:47 - 2013-12-14 14:47 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-19 12:38 - 2014-05-19 12:38 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/11/2014 10:29:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (06/11/2014 10:29:36 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.178.23192.168.137.0255.255.255.0
Error: (06/11/2014 10:29:36 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:
Error: (06/11/2014 10:29:35 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (06/11/2014 10:28:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/11/2014 10:28:20 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126
Error: (06/06/2014 11:07:16 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Microsoft Office Sessions:
=========================
Error: (06/11/2014 10:29:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2014-06-05 23:35:14.416
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-06-05 23:35:13.714
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-06-05 23:30:38.873
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\kitty\AppData\Local\Temp\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-06-05 23:30:38.171
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\kitty\AppData\Local\Temp\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 52%
Total physical RAM: 3691.64 MB
Available physical RAM: 1739.29 MB
Total Pagefile: 7381.45 MB
Available Pagefile: 5214.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: (WINDOWS) (Fixed) (Total:232.88 GB) (Free:174.6 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.49 GB) (Free:202.76 GB) NTFS
Drive e: (DSII_1) (CDROM) (Total:0.55 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 41D68339)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232 GB) - (Type=07 NTFS)
==================== End Of Log ============================
 |
|
11.06.2014, 10:26
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Avast meldete Infektion durch win32:bprotect-D Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=a12627-175&apn_uid=3443417291004858&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\Program Files\Enigma Software Group\
Task: {EC0DCBF2-E14E-4504-8545-CD8C7B390BED} - \DealPly No Task File <==== ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.06.2014, 20:45
| #11 |
| | Windows 7: Avast meldete Infektion durch win32:bprotect-DCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-06-2014
Ran by kitty at 2014-06-11 21:44:26 Run:1
Running from C:\Users\kitty\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=a12627-175&apn_uid=3443417291004858&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\Program Files\Enigma Software Group\
Task: {EC0DCBF2-E14E-4504-8545-CD8C7B390BED} - \DealPly No Task File <==== ATTENTION
*****************
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}' => Key deleted successfully.
'HKCR\CLSID\{52db1893-8a90-4192-aede-08e00b8f8473}'=> Key not found.
esgiguard => Service deleted successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC0DCBF2-E14E-4504-8545-CD8C7B390BED}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC0DCBF2-E14E-4504-8545-CD8C7B390BED}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPly' => Key deleted successfully.
==== End of Fixlog ====
|
|
11.06.2014, 21:18
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Avast meldete Infektion durch win32:bprotect-D Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.06.2014, 08:48
| #13 |
| | Windows 7: Avast meldete Infektion durch win32:bprotect-D Hat ein paar Tagge länger gedauet, aber da sind sie: MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 17.06.2014 Suchlauf-Zeit: 23:22:31 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.06.17.12 Rootkit Datenbank: v2014.06.02.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: kitty Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 288679 Verstrichene Zeit: 30 Min, 32 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 1 PUP.Optional.Babylon.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, In Quarantäne, [6729374291ea251101551cbf798abd43], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 1 PUP.Optional.Softonic.A, C:\Users\kitty\Downloads\SoftonicDownloader_fuer_htc-sync.exe, In Quarantäne, [c7c907727605f64021834ad9936e7e82], Physische Sektoren: 0 (No malicious items detected) (end) ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=d1c26728a537e240ba90acfb5ae50bad
# engine=18765
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-18 12:23:31
# local_time=2014-06-18 02:23:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 1046008 167471501 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 10651 154680861 0 0
# scanned=153409
# found=36
# cleaned=0
# scan_time=7593
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=E15DF75E5B81A209E0E453092C9610C3F8DC7073 ft=1 fh=8918dac93ad3a346 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32cert.dll.vir"
sh=9B56D5787C88CF939DABA1E9273775A1D33EF25F ft=1 fh=8aacdf233e2d6e39 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32prop.dll.vir"
sh=2FA019C3D1CC2BC1905FBD6765DA3CFBE851DD64 ft=1 fh=f275e610e24fd946 vn="Win64/Toolbar.SearchSuite.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64cert.dll.vir"
sh=34ABB88310B01A075382292FDE9F2B6E727E5D66 ft=1 fh=1bef8d0f51d0bf3a vn="Win64/Toolbar.SearchSuite.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64prop.dll.vir"
sh=143416AAC4F6000C3A3235EB4EC955B4D0B6955E ft=1 fh=b68409d87b15670c vn="Win32/DealPly.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kitty\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe.vir"
sh=CE319E0C89B49BBFB86CB35B99D7285010399388 ft=1 fh=4f1cb13a80a48361 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{9473F86A-8CD2-0C01-CF9E-946854F63D87}\components\SafetyNutHlpFF10.dll"
sh=E052E74688395EFDEE6599B364DE0F8515A28C4B ft=1 fh=40b1758ba044682c vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{9473F86A-8CD2-0C01-CF9E-946854F63D87}\components\SafetyNutHlpFF11.dll"
sh=2110F801FA88EEEC8D01F63F9A2783D3BEA29086 ft=1 fh=45641b4061d5b8ed vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{9473F86A-8CD2-0C01-CF9E-946854F63D87}\components\SafetyNutHlpFF12.dll"
sh=655DFB6ACA3FBB9498B5CDE3070A5B5AD63C3F9D ft=1 fh=8e1b4fdbecc7c92c vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{9473F86A-8CD2-0C01-CF9E-946854F63D87}\components\SafetyNutHlpFF13.dll"
sh=C500498236486DE9302E854DA3F14D43ABDB8289 ft=1 fh=16a102d6936a0dbf vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{9473F86A-8CD2-0C01-CF9E-946854F63D87}\components\SafetyNutHlpFF14.dll"
sh=197007BEAC194BD59B0BFBB363166EDD2BB3622F ft=1 fh=b1fa4345597e4b95 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{9473F86A-8CD2-0C01-CF9E-946854F63D87}\components\SafetyNutHlpFF15.dll"
sh=8FF5D06386B4C8CA59A2072854ED814BD877A817 ft=1 fh=3f9bfce8e0e3e4bc vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{9473F86A-8CD2-0C01-CF9E-946854F63D87}\components\SafetyNutHlpFF16.dll"
sh=62DED82824605C3A23B29D3E93816EFEEEF1720F ft=1 fh=6745ad30f1ac9fdc vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{9473F86A-8CD2-0C01-CF9E-946854F63D87}\components\SafetyNutHlpFF17.dll"
sh=7F2251FCC5069A785918D8DC63702357398EF923 ft=1 fh=9140341d95799125 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{9473F86A-8CD2-0C01-CF9E-946854F63D87}\components\SafetyNutHlpFF18.dll"
sh=452A55D15F34E73AB47FEAE178AA5FA6274F8385 ft=1 fh=0532f98d94edb5a9 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{9473F86A-8CD2-0C01-CF9E-946854F63D87}\components\SafetyNutHlpFF19.dll"
sh=25C35AC4EB64AFD9789A9C5A8639E1A7C283EFB3 ft=1 fh=5282b30ec55a5c65 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{9473F86A-8CD2-0C01-CF9E-946854F63D87}\components\SafetyNutHlpFF2.dll"
sh=87E5A12573F45E6020A2261DAAA0548593CE49FB ft=1 fh=27d660d8e3d0987e vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{9473F86A-8CD2-0C01-CF9E-946854F63D87}\components\SafetyNutHlpFF20.dll"
sh=9D95705B9D42EB565E189B40F9F4A8BFFAFB4FCC ft=1 fh=4ebf007076735cbe vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{9473F86A-8CD2-0C01-CF9E-946854F63D87}\components\SafetyNutHlpFF21.dll"
sh=EAC97B626C6445F531DDC6C3A7AD516268DE93FF ft=1 fh=3690320a2f67093b vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{9473F86A-8CD2-0C01-CF9E-946854F63D87}\components\SafetyNutHlpFF22.dll"
sh=CD104484F1346830964F6C9F3B881B8D525B36D6 ft=1 fh=b95ea07c89a0434b vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{9473F86A-8CD2-0C01-CF9E-946854F63D87}\components\SafetyNutHlpFF23.dll"
sh=A3CBEF7BBAFF1B5F6C3B9027F37A39EF56E0D9C4 ft=1 fh=4b9daf84f0891330 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{9473F86A-8CD2-0C01-CF9E-946854F63D87}\components\SafetyNutHlpFF24.dll"
sh=71EF22BA6EEE61610952F1FC0A7A2692C0C5B931 ft=1 fh=64e6c917000e0fdb vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{9473F86A-8CD2-0C01-CF9E-946854F63D87}\components\SafetyNutHlpFF25.dll"
sh=9B10790EDDE217061ECB184CD36887FDEA47B688 ft=1 fh=01247588a82e5e18 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{9473F86A-8CD2-0C01-CF9E-946854F63D87}\components\SafetyNutHlpFF26.dll"
sh=6072061ECB21B9060CD7C754D32D71670B0A9809 ft=1 fh=75591633caf38a6f vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{9473F86A-8CD2-0C01-CF9E-946854F63D87}\components\SafetyNutHlpFF27.dll"
sh=89139A9312492AA287C01F72E9E1FC022DC6F76E ft=1 fh=bf002ceb4e67465b vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{9473F86A-8CD2-0C01-CF9E-946854F63D87}\components\SafetyNutHlpFF4.dll"
sh=D93DF88B133AAE3B9C7357B175CC0AEE13174E10 ft=1 fh=3060a942cce2c77c vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{9473F86A-8CD2-0C01-CF9E-946854F63D87}\components\SafetyNutHlpFF5.dll"
sh=8009E3DDA90C9CBB1DBC734B2B58C0A771978B13 ft=1 fh=102d893396e96fef vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{9473F86A-8CD2-0C01-CF9E-946854F63D87}\components\SafetyNutHlpFF6.dll"
sh=4185392B31474480A3AA51F2AE825E746BFBCA76 ft=1 fh=52995e729c2ca4a4 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{9473F86A-8CD2-0C01-CF9E-946854F63D87}\components\SafetyNutHlpFF7.dll"
sh=431E426EEEE1412EF8DAF5B204FB9D8319B106E8 ft=1 fh=96830cb98eeec989 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{9473F86A-8CD2-0C01-CF9E-946854F63D87}\components\SafetyNutHlpFF8.dll"
sh=3E450C209A7490107D2BADDA2E03B101B17DAF03 ft=1 fh=7d491791a97f975e vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{9473F86A-8CD2-0C01-CF9E-946854F63D87}\components\SafetyNutHlpFF9.dll"
sh=E0D69AA8A393FD98AC9899EF3A143C90DF1503F1 ft=1 fh=47978917b33c8b08 vn="NSIS/StartPage.CC Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\kitty\vlc-2.1.2-win32.exe.vir"
sh=65B1B3B6FA324779175F137BB589BF846F5F72C5 ft=1 fh=d87e9cab76457cee vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsv7216.tmp\Starter.exe"
sh=CC7EBD4BA7795FD75313069A1DC445B27F3914CE ft=1 fh=f16081f84df83856 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsv7216.tmp\~nsb8838.tmp"
sh=65B1B3B6FA324779175F137BB589BF846F5F72C5 ft=1 fh=d87e9cab76457cee vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsv7216.tmp\Starter.exe"
sh=CC7EBD4BA7795FD75313069A1DC445B27F3914CE ft=1 fh=f16081f84df83856 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsv7216.tmp\~nsb8838.tmp"
|
|
18.06.2014, 10:25
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Avast meldete Infektion durch win32:bprotect-D Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\extensions\{9473F86A-8CD2-0C01-CF9E-946854F63D87}
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsv7216.tmp
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.06.2014, 15:20
| #15 |
| | Windows 7: Avast meldete Infektion durch win32:bprotect-DCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-06-2014
Ran by kitty at 2014-06-18 16:19:44 Run:2
Running from C:\Users\kitty\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\extensions\{9473F86A-8CD2-0C01-CF9E-946854F63D87}
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsv7216.tmp
*****************
C:\extensions\{9473F86A-8CD2-0C01-CF9E-946854F63D87} => Moved successfully.
"C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsv7216.tmp" => File/Directory not found.
==== End of Fixlog ====
|
|
| Themen zu Windows 7: Avast meldete Infektion durch win32:bprotect-D |
| antivirus, association, branding, device driver, explorer, flash player, home, homepage, installation, internet, nsis/startpage.cc, office 365, pup.optional.babylon.a, pup.optional.softonic.a, registry, services.exe, siteadvisor, spyhunter, spyhunter entfernen, super, svchost.exe, usb, win32/adware.yontoo.b, win32/dealply.b, win32/toolbar.searchsuite.m, win32/toolbar.searchsuite.q, win64/toolbar.searchsuite.b, windows |
ownloader-TPG [PUP], In Container verschoben
WARNUNG an die MITLESER: 
Linear-Darstellung
