Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Sweet-Page und und und.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.03.2014, 15:42   #1
kuhlambo12
 
Sweet-Page und und und. - Standard

Sweet-Page und und und.



Moin,
ich melde mich hier von dem Laptop meiner Mutter auf dem ich heute Sweetpage und FindRight etc. finden durfte.

Allgemein sieht der Toplappen sehr zugemüllt aus.
Sweetpage habe ich aus der Systemsteuerung gelöscht sind aber dennoch Reste über laut FRST64.

Hier die Logs.


Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-03-2014
Ran by Sabine (administrator) on LÄPPI on 01-03-2014 16:35:28
Running from C:\Users\Sabine\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\windows\syswow64\wwahost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [X]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2611112 2012-09-04] ()
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-20] (SRS Labs, Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-01] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] - C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7148032 2012-10-31] (Pegatron Corporation)
HKLM-x32\...\Run: [TPUReg(x86)] - "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-07] (AVAST Software)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1393055792&from=cor&uid=HitachiXHTS547550A9E384_120912J2360051FVTSZCX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1393055792&from=cor&uid=HitachiXHTS547550A9E384_120912J2360051FVTSZCX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1393055792&from=cor&uid=HitachiXHTS547550A9E384_120912J2360051FVTSZCX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1393055792&from=cor&uid=HitachiXHTS547550A9E384_120912J2360051FVTSZCX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=sc&ts=1393055792&from=cor&uid=HitachiXHTS547550A9E384_120912J2360051FVTSZCX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1393055792&from=cor&uid=HitachiXHTS547550A9E384_120912J2360051FVTSZCX&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1393055792&from=cor&uid=HitachiXHTS547550A9E384_120912J2360051FVTSZCX&q={searchTerms}
SearchScopes: HKLM - {6A6E00A3-CE42-408C-B05C-B8376F477BB7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1393055792&from=cor&uid=HitachiXHTS547550A9E384_120912J2360051FVTSZCX&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1393055792&from=cor&uid=HitachiXHTS547550A9E384_120912J2360051FVTSZCX&q={searchTerms}
SearchScopes: HKLM-x32 - {6A6E00A3-CE42-408C-B05C-B8376F477BB7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6A6E00A3-CE42-408C-B05C-B8376F477BB7} URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Extension: (Google Docs) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-27]
CHR Extension: (Google Drive) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-27]
CHR Extension: (YouTube) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-27]
CHR Extension: (Adblock Plus) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-07-29]
CHR Extension: (Google-Suche) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-27]
CHR Extension: (avast! Online Security) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-09-14]
CHR Extension: (Google Wallet) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Google Mail) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-27]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2013-07-27]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-07] (AVAST Software)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-09-25] (Toshiba Europe GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [78648 2014-02-07] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-10-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-24] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1038072 2014-02-07] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [421704 2014-02-07] (AVAST Software)
R3 aswStm; C:\windows\system32\drivers\aswStm.sys [80184 2014-02-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-07] ()
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-01 16:35 - 2014-03-01 16:35 - 00013690 _____ () C:\Users\Sabine\Desktop\FRST.txt
2014-03-01 16:35 - 2014-03-01 16:35 - 00000000 ____D () C:\FRST
2014-03-01 16:33 - 2014-03-01 16:33 - 02155520 _____ (Farbar) C:\Users\Sabine\Desktop\FRST64.exe
2014-03-01 16:06 - 2014-03-01 16:06 - 00003029 _____ () C:\Users\Sabine\Desktop\Microsoft Word 2010.lnk
2014-03-01 16:05 - 2014-03-01 16:05 - 00000000 ____D () C:\windows\PCHEALTH
2014-03-01 16:03 - 2014-03-01 16:03 - 00000000 ____D () C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-03-01 16:01 - 2014-03-01 16:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-01 16:01 - 2014-03-01 16:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-01 16:01 - 2014-03-01 16:01 - 00000000 ____D () C:\Users\Sabine\AppData\Local\Microsoft Help
2014-03-01 16:01 - 2014-03-01 16:01 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-03-01 16:01 - 2014-03-01 16:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-03-01 16:00 - 2014-03-01 16:00 - 00000000 __RHD () C:\MSOCache
2014-03-01 15:39 - 2014-03-01 15:40 - 00000000 ____D () C:\Program Files\office.tmp
2014-02-22 09:06 - 2014-02-22 09:07 - 77047096 _____ (Landesfinanzdirektion Thüringen) C:\Users\Sabine\Downloads\ElsterFormular-15.0.20140212p.exe
2014-02-22 08:57 - 2014-02-22 09:16 - 00000000 ____D () C:\ProgramData\WPM
2014-02-22 08:57 - 2014-02-22 09:16 - 00000000 ____D () C:\Program Files (x86)\FindRight
2014-02-22 08:57 - 2014-02-22 08:57 - 126569880 _____ (Landesfinanzdirektion Thüringen) C:\Users\Sabine\Downloads\elsterformular [1].exe
2014-02-22 08:56 - 2014-03-01 15:44 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\sweet-page
2014-02-22 08:55 - 2014-02-22 09:16 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\systweak
2014-02-22 08:55 - 2014-01-21 17:28 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\windows\system32\roboot64.exe
2014-02-22 08:54 - 2014-02-22 08:54 - 00660944 _____ ( ) C:\Users\Sabine\Downloads\elsterformular.exe
2014-02-12 03:17 - 2013-11-27 01:19 - 00385614 _____ () C:\windows\system32\ApnDatabase.xml
2014-02-12 03:17 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2014-02-12 03:17 - 2013-11-01 06:53 - 02232664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-02-12 03:16 - 2014-02-01 10:20 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-12 03:16 - 2014-02-01 10:19 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-12 03:16 - 2014-02-01 10:19 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-12 03:16 - 2014-02-01 10:19 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-02-12 03:16 - 2014-02-01 10:19 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-02-12 03:16 - 2014-02-01 10:18 - 19274240 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-12 03:16 - 2014-02-01 10:18 - 15403520 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-12 03:16 - 2014-02-01 10:18 - 03960320 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-12 03:16 - 2014-02-01 10:18 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-12 03:16 - 2014-02-01 10:18 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-02-12 03:16 - 2014-02-01 10:18 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-12 03:16 - 2014-02-01 10:18 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-12 03:16 - 2014-02-01 10:18 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-02-12 03:16 - 2014-02-01 10:18 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-12 03:16 - 2014-02-01 10:18 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-12 03:16 - 2014-02-01 10:18 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-12 03:16 - 2014-02-01 08:58 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-12 03:16 - 2014-02-01 08:58 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-12 03:16 - 2014-02-01 08:58 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-02-12 03:16 - 2014-02-01 08:57 - 14359040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-12 03:16 - 2014-02-01 08:57 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-12 03:16 - 2014-02-01 08:57 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-12 03:16 - 2014-02-01 08:57 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-12 03:16 - 2014-02-01 08:57 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-02-12 03:16 - 2014-02-01 08:57 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-12 03:16 - 2014-02-01 08:57 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-12 03:16 - 2014-02-01 08:57 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-02-12 03:16 - 2014-02-01 08:57 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-12 03:16 - 2014-02-01 08:57 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-12 03:16 - 2014-02-01 08:57 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-12 03:16 - 2014-02-01 08:40 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-12 03:16 - 2014-02-01 08:34 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-12 03:16 - 2014-02-01 06:08 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-02-12 03:16 - 2013-12-09 01:45 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-02-12 03:16 - 2013-12-09 00:59 - 00600064 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-12 03:16 - 2013-12-05 00:43 - 01845248 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-12 03:16 - 2013-12-05 00:37 - 01419264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-02-12 03:15 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-12 03:15 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-02-12 03:15 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-02-12 03:15 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-02-07 04:34 - 2014-02-07 04:34 - 00080184 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-02-02 10:44 - 2014-02-02 10:44 - 00000307 _____ () C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Systemsteuerung.lnk

==================== One Month Modified Files and Folders =======

2014-03-01 16:35 - 2014-03-01 16:35 - 00013690 _____ () C:\Users\Sabine\Desktop\FRST.txt
2014-03-01 16:35 - 2014-03-01 16:35 - 00000000 ____D () C:\FRST
2014-03-01 16:33 - 2014-03-01 16:33 - 02155520 _____ (Farbar) C:\Users\Sabine\Desktop\FRST64.exe
2014-03-01 16:25 - 2013-07-27 11:21 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4118408264-1509292953-1894101598-1001
2014-03-01 16:15 - 2013-07-27 11:52 - 00001122 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-01 16:13 - 2013-07-27 11:11 - 01784999 _____ () C:\windows\WindowsUpdate.log
2014-03-01 16:11 - 2014-03-01 16:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-01 16:06 - 2014-03-01 16:06 - 00003029 _____ () C:\Users\Sabine\Desktop\Microsoft Word 2010.lnk
2014-03-01 16:05 - 2014-03-01 16:05 - 00000000 ____D () C:\windows\PCHEALTH
2014-03-01 16:05 - 2014-03-01 16:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-01 16:03 - 2014-03-01 16:03 - 00000000 ____D () C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-03-01 16:03 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-01 16:01 - 2014-03-01 16:01 - 00000000 ____D () C:\Users\Sabine\AppData\Local\Microsoft Help
2014-03-01 16:01 - 2014-03-01 16:01 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-03-01 16:01 - 2014-03-01 16:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-03-01 16:01 - 2012-07-26 08:52 - 00000000 ____D () C:\windows\ShellNew
2014-03-01 16:00 - 2014-03-01 16:00 - 00000000 __RHD () C:\MSOCache
2014-03-01 16:00 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\sru
2014-03-01 15:44 - 2014-02-22 08:56 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\sweet-page
2014-03-01 15:44 - 2013-07-27 11:53 - 00002186 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-01 15:44 - 2013-07-27 11:14 - 00001453 _____ () C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-01 15:40 - 2014-03-01 15:39 - 00000000 ____D () C:\Program Files\office.tmp
2014-03-01 15:38 - 2013-07-27 11:52 - 00001118 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-01 10:51 - 2013-07-27 11:12 - 00000000 ____D () C:\Users\Sabine\AppData\Local\Packages
2014-02-27 04:40 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-02-22 09:16 - 2014-02-22 08:57 - 00000000 ____D () C:\ProgramData\WPM
2014-02-22 09:16 - 2014-02-22 08:57 - 00000000 ____D () C:\Program Files (x86)\FindRight
2014-02-22 09:16 - 2014-02-22 08:55 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\systweak
2014-02-22 09:07 - 2014-02-22 09:06 - 77047096 _____ (Landesfinanzdirektion Thüringen) C:\Users\Sabine\Downloads\ElsterFormular-15.0.20140212p.exe
2014-02-22 08:57 - 2014-02-22 08:57 - 126569880 _____ (Landesfinanzdirektion Thüringen) C:\Users\Sabine\Downloads\elsterformular [1].exe
2014-02-22 08:54 - 2014-02-22 08:54 - 00660944 _____ ( ) C:\Users\Sabine\Downloads\elsterformular.exe
2014-02-19 10:47 - 2013-08-16 09:11 - 00000000 ____D () C:\windows\system32\MRT
2014-02-19 10:45 - 2013-07-29 08:53 - 88567024 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-17 23:03 - 2013-11-15 04:54 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-02-17 23:03 - 2013-11-15 04:54 - 00078304 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-16 21:10 - 2013-07-27 11:52 - 00004094 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-16 21:10 - 2013-07-27 11:52 - 00003858 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-14 04:35 - 2012-08-01 17:38 - 00753134 _____ () C:\windows\system32\perfh007.dat
2014-02-14 04:35 - 2012-08-01 17:38 - 00155826 _____ () C:\windows\system32\perfc007.dat
2014-02-14 04:35 - 2012-07-26 08:28 - 01745416 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-14 04:30 - 2012-07-26 08:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-13 05:15 - 2012-07-26 06:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-02-07 16:36 - 2012-11-14 03:05 - 00122708 _____ () C:\windows\PFRO.log
2014-02-07 04:35 - 2013-07-27 18:28 - 00001977 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-07 04:34 - 2014-02-07 04:34 - 00080184 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-02-07 04:34 - 2013-07-27 18:28 - 01038072 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-02-07 04:34 - 2013-07-27 18:28 - 00421704 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-02-07 04:34 - 2013-07-27 18:28 - 00334136 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-02-07 04:34 - 2013-07-27 18:28 - 00207904 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-02-07 04:34 - 2013-07-27 18:28 - 00078648 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-02-07 04:34 - 2013-07-27 18:28 - 00003924 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-02-07 04:34 - 2013-07-27 18:27 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-02-02 10:44 - 2014-02-02 10:44 - 00000307 _____ () C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Systemsteuerung.lnk
2014-02-02 10:01 - 2012-07-26 08:21 - 00024404 _____ () C:\windows\setupact.log
2014-02-01 10:20 - 2014-02-12 03:16 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-01 10:19 - 2014-02-12 03:16 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-01 10:19 - 2014-02-12 03:16 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-01 10:19 - 2014-02-12 03:16 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-02-01 10:19 - 2014-02-12 03:16 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-02-01 10:18 - 2014-02-12 03:16 - 19274240 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-01 10:18 - 2014-02-12 03:16 - 15403520 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-01 10:18 - 2014-02-12 03:16 - 03960320 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-01 10:18 - 2014-02-12 03:16 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-01 10:18 - 2014-02-12 03:16 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-02-01 10:18 - 2014-02-12 03:16 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-01 10:18 - 2014-02-12 03:16 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-01 10:18 - 2014-02-12 03:16 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-02-01 10:18 - 2014-02-12 03:16 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-01 10:18 - 2014-02-12 03:16 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-01 10:18 - 2014-02-12 03:16 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-01 08:58 - 2014-02-12 03:16 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-01 08:58 - 2014-02-12 03:16 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-01 08:58 - 2014-02-12 03:16 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-02-01 08:57 - 2014-02-12 03:16 - 14359040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-01 08:57 - 2014-02-12 03:16 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-01 08:57 - 2014-02-12 03:16 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-01 08:57 - 2014-02-12 03:16 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-01 08:57 - 2014-02-12 03:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-02-01 08:57 - 2014-02-12 03:16 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-01 08:57 - 2014-02-12 03:16 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-01 08:57 - 2014-02-12 03:16 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-02-01 08:57 - 2014-02-12 03:16 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-01 08:57 - 2014-02-12 03:16 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-01 08:57 - 2014-02-12 03:16 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-01 08:40 - 2014-02-12 03:16 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-01 08:34 - 2014-02-12 03:16 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-01 06:08 - 2014-02-12 03:16 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll

Some content of TEMP:
====================
C:\Users\Sabine\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Sabine\AppData\Local\Temp\Setup.X86.de-DE_O365HomePremRetail_fa07fa8e-dc9f-40bf-979a-c906983097ca_TX_DB_ (1).exe
C:\Users\Sabine\AppData\Local\Temp\Setup.X86.de-DE_O365HomePremRetail_fa07fa8e-dc9f-40bf-979a-c906983097ca_TX_DB_.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-27 07:15

==================== End Of Log ============================
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-03-2014
Ran by Sabine at 2014-03-01 16:36:06
Running from C:\Users\Sabine\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Definition update for Microsoft Office 2010 (KB982726) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E14AE329-F210-4EDD-B775-290821C66C1F}) (Version:  - Microsoft)
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33268) (Version: 3.6.1.33268.15 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nero 12 Essentials Toshiba (HKLM-x32\...\{2EF76291-8647-46F0-89D8-0AA8B72A5420}) (Version: 12.0.00600 - Nero AG)
Nero BackItUp (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero BackItUp Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.17500 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.4000 - Nero AG) Hidden
Nero BurnRights (x32 Version: 12.0.5000 - Nero AG) Hidden
Nero BurnRights Help (CHM) (x32 Version: 12.0.5000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.15300 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.5000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.18200 - Nero AG) Hidden
Nero Express (x32 Version: 12.0.20000 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 12.0.5000 - Nero AG) Hidden
Nero Kwik Media (x32 Version: 1.18.18900 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 12.0.4000 - Nero AG) Hidden
Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.6000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.9000 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.5000 - SRS Labs, Inc.)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Realtek Bluetooth Filter Driver Package (HKLM-x32\...\InstallShield_{0CC0980D-811D-43B8-A455-8D150EB5BC0D}) (Version: 12.24.2012.0802 - REALTEK Semiconductor Corp)
Realtek Bluetooth Filter Driver Package (x32 Version: 12.24.2012.0802 - REALTEK Semiconductor Corp) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6738 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6626.6406 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
Toshiba Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 2.00.972 - Toshiba Corporation)
Toshiba Password Utility (x32 Version: 2.00.972 - Toshiba Corporation) Hidden
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.1.54043006 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0015 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.2.2 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Welcome App (Start-up experience) (x32 Version: 12.0.14000 - Nero AG) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden
Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth  (07/11/2012 2.3.13.3) (HKLM\...\57F58DC141BEB353704E041792E5B00606694FEA) (Version: 07/11/2012 2.3.13.3 - Realtek Semiconductor Corp.)

==================== Restore Points  =========================

12-02-2014 03:00:17 Windows Update
19-02-2014 09:44:52 Windows Update
22-02-2014 08:01:19 RegClean Pro Sa, Feb 22, 14  09:01
01-03-2014 15:00:20 Installed Microsoft Office Home and Student 2010

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {476553E5-CB3D-458F-94C3-7D518D8F79D5} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2012-09-25] (Toshiba Europe GmbH)
Task: {6D3F6E6E-8503-4E37-8A5E-4809916F7EC5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-27] (Google Inc.)
Task: {9A0C5FF2-44D2-4BB0-8B69-C45C4CBD0722} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {BCF6FEEA-8AB7-49F5-88C5-AF23C7B17719} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)
Task: {C384932C-0316-49C9-8E5A-6889A76D11E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-27] (Google Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C9D6ACA8-B8DF-4FA7-ACCD-FAEFA0047269} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-07] (AVAST Software)
Task: {CC2BDBC3-5414-4C4D-899A-32B9CC5741A3} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-4118408264-1509292953-1894101598-1001
Task: {CCC28DC6-C167-4339-98A5-A2681EE0E08A} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-10-13 23:38 - 2011-10-13 23:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2012-08-06 06:36 - 2012-08-06 06:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-04 23:19 - 2012-09-04 23:19 - 02611112 _____ () C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
2012-07-19 03:38 - 2012-07-19 03:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-19 03:38 - 2012-07-19 03:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-14 04:13 - 2012-08-14 04:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2014-02-13 04:38 - 2014-02-12 18:52 - 02180096 _____ () C:\Program Files\AVAST Software\Avast\defs\14021202\algo.dll
2014-03-01 16:30 - 2014-03-01 11:15 - 02186240 _____ () C:\Program Files\AVAST Software\Avast\defs\14030100\algo.dll
2013-02-01 23:51 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-10-24 12:09 - 2013-10-24 12:09 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-21 10:18 - 2014-02-20 02:02 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
2014-02-21 10:18 - 2014-02-20 02:02 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
2014-02-21 10:18 - 2014-02-20 02:02 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
2014-02-21 10:18 - 2014-02-20 02:03 - 04060488 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
2014-02-21 10:18 - 2014-02-20 02:03 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
2014-02-21 10:18 - 2014-02-20 02:02 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/01/2014 04:12:26 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (02/28/2014 04:28:20 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (02/27/2014 04:33:07 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (02/26/2014 04:46:23 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (02/24/2014 04:00:52 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (02/23/2014 09:37:41 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (02/22/2014 06:49:23 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (02/22/2014 05:36:40 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (02/20/2014 06:23:33 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (02/20/2014 04:18:55 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161


System errors:
=============
Error: (02/22/2014 09:16:20 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update FindRight" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/14/2014 04:29:47 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (02/07/2014 04:53:26 PM) (Source: DCOM) (User: LÄPPI)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

Error: (02/07/2014 04:36:09 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (02/07/2014 04:30:59 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (01/29/2014 08:30:47 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (01/26/2014 00:51:47 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (01/21/2014 04:41:06 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (12/21/2013 08:26:43 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0x8000002a171\??\Volume{6513026d-3369-11e2-af07-8d9743929997}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D94670CE-25E8-4FE4-9A81-FBB58C58E909}

Error: (12/21/2013 08:26:08 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0x8000002a78\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\windows\system32\config\SYSTEM


Microsoft Office Sessions:
=========================
Error: (03/01/2014 04:12:26 AM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (02/28/2014 04:28:20 AM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (02/27/2014 04:33:07 AM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (02/26/2014 04:46:23 AM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (02/24/2014 04:00:52 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (02/23/2014 09:37:41 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (02/22/2014 06:49:23 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (02/22/2014 05:36:40 AM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (02/20/2014 06:23:33 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (02/20/2014 04:18:55 AM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161


==================== Memory info =========================== 

Percentage of memory in use: 43%
Total physical RAM: 3979.21 MB
Available physical RAM: 2249.22 MB
Total Pagefile: 4683.21 MB
Available Pagefile: 2857.85 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (TI31018700A) (Fixed) (Total:454.92 GB) (Free:419.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         


Danke für die Hilfe
__________________
Beste Grüße,

Kuhlambo12

Alt 01.03.2014, 16:48   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Sweet-Page und und und. - Standard

Sweet-Page und und und.



hi,

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________

__________________

Alt 01.03.2014, 18:49   #3
kuhlambo12
 
Sweet-Page und und und. - Standard

Sweet-Page und und und.



Moin schrauber,

hier das Logfile von Malwarebytes:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.01.04

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16798
Sabine :: LÄPPI [Administrator]

01.03.2014 18:03:14
mbam-log-2014-03-01 (18-03-14).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 212493
Laufzeit: 4 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 4
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\sweet-pageSoftware (PUP.Optional.SweetPage.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0B1G1O1S0V1G1F -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 3
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (PUP.Optional.SweetPage.A) -> Bösartig: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=sc&ts=1393055792&from=cor&uid=HitachiXHTS547550A9E384_120912J2360051FVTSZCX) Gut: (iexplore.exe) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (PUP.Optional.SweetPage.A) -> Bösartig: (hxxp://www.sweet-page.com/web/?type=ds&ts=1393055792&from=cor&uid=HitachiXHTS547550A9E384_120912J2360051FVTSZCX&q={searchTerms}) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bösartig: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Sabine\AppData\Local\Temp\fullpackage_temp1393055748\package1.zip (PUP.Optional.SkyTech.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sabine\AppData\Local\Temp\fullpackage_temp1393055748\QQBrowserFrame.dll (PUP.Optional.SkyTech.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sabine\AppData\Local\Temp\fullpackage_temp1393055748\tmp\wpm.exe (PUP.Optional.WpManager) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sabine\Downloads\elsterformular.exe (PUP.Optional.Worldsetup) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Der Rest folgt in kürze .

AdwCleaner:

Code:
ATTFilter
# AdwCleaner v3.020 - Bericht erstellt am 01/03/2014 um 18:18:16
# Aktualisiert 27/02/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Sabine - LÄPPI
# Gestartet von : C:\Users\Sabine\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\FindRight
Ordner Gelöscht : C:\Users\Sabine\AppData\Roaming\Systweak
Datei Gelöscht : C:\windows\System32\roboot64.exe

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\systweak

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16798

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v33.0.1750.117

[ Datei : C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2025 octets] - [01/03/2014 18:16:52]
AdwCleaner[S0].txt - [1526 octets] - [01/03/2014 18:18:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1586 octets] ##########
         
JRT-Logfile:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8 x64
Ran by Sabine on 01.03.2014 at 18:23:55,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.03.2014 at 18:28:33,16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-03-2014
Ran by Sabine (administrator) on LÄPPI on 01-03-2014 18:31:41
Running from C:\Users\Sabine\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Microsoft Corporation) C:\windows\system32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [X]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2611112 2012-09-04] ()
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-20] (SRS Labs, Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-01] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] - C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7148032 2012-10-31] (Pegatron Corporation)
HKLM-x32\...\Run: [TPUReg(x86)] - "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-07] (AVAST Software)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {6A6E00A3-CE42-408C-B05C-B8376F477BB7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {6A6E00A3-CE42-408C-B05C-B8376F477BB7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - {6A6E00A3-CE42-408C-B05C-B8376F477BB7} URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Extension: (Google Docs) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-27]
CHR Extension: (Google Drive) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-27]
CHR Extension: (YouTube) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-27]
CHR Extension: (Adblock Plus) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-07-29]
CHR Extension: (Google-Suche) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-27]
CHR Extension: (avast! Online Security) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-09-14]
CHR Extension: (Google Wallet) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Google Mail) - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-27]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2013-07-27]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-07] (AVAST Software)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-09-25] (Toshiba Europe GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [78648 2014-02-07] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-10-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-24] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1038072 2014-02-07] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [421704 2014-02-07] (AVAST Software)
S3 aswStm; C:\windows\system32\drivers\aswStm.sys [80184 2014-02-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-07] ()
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-01 18:31 - 2014-03-01 18:31 - 00011848 _____ () C:\Users\Sabine\Desktop\FRST.txt
2014-03-01 18:30 - 2014-03-01 18:31 - 00000000 ____D () C:\Users\Sabine\Desktop\TB und Security
2014-03-01 18:23 - 2014-03-01 18:23 - 00000000 ____D () C:\windows\ERUNT
2014-03-01 18:16 - 2014-03-01 18:18 - 00000000 ____D () C:\AdwCleaner
2014-03-01 17:58 - 2014-03-01 17:58 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\Malwarebytes
2014-03-01 17:57 - 2014-03-01 17:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-01 17:57 - 2014-03-01 17:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-01 17:57 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-01 16:53 - 2014-03-01 16:53 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-03-01 16:53 - 2014-03-01 16:53 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-03-01 16:35 - 2014-03-01 18:31 - 00000000 ____D () C:\FRST
2014-03-01 16:33 - 2014-03-01 16:33 - 02155520 _____ (Farbar) C:\Users\Sabine\Desktop\FRST64.exe
2014-03-01 16:06 - 2014-03-01 16:06 - 00003029 _____ () C:\Users\Sabine\Desktop\Microsoft Word 2010.lnk
2014-03-01 16:05 - 2014-03-01 16:05 - 00000000 ____D () C:\windows\PCHEALTH
2014-03-01 16:03 - 2014-03-01 16:03 - 00000000 ____D () C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-03-01 16:01 - 2014-03-01 17:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-01 16:01 - 2014-03-01 16:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-01 16:01 - 2014-03-01 16:01 - 00000000 ____D () C:\Users\Sabine\AppData\Local\Microsoft Help
2014-03-01 16:01 - 2014-03-01 16:01 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-03-01 16:01 - 2014-03-01 16:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-03-01 16:00 - 2014-03-01 16:00 - 00000000 __RHD () C:\MSOCache
2014-03-01 15:39 - 2014-03-01 18:13 - 00000000 ____D () C:\Program Files\office.tmp
2014-02-22 09:06 - 2014-02-22 09:07 - 77047096 _____ (Landesfinanzdirektion Thüringen) C:\Users\Sabine\Downloads\ElsterFormular-15.0.20140212p.exe
2014-02-22 08:57 - 2014-02-22 08:57 - 126569880 _____ (Landesfinanzdirektion Thüringen) C:\Users\Sabine\Downloads\elsterformular [1].exe
2014-02-22 08:56 - 2014-03-01 15:44 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\sweet-page
2014-02-12 03:17 - 2013-11-27 01:19 - 00385614 _____ () C:\windows\system32\ApnDatabase.xml
2014-02-12 03:17 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2014-02-12 03:17 - 2013-11-01 06:53 - 02232664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-02-12 03:16 - 2014-02-01 10:20 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-12 03:16 - 2014-02-01 10:19 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-12 03:16 - 2014-02-01 10:19 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-12 03:16 - 2014-02-01 10:19 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-02-12 03:16 - 2014-02-01 10:19 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-02-12 03:16 - 2014-02-01 10:18 - 19274240 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-12 03:16 - 2014-02-01 10:18 - 15403520 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-12 03:16 - 2014-02-01 10:18 - 03960320 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-12 03:16 - 2014-02-01 10:18 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-12 03:16 - 2014-02-01 10:18 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-02-12 03:16 - 2014-02-01 10:18 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-12 03:16 - 2014-02-01 10:18 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-12 03:16 - 2014-02-01 10:18 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-02-12 03:16 - 2014-02-01 10:18 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-12 03:16 - 2014-02-01 10:18 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-12 03:16 - 2014-02-01 10:18 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-12 03:16 - 2014-02-01 08:58 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-12 03:16 - 2014-02-01 08:58 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-12 03:16 - 2014-02-01 08:58 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-02-12 03:16 - 2014-02-01 08:57 - 14359040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-12 03:16 - 2014-02-01 08:57 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-12 03:16 - 2014-02-01 08:57 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-12 03:16 - 2014-02-01 08:57 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-12 03:16 - 2014-02-01 08:57 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-02-12 03:16 - 2014-02-01 08:57 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-12 03:16 - 2014-02-01 08:57 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-12 03:16 - 2014-02-01 08:57 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-02-12 03:16 - 2014-02-01 08:57 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-12 03:16 - 2014-02-01 08:57 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-12 03:16 - 2014-02-01 08:57 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-12 03:16 - 2014-02-01 08:40 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-12 03:16 - 2014-02-01 08:34 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-12 03:16 - 2014-02-01 06:08 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-02-12 03:16 - 2013-12-09 01:45 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-02-12 03:16 - 2013-12-09 00:59 - 00600064 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-12 03:16 - 2013-12-05 00:43 - 01845248 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-12 03:16 - 2013-12-05 00:37 - 01419264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-02-12 03:15 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-12 03:15 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-02-12 03:15 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-02-12 03:15 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-02-07 04:34 - 2014-02-07 04:34 - 00080184 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-02-02 10:44 - 2014-02-02 10:44 - 00000307 _____ () C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Systemsteuerung.lnk

==================== One Month Modified Files and Folders =======

2014-03-01 18:31 - 2014-03-01 18:31 - 00011848 _____ () C:\Users\Sabine\Desktop\FRST.txt
2014-03-01 18:31 - 2014-03-01 18:30 - 00000000 ____D () C:\Users\Sabine\Desktop\TB und Security
2014-03-01 18:31 - 2014-03-01 16:35 - 00000000 ____D () C:\FRST
2014-03-01 18:29 - 2013-07-27 11:11 - 01169942 _____ () C:\windows\WindowsUpdate.log
2014-03-01 18:23 - 2014-03-01 18:23 - 00000000 ____D () C:\windows\ERUNT
2014-03-01 18:23 - 2012-08-01 17:38 - 00753134 _____ () C:\windows\system32\perfh007.dat
2014-03-01 18:23 - 2012-08-01 17:38 - 00155826 _____ () C:\windows\system32\perfc007.dat
2014-03-01 18:23 - 2012-07-26 08:28 - 01745416 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-01 18:19 - 2013-07-27 11:52 - 00001118 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-01 18:19 - 2012-07-26 08:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-01 18:18 - 2014-03-01 18:16 - 00000000 ____D () C:\AdwCleaner
2014-03-01 18:18 - 2012-07-26 06:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-03-01 18:15 - 2013-07-27 11:52 - 00001122 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-01 18:13 - 2014-03-01 15:39 - 00000000 ____D () C:\Program Files\office.tmp
2014-03-01 18:13 - 2014-01-21 04:41 - 00427392 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-01 18:13 - 2012-11-14 03:05 - 00144322 _____ () C:\windows\PFRO.log
2014-03-01 18:00 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\sru
2014-03-01 17:58 - 2014-03-01 17:58 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\Malwarebytes
2014-03-01 17:57 - 2014-03-01 17:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-01 17:57 - 2014-03-01 17:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-01 17:03 - 2014-03-01 16:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-01 16:53 - 2014-03-01 16:53 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-03-01 16:53 - 2014-03-01 16:53 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-03-01 16:33 - 2014-03-01 16:33 - 02155520 _____ (Farbar) C:\Users\Sabine\Desktop\FRST64.exe
2014-03-01 16:25 - 2013-07-27 11:21 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4118408264-1509292953-1894101598-1001
2014-03-01 16:06 - 2014-03-01 16:06 - 00003029 _____ () C:\Users\Sabine\Desktop\Microsoft Word 2010.lnk
2014-03-01 16:05 - 2014-03-01 16:05 - 00000000 ____D () C:\windows\PCHEALTH
2014-03-01 16:05 - 2014-03-01 16:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-01 16:03 - 2014-03-01 16:03 - 00000000 ____D () C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-03-01 16:03 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-01 16:01 - 2014-03-01 16:01 - 00000000 ____D () C:\Users\Sabine\AppData\Local\Microsoft Help
2014-03-01 16:01 - 2014-03-01 16:01 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-03-01 16:01 - 2014-03-01 16:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-03-01 16:01 - 2012-07-26 08:52 - 00000000 ____D () C:\windows\ShellNew
2014-03-01 16:00 - 2014-03-01 16:00 - 00000000 __RHD () C:\MSOCache
2014-03-01 15:44 - 2014-02-22 08:56 - 00000000 ____D () C:\Users\Sabine\AppData\Roaming\sweet-page
2014-03-01 15:44 - 2013-07-27 11:53 - 00002186 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-01 15:44 - 2013-07-27 11:14 - 00001453 _____ () C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-01 10:51 - 2013-07-27 11:12 - 00000000 ____D () C:\Users\Sabine\AppData\Local\Packages
2014-02-27 04:40 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-02-22 09:07 - 2014-02-22 09:06 - 77047096 _____ (Landesfinanzdirektion Thüringen) C:\Users\Sabine\Downloads\ElsterFormular-15.0.20140212p.exe
2014-02-22 08:57 - 2014-02-22 08:57 - 126569880 _____ (Landesfinanzdirektion Thüringen) C:\Users\Sabine\Downloads\elsterformular [1].exe
2014-02-19 10:47 - 2013-08-16 09:11 - 00000000 ____D () C:\windows\system32\MRT
2014-02-19 10:45 - 2013-07-29 08:53 - 88567024 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-17 23:03 - 2013-11-15 04:54 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-02-17 23:03 - 2013-11-15 04:54 - 00078304 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-16 21:10 - 2013-07-27 11:52 - 00004094 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-16 21:10 - 2013-07-27 11:52 - 00003858 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-07 04:35 - 2013-07-27 18:28 - 00001977 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-07 04:34 - 2014-02-07 04:34 - 00080184 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-02-07 04:34 - 2013-07-27 18:28 - 01038072 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-02-07 04:34 - 2013-07-27 18:28 - 00421704 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-02-07 04:34 - 2013-07-27 18:28 - 00334136 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-02-07 04:34 - 2013-07-27 18:28 - 00207904 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-02-07 04:34 - 2013-07-27 18:28 - 00078648 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-02-07 04:34 - 2013-07-27 18:28 - 00003924 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-02-07 04:34 - 2013-07-27 18:27 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-02-02 10:44 - 2014-02-02 10:44 - 00000307 _____ () C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Systemsteuerung.lnk
2014-02-02 10:01 - 2012-07-26 08:21 - 00024404 _____ () C:\windows\setupact.log
2014-02-01 10:20 - 2014-02-12 03:16 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-01 10:19 - 2014-02-12 03:16 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-01 10:19 - 2014-02-12 03:16 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-01 10:19 - 2014-02-12 03:16 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-02-01 10:19 - 2014-02-12 03:16 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-02-01 10:18 - 2014-02-12 03:16 - 19274240 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-01 10:18 - 2014-02-12 03:16 - 15403520 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-01 10:18 - 2014-02-12 03:16 - 03960320 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-01 10:18 - 2014-02-12 03:16 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-01 10:18 - 2014-02-12 03:16 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-02-01 10:18 - 2014-02-12 03:16 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-01 10:18 - 2014-02-12 03:16 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-01 10:18 - 2014-02-12 03:16 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-02-01 10:18 - 2014-02-12 03:16 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-01 10:18 - 2014-02-12 03:16 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-01 10:18 - 2014-02-12 03:16 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-01 08:58 - 2014-02-12 03:16 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-01 08:58 - 2014-02-12 03:16 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-01 08:58 - 2014-02-12 03:16 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-02-01 08:57 - 2014-02-12 03:16 - 14359040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-01 08:57 - 2014-02-12 03:16 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-01 08:57 - 2014-02-12 03:16 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-01 08:57 - 2014-02-12 03:16 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-01 08:57 - 2014-02-12 03:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-02-01 08:57 - 2014-02-12 03:16 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-01 08:57 - 2014-02-12 03:16 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-01 08:57 - 2014-02-12 03:16 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-02-01 08:57 - 2014-02-12 03:16 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-01 08:57 - 2014-02-12 03:16 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-01 08:57 - 2014-02-12 03:16 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-01 08:40 - 2014-02-12 03:16 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-01 08:34 - 2014-02-12 03:16 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-01 06:08 - 2014-02-12 03:16 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll

Some content of TEMP:
====================
C:\Users\Sabine\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Sabine\AppData\Local\Temp\Quarantine.exe
C:\Users\Sabine\AppData\Local\Temp\Setup.X86.de-DE_O365HomePremRetail_fa07fa8e-dc9f-40bf-979a-c906983097ca_TX_DB_ (1).exe
C:\Users\Sabine\AppData\Local\Temp\Setup.X86.de-DE_O365HomePremRetail_fa07fa8e-dc9f-40bf-979a-c906983097ca_TX_DB_.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-27 07:15

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---





Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-03-2014
Ran by Sabine at 2014-03-01 18:32:06
Running from C:\Users\Sabine\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version:  - Microsoft)
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33268) (Version: 3.6.1.33268.15 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nero 12 Essentials Toshiba (HKLM-x32\...\{2EF76291-8647-46F0-89D8-0AA8B72A5420}) (Version: 12.0.00600 - Nero AG)
Nero BackItUp (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero BackItUp Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.17500 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.4000 - Nero AG) Hidden
Nero BurnRights (x32 Version: 12.0.5000 - Nero AG) Hidden
Nero BurnRights Help (CHM) (x32 Version: 12.0.5000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.15300 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.5000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.18200 - Nero AG) Hidden
Nero Express (x32 Version: 12.0.20000 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 12.0.5000 - Nero AG) Hidden
Nero Kwik Media (x32 Version: 1.18.18900 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 12.0.4000 - Nero AG) Hidden
Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.6000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.9000 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.5000 - SRS Labs, Inc.)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Realtek Bluetooth Filter Driver Package (HKLM-x32\...\InstallShield_{0CC0980D-811D-43B8-A455-8D150EB5BC0D}) (Version: 12.24.2012.0802 - REALTEK Semiconductor Corp)
Realtek Bluetooth Filter Driver Package (x32 Version: 12.24.2012.0802 - REALTEK Semiconductor Corp) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6738 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6626.6406 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
Toshiba Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 2.00.972 - Toshiba Corporation)
Toshiba Password Utility (x32 Version: 2.00.972 - Toshiba Corporation) Hidden
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.1.54043006 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0015 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.2.2 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{32E700B9-1A94-48B4-99E1-CB8BD5F7340A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{0C175ED0-26B9-4B09-AFA9-3F16A03A29B9}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{81CA2EFA-7250-4B1E-B3A6-E0595224E2CD}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Welcome App (Start-up experience) (x32 Version: 12.0.14000 - Nero AG) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden
Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth  (07/11/2012 2.3.13.3) (HKLM\...\57F58DC141BEB353704E041792E5B00606694FEA) (Version: 07/11/2012 2.3.13.3 - Realtek Semiconductor Corp.)

==================== Restore Points  =========================

12-02-2014 03:00:17 Windows Update
19-02-2014 09:44:52 Windows Update
22-02-2014 08:01:19 RegClean Pro Sa, Feb 22, 14  09:01
01-03-2014 15:00:20 Installed Microsoft Office Home and Student 2010

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {476553E5-CB3D-458F-94C3-7D518D8F79D5} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2012-09-25] (Toshiba Europe GmbH)
Task: {6D3F6E6E-8503-4E37-8A5E-4809916F7EC5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-27] (Google Inc.)
Task: {9A0C5FF2-44D2-4BB0-8B69-C45C4CBD0722} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {BCF6FEEA-8AB7-49F5-88C5-AF23C7B17719} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)
Task: {C384932C-0316-49C9-8E5A-6889A76D11E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-27] (Google Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C9D6ACA8-B8DF-4FA7-ACCD-FAEFA0047269} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-07] (AVAST Software)
Task: {CC2BDBC3-5414-4C4D-899A-32B9CC5741A3} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-4118408264-1509292953-1894101598-1001
Task: {CCC28DC6-C167-4339-98A5-A2681EE0E08A} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-10-13 23:38 - 2011-10-13 23:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2012-08-06 06:36 - 2012-08-06 06:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-04 23:19 - 2012-09-04 23:19 - 02611112 _____ () C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
2012-07-19 03:38 - 2012-07-19 03:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-19 03:38 - 2012-07-19 03:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-14 04:13 - 2012-08-14 04:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2014-03-01 16:30 - 2014-03-01 11:15 - 02186240 _____ () C:\Program Files\AVAST Software\Avast\defs\14030100\algo.dll
2013-10-24 12:09 - 2013-10-24 12:09 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-02-01 23:51 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-02-21 10:18 - 2014-02-20 02:02 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
2014-02-21 10:18 - 2014-02-20 02:02 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
2014-02-21 10:18 - 2014-02-20 02:02 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
2014-02-21 10:18 - 2014-02-20 02:03 - 04060488 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
2014-02-21 10:18 - 2014-02-20 02:03 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
2014-02-21 10:18 - 2014-02-20 02:02 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 32%
Total physical RAM: 3979.21 MB
Available physical RAM: 2701.69 MB
Total Pagefile: 4683.21 MB
Available Pagefile: 3246.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (TI31018700A) (Fixed) (Total:454.92 GB) (Free:417.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Werde mir morgen auch den "großen PC" von meiner Mutter anschauen, bin mal gepannt was dabei rumkommt.

Kleiner Nachtrag: Als das JRT ausgeführt hatte kam eine Fehlermeldung die sich auf eine JRT Datei bezog, die konnte ich aber überspringen und das Tool ist dann einfach normal fortgefahren.
__________________
__________________

Alt 02.03.2014, 17:24   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Sweet-Page und und und. - Standard

Sweet-Page und und und.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.03.2014, 13:36   #5
kuhlambo12
 
Sweet-Page und und und. - Standard

Sweet-Page und und und.



So einmal Eset:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f8125b9e26ac7844b8af3786166fe339
# engine=17286
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-02 06:46:13
# local_time=2014-03-02 07:46:13 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=774 16777213 85 77 2002166 2045500 0 0
# compatibility_mode=5893 16776574 100 94 11977632 53292084 0 0
# scanned=172069
# found=0
# cleaned=0
# scan_time=3590
         


und der SecurityCheck:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.79  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Google Chrome 32.0.1700.107  
 Google Chrome 33.0.1750.117  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastUI.exe  
 AVAST Software Avast AvastSvc.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

nebenbei:

Zitat:
Gehe sicher, dass bei Remove Found Threads kein Haken gesetzt ist.
da hat sich ein Rechtschreibfehler bei ThreaT eingeschlichen

Sonst ist alles soweit wieder sehr gut, der Laptop ist wieder deutlich schneller und Malwarebytes hat auch nach nem Checksuchlauf nichts mehr gefunden.

Vielen Dank

Hab auf meinem Rechner grad mal Malwarebytes aus Kontrolle durchlaufen lassen:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.03.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16798
Tim :: TIM-PC [Administrator]

03.03.2014 14:31:32
mbam-log-2014-03-03 (14-31-32).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 209891
Laufzeit: 1 Minute(n), 

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Tim\AppData\Local\Temp\yKDdMxR2.exe.part (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Sollte damit aber behoben sein oder?

Komisch weil ich mich nicht erinnern kann irgendwann mal was über Softonic runtergeladen zu haben.



Logfiles von dem Rechner meiner Mutter kommen im Laufe des Tages.


Merci Mr. Maschine :P

__________________
Beste Grüße,

Kuhlambo12

Geändert von kuhlambo12 (03.03.2014 um 13:37 Uhr) Grund: Grammatik

Alt 04.03.2014, 10:35   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Sweet-Page und und und. - Standard

Sweet-Page und und und.



Jop alles gut

Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
--> Sweet-Page und und und.

Alt 04.03.2014, 13:41   #7
kuhlambo12
 
Sweet-Page und und und. - Standard

Sweet-Page und und und.



Alles klar, ich werd dann hier im gleichen Thread später noch FRST Logs von dem Hauptrechner meiner Mutter posten. Weil sie vermutlich das gleiche Programm dort auch installiert hat mit dem SweetPage auf den Laptop kam.

Hier die FRST Logs vom Rechner meiner Mutter.

kleine Problembeschreibung, der Rechner ist über die letzten Monate deutlich langsamer geworden und hängt sich ab und an mal nach dem Booten auf:

Zitat meiner Mutter: " Ich habe nichts gedrückt, die Arbeitslampe leuchtet einfach durchgängig und dann muss ich warten bis das nach ein paar Minuten weitergeht"



FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2014
Ran by User (administrator) on USER-PC on 04-03-2014 14:36:59
Running from D:\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIFHE.EXE
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [843776 2009-06-04] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-17] (AVAST Software)
HKU\S-1-5-21-3705449284-2357449535-4002406552-1000\...\Run: [EPSON BX310FN Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFHE.EXE [223232 2008-11-17] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3705449284-2357449535-4002406552-1000\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-3705449284-2357449535-4002406552-1000\...\MountPoints2: {7cec90e7-5c1f-11e2-adf7-c86000627a19} - F:\Startme.exe
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCE9F6AD30D82CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sviiwldg.default
FF Homepage: hxxp://webmail.osnanet.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus Pop-up Addon - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sviiwldg.default\Extensions\adblockpopups@jessehakanen.net.xpi [2012-08-24]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sviiwldg.default\Extensions\elemhidehelper@adblockplus.org.xpi [2012-08-24]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sviiwldg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-09-01]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-17] (AVAST Software)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-17] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-14] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S2 waclient; C:\Windows\SysWOW64\drivers\waclient.sys [31328 2012-09-11] (PortWise)
S3 AIDA64Driver; \??\F:\#Dauertest#\AIDA64 Home Edition v1.85.1600\kerneld.x64 [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-04 14:36 - 2014-03-04 14:36 - 00000000 ____D () C:\FRST
2014-03-03 22:02 - 2014-03-03 22:02 - 00000000 ____D () C:\Users\User\AppData\Roaming\Lazy Turtle Games
2014-03-03 20:54 - 2014-03-03 20:54 - 00000000 ____D () C:\ProgramData\MysteryChronicles
2014-03-02 21:32 - 2014-03-02 21:32 - 00000000 ____D () C:\Program Files (x86)\Mystery Chronicles - Mord unter Freunden
2014-03-02 21:24 - 2014-03-02 21:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Chronicles - Verrat und Liebe
2014-03-02 21:24 - 2014-03-02 21:24 - 00000000 ____D () C:\Program Files (x86)\Mystery Chronicles - Verrat und Liebe
2014-03-02 21:11 - 2014-03-02 21:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Heritage - Zeichen des Geists
2014-03-02 21:11 - 2014-03-02 21:11 - 00000000 ____D () C:\Program Files (x86)\Mystery Heritage - Zeichen des Geists
2014-03-02 20:55 - 2014-03-02 20:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Legends - Beauty and the Beast
2014-03-02 20:55 - 2014-03-02 20:55 - 00000000 ____D () C:\Program Files (x86)\Mystery Legends - Beauty and the Beast
2014-03-02 20:51 - 2014-03-02 20:52 - 00000000 ____D () C:\Program Files (x86)\Mystery Masterpiece - Der Mondstein
2014-03-02 20:51 - 2014-03-02 20:51 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Masterpiece - Der Mondstein
2014-03-02 20:35 - 2014-03-02 20:36 - 00000000 ____D () C:\Program Files (x86)\Mystery Murders - Jack the Ripper
2014-03-02 20:35 - 2014-03-02 20:35 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Murders - Jack the Ripper
2014-02-28 22:52 - 2014-02-28 22:52 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Case Files - Dire Grove
2014-02-28 22:52 - 2014-02-28 22:52 - 00000000 ____D () C:\Program Files (x86)\Mystery Case Files - Dire Grove
2014-02-28 22:23 - 2014-02-28 22:27 - 00000000 ____D () C:\Program Files (x86)\Mystery Case Files - Fates Carnival
2014-02-28 22:23 - 2014-02-28 22:23 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Case Files - Fates Carnival
2014-02-28 21:59 - 2014-02-28 22:12 - 00000000 ____D () C:\Program Files (x86)\Mystery Case Files - Flucht aus Ravenhearst Sammleredition
2014-02-28 21:59 - 2014-02-28 21:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Case Files - Flucht aus Ravenhearst Sammleredition
2014-02-28 21:19 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-02-28 21:19 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-02-28 21:19 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-02-28 21:19 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-02-28 21:18 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-02-28 21:18 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-02-28 21:17 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-02-28 21:17 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-02-28 21:17 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-02-28 21:17 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-02-28 21:17 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-02-28 21:17 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-02-28 21:17 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-02-28 21:17 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-02-28 20:34 - 2014-03-02 20:01 - 00000000 ____D () C:\Program Files (x86)\Mystery Case Files - Rueckkehr nach Ravenhearst
2014-02-28 20:34 - 2014-02-28 20:34 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Case Files - Rueckkehr nach Ravenhearst
2014-02-28 20:22 - 2014-02-28 20:22 - 00000000 ____D () C:\Users\User\AppData\Roaming\MA2
2014-02-27 22:55 - 2014-02-27 22:56 - 00000000 ____D () C:\Users\User\Elster
2014-02-27 22:44 - 2014-02-27 22:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\elsterformular
2014-02-27 20:38 - 2014-02-27 20:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\MA
2014-02-27 18:46 - 2014-02-27 18:46 - 00000000 ____D () C:\ProgramData\elsterformular
2014-02-27 18:46 - 2014-02-27 18:46 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-02-27 13:13 - 2014-02-27 13:47 - 00000445 _____ () C:\Users\User\AppData\Roaming\prefsdb.dat
2014-02-27 13:13 - 2014-02-27 13:13 - 00000000 ____D () C:\Users\User\AppData\Roaming\perfect future studio
2014-02-27 12:58 - 2014-02-27 13:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\SAD-Kartendesigner
2014-02-27 12:58 - 2014-02-27 12:58 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S.A.D
2014-02-26 22:20 - 2014-02-26 23:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\Gold Casual Games
2014-02-26 21:19 - 2014-02-26 21:19 - 00000000 ____D () C:\Users\User\Mushroom Age
2014-02-26 20:21 - 2014-02-26 20:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\Color Brush
2014-02-26 20:21 - 2014-02-26 20:21 - 00000000 ____D () C:\ProgramData\Color Brush
2014-02-26 20:06 - 2014-02-26 20:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\Alawar Stargaze
2014-02-26 01:07 - 2014-02-27 22:58 - 01594028 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-26 00:05 - 2014-02-26 00:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\HillStoneAnimationStudios
2014-02-25 22:54 - 2014-02-25 22:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\Legacy Games
2014-02-23 23:04 - 2014-02-23 23:04 - 00000000 ____D () C:\Users\User\Million
2014-02-23 22:00 - 2014-02-23 22:00 - 00000000 ____D () C:\Users\User\AppData\Roaming\Jetdogs Studios
2014-02-23 00:02 - 2014-02-23 00:02 - 00000000 ____D () C:\Users\User\AppData\Roaming\MemoryClinic
2014-02-22 20:53 - 2014-02-22 21:53 - 00000000 ____D () C:\ProgramData\SugarGames
2014-02-21 23:45 - 2014-02-21 23:46 - 00000000 ____D () C:\Users\User\AppData\Roaming\MastersOfMystery2
2014-02-21 20:47 - 2014-02-21 20:47 - 00000000 ____D () C:\Users\User\AppData\Roaming\Nemopolis
2014-02-20 23:49 - 2014-02-20 23:49 - 00000000 ____D () C:\ProgramData\BigFishSavedGames
2014-02-20 22:57 - 2014-02-20 22:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\Inertia Game Studios
2014-02-20 21:50 - 2014-02-20 21:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\margrave3_full
2014-02-19 23:30 - 2014-02-19 23:30 - 00000000 ____D () C:\Users\User\AppData\Roaming\TheFixerUpper
2014-02-19 21:29 - 2014-02-19 21:29 - 00000000 ____D () C:\ProgramData\MarcoPolo
2014-02-19 21:01 - 2014-02-19 21:01 - 00000000 ____D () C:\Users\User\AppData\Roaming\GameDevo
2014-02-18 22:06 - 2014-02-18 22:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\Magic3
2014-02-18 21:09 - 2014-02-18 21:09 - 00000000 ____D () C:\Users\User\AppData\Roaming\Magic Academy 2
2014-02-18 19:56 - 2014-02-18 19:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\Magic Academy
2014-02-17 20:29 - 2014-02-17 20:29 - 00000000 ____D () C:\Users\User\AppData\Roaming\BrandX Games
2014-02-16 19:27 - 2014-02-16 21:28 - 00000000 ____D () C:\Users\User\AppData\Roaming\MediaArt
2014-02-16 19:27 - 2014-02-16 21:28 - 00000000 ____D () C:\ProgramData\MediaArt
2014-02-15 21:11 - 2014-02-15 21:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 20:55 - 2014-02-27 19:34 - 00000000 ____D () C:\Users\User\AppData\Roaming\VendelGAMES
2014-02-14 22:36 - 2014-02-14 22:36 - 00000000 ____D () C:\Users\User\AppData\Roaming\Namco
2014-02-14 21:35 - 2014-02-14 21:35 - 00000000 ____D () C:\Users\User\AppData\Roaming\REXARD
2014-02-14 21:35 - 2014-02-14 21:35 - 00000000 ____D () C:\ProgramData\REXARD
2014-02-13 23:38 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 23:38 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 23:38 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 23:38 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 23:38 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 23:38 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 23:38 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 23:38 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 23:38 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 23:38 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 23:38 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 23:38 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 23:38 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 23:38 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 23:38 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 23:38 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 23:38 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 23:38 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 23:38 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 23:38 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 23:38 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 23:38 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 23:38 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 23:38 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 23:38 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 23:38 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 23:38 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 23:38 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 23:38 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 23:38 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 23:38 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 23:38 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 23:38 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 23:38 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 23:38 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 23:38 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 23:38 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 23:38 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 23:38 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 23:38 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 23:38 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 21:17 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 21:17 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 21:17 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 21:17 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 21:17 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 21:17 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 21:16 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 21:16 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 21:16 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 21:16 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 21:16 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 21:16 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 21:16 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 21:16 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 21:16 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 21:16 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 21:16 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 21:16 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 21:16 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 21:16 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 21:16 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 21:16 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 21:16 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 21:16 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 21:16 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 21:16 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 21:16 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 21:16 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-13 20:15 - 2014-02-13 20:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\Lost in the City
2014-02-12 21:27 - 2014-02-12 22:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\blg
2014-02-12 21:27 - 2014-02-12 22:27 - 00000000 ____D () C:\ProgramData\blg
2014-02-11 21:11 - 2014-02-11 22:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\4 Friends Games
2014-02-10 19:59 - 2014-02-10 19:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\Chayowo Games
2014-02-09 19:13 - 2014-02-09 19:13 - 00000000 ____D () C:\Users\User\AppData\Roaming\YoudaGames
2014-02-07 22:49 - 2014-02-07 22:49 - 00000000 ____D () C:\Users\User\AppData\Roaming\MoonriseInteractive
2014-02-07 19:43 - 2014-02-07 19:43 - 00000000 ____D () C:\ProgramData\Astar Games
2014-02-06 20:57 - 2014-02-06 20:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\CattaleGames
2014-02-04 21:23 - 2014-02-04 21:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\Kingdom of Seven Seals
2014-02-04 20:23 - 2014-02-04 20:23 - 00000000 ____D () C:\Users\User\AppData\Roaming\KingArthur
2014-02-03 23:11 - 2014-02-07 21:48 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mariaglorum
2014-02-03 20:14 - 2014-02-03 20:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Bicyclestudios
2014-02-03 20:14 - 2014-02-03 20:14 - 00000000 ____D () C:\ProgramData\Bicyclestudios
2014-02-02 21:41 - 2014-02-02 21:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\Sleepwalker Games

==================== One Month Modified Files and Folders =======

2014-03-04 14:36 - 2014-03-04 14:36 - 00000000 ____D () C:\FRST
2014-03-04 14:33 - 2009-07-14 05:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-04 14:33 - 2009-07-14 05:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-04 14:30 - 2012-10-29 20:41 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-04 14:30 - 2010-11-21 07:50 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-03-04 14:30 - 2010-11-21 07:50 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-03-04 14:29 - 2012-08-24 16:02 - 01372380 _____ () C:\Windows\WindowsUpdate.log
2014-03-04 14:26 - 2013-04-29 16:16 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-04 14:26 - 2012-08-24 16:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-04 14:26 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-04 14:26 - 2009-07-14 05:51 - 00081475 _____ () C:\Windows\setupact.log
2014-03-03 22:02 - 2014-03-03 22:02 - 00000000 ____D () C:\Users\User\AppData\Roaming\Lazy Turtle Games
2014-03-03 22:00 - 2012-08-24 17:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-03 21:54 - 2013-04-29 16:16 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-03 20:54 - 2014-03-03 20:54 - 00000000 ____D () C:\ProgramData\MysteryChronicles
2014-03-03 20:42 - 2013-11-21 21:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\Big Fish Games
2014-03-03 20:13 - 2010-11-21 04:47 - 00336756 _____ () C:\Windows\PFRO.log
2014-03-02 22:48 - 2013-08-12 18:44 - 00000000 ____D () C:\BigFishCache
2014-03-02 21:58 - 2012-09-23 21:35 - 00000000 ____D () C:\Users\User\AppData\Roaming\Elephant Games
2014-03-02 21:32 - 2014-03-02 21:32 - 00000000 ____D () C:\Program Files (x86)\Mystery Chronicles - Mord unter Freunden
2014-03-02 21:24 - 2014-03-02 21:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Chronicles - Verrat und Liebe
2014-03-02 21:24 - 2014-03-02 21:24 - 00000000 ____D () C:\Program Files (x86)\Mystery Chronicles - Verrat und Liebe
2014-03-02 21:11 - 2014-03-02 21:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Heritage - Zeichen des Geists
2014-03-02 21:11 - 2014-03-02 21:11 - 00000000 ____D () C:\Program Files (x86)\Mystery Heritage - Zeichen des Geists
2014-03-02 20:55 - 2014-03-02 20:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Legends - Beauty and the Beast
2014-03-02 20:55 - 2014-03-02 20:55 - 00000000 ____D () C:\Program Files (x86)\Mystery Legends - Beauty and the Beast
2014-03-02 20:52 - 2014-03-02 20:51 - 00000000 ____D () C:\Program Files (x86)\Mystery Masterpiece - Der Mondstein
2014-03-02 20:51 - 2014-03-02 20:51 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Masterpiece - Der Mondstein
2014-03-02 20:36 - 2014-03-02 20:35 - 00000000 ____D () C:\Program Files (x86)\Mystery Murders - Jack the Ripper
2014-03-02 20:35 - 2014-03-02 20:35 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Murders - Jack the Ripper
2014-03-02 20:01 - 2014-02-28 20:34 - 00000000 ____D () C:\Program Files (x86)\Mystery Case Files - Rueckkehr nach Ravenhearst
2014-03-02 19:24 - 2012-09-01 12:34 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-28 23:25 - 2012-09-01 22:25 - 00000250 _____ () C:\Windows\Tasks\Epson Printer Software Downloader.job
2014-02-28 22:52 - 2014-02-28 22:52 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Case Files - Dire Grove
2014-02-28 22:52 - 2014-02-28 22:52 - 00000000 ____D () C:\Program Files (x86)\Mystery Case Files - Dire Grove
2014-02-28 22:27 - 2014-02-28 22:23 - 00000000 ____D () C:\Program Files (x86)\Mystery Case Files - Fates Carnival
2014-02-28 22:23 - 2014-02-28 22:23 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Case Files - Fates Carnival
2014-02-28 22:12 - 2014-02-28 21:59 - 00000000 ____D () C:\Program Files (x86)\Mystery Case Files - Flucht aus Ravenhearst Sammleredition
2014-02-28 21:59 - 2014-02-28 21:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Case Files - Flucht aus Ravenhearst Sammleredition
2014-02-28 20:34 - 2014-02-28 20:34 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Case Files - Rueckkehr nach Ravenhearst
2014-02-28 20:22 - 2014-02-28 20:22 - 00000000 ____D () C:\Users\User\AppData\Roaming\MA2
2014-02-27 22:58 - 2014-02-26 01:07 - 01594028 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-27 22:56 - 2014-02-27 22:55 - 00000000 ____D () C:\Users\User\Elster
2014-02-27 22:44 - 2014-02-27 22:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\elsterformular
2014-02-27 20:38 - 2014-02-27 20:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\MA
2014-02-27 19:34 - 2014-02-15 20:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\VendelGAMES
2014-02-27 18:46 - 2014-02-27 18:46 - 00000000 ____D () C:\ProgramData\elsterformular
2014-02-27 18:46 - 2014-02-27 18:46 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-02-27 13:47 - 2014-02-27 13:13 - 00000445 _____ () C:\Users\User\AppData\Roaming\prefsdb.dat
2014-02-27 13:13 - 2014-02-27 13:13 - 00000000 ____D () C:\Users\User\AppData\Roaming\perfect future studio
2014-02-27 13:11 - 2014-02-27 12:58 - 00000000 ____D () C:\Users\User\AppData\Roaming\SAD-Kartendesigner
2014-02-27 12:58 - 2014-02-27 12:58 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S.A.D
2014-02-27 12:58 - 2013-12-13 20:54 - 00000000 ____D () C:\Program Files (x86)\S.A.D
2014-02-26 23:20 - 2014-02-26 22:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\Gold Casual Games
2014-02-26 22:49 - 2013-09-02 20:03 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-02-26 22:49 - 2013-09-02 20:03 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-02-26 22:49 - 2013-09-02 20:03 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-02-26 22:49 - 2013-09-02 20:03 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-02-26 21:19 - 2014-02-26 21:19 - 00000000 ____D () C:\Users\User\Mushroom Age
2014-02-26 20:21 - 2014-02-26 20:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\Color Brush
2014-02-26 20:21 - 2014-02-26 20:21 - 00000000 ____D () C:\ProgramData\Color Brush
2014-02-26 20:06 - 2014-02-26 20:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\Alawar Stargaze
2014-02-26 19:05 - 2013-10-30 21:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\AlawarEntertainment
2014-02-26 00:05 - 2014-02-26 00:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\HillStoneAnimationStudios
2014-02-25 22:54 - 2014-02-25 22:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\Legacy Games
2014-02-25 21:50 - 2013-10-14 20:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\LegacyInteractive
2014-02-23 23:04 - 2014-02-23 23:04 - 00000000 ____D () C:\Users\User\Million
2014-02-23 22:00 - 2014-02-23 22:00 - 00000000 ____D () C:\Users\User\AppData\Roaming\Jetdogs Studios
2014-02-23 21:00 - 2014-01-02 22:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\Gogii
2014-02-23 20:45 - 2013-09-29 19:01 - 00000000 ____D () C:\Users\User\AppData\Roaming\MumboJumbo
2014-02-23 19:39 - 2013-08-22 19:38 - 00000000 ____D () C:\ProgramData\MumboJumbo
2014-02-23 00:02 - 2014-02-23 00:02 - 00000000 ____D () C:\Users\User\AppData\Roaming\MemoryClinic
2014-02-22 23:00 - 2013-09-24 20:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\EleFun Games
2014-02-22 21:53 - 2014-02-22 20:53 - 00000000 ____D () C:\ProgramData\SugarGames
2014-02-21 23:46 - 2014-02-21 23:45 - 00000000 ____D () C:\Users\User\AppData\Roaming\MastersOfMystery2
2014-02-21 21:55 - 2013-09-16 20:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\Merscom
2014-02-21 21:55 - 2013-09-16 20:18 - 00000000 ____D () C:\ProgramData\Merscom
2014-02-21 20:47 - 2014-02-21 20:47 - 00000000 ____D () C:\Users\User\AppData\Roaming\Nemopolis
2014-02-20 23:49 - 2014-02-20 23:49 - 00000000 ____D () C:\ProgramData\BigFishSavedGames
2014-02-20 22:57 - 2014-02-20 22:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\Inertia Game Studios
2014-02-20 22:01 - 2012-08-24 17:54 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-20 22:00 - 2012-08-24 17:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 22:00 - 2012-08-24 17:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 21:50 - 2014-02-20 21:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\margrave3_full
2014-02-20 20:49 - 2013-08-23 19:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\ERS Game Studios
2014-02-19 23:30 - 2014-02-19 23:30 - 00000000 ____D () C:\Users\User\AppData\Roaming\TheFixerUpper
2014-02-19 21:29 - 2014-02-19 21:29 - 00000000 ____D () C:\ProgramData\MarcoPolo
2014-02-19 21:01 - 2014-02-19 21:01 - 00000000 ____D () C:\Users\User\AppData\Roaming\GameDevo
2014-02-19 19:49 - 2013-04-29 16:16 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-19 19:49 - 2013-04-29 16:16 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-18 23:53 - 2013-09-29 19:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\Meridian93
2014-02-18 22:53 - 2013-09-07 21:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\V-Games
2014-02-18 22:06 - 2014-02-18 22:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\Magic3
2014-02-18 21:09 - 2014-02-18 21:09 - 00000000 ____D () C:\Users\User\AppData\Roaming\Magic Academy 2
2014-02-18 19:56 - 2014-02-18 19:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\Magic Academy
2014-02-17 23:05 - 2013-09-09 21:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\DikobrazGames
2014-02-17 20:29 - 2014-02-17 20:29 - 00000000 ____D () C:\Users\User\AppData\Roaming\BrandX Games
2014-02-17 19:54 - 2013-10-22 20:09 - 00000000 ____D () C:\Users\User\AppData\Roaming\Blue Tea Games
2014-02-17 11:42 - 2014-01-14 18:01 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-17 11:42 - 2012-09-01 12:34 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-17 11:42 - 2012-09-01 12:34 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-02-17 11:42 - 2012-09-01 12:34 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-17 11:42 - 2012-09-01 12:34 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-17 11:42 - 2012-09-01 12:33 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-17 11:41 - 2012-08-24 16:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 21:28 - 2014-02-16 19:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\MediaArt
2014-02-16 21:28 - 2014-02-16 19:27 - 00000000 ____D () C:\ProgramData\MediaArt
2014-02-15 23:58 - 2013-08-13 22:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-15 23:57 - 2012-08-24 17:14 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 22:56 - 2012-09-04 21:41 - 00000000 ____D () C:\ProgramData\Big Fish Games
2014-02-15 21:12 - 2014-02-15 21:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 22:36 - 2014-02-14 22:36 - 00000000 ____D () C:\Users\User\AppData\Roaming\Namco
2014-02-14 21:35 - 2014-02-14 21:35 - 00000000 ____D () C:\Users\User\AppData\Roaming\REXARD
2014-02-14 21:35 - 2014-02-14 21:35 - 00000000 ____D () C:\ProgramData\REXARD
2014-02-14 21:00 - 2013-10-19 21:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\Fenomen Games
2014-02-13 23:48 - 2012-08-24 18:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-13 23:26 - 2013-09-08 22:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\GameMill Entertainment
2014-02-13 20:26 - 2014-02-13 20:15 - 00000000 ____D () C:\Users\User\AppData\Roaming\Lost in the City
2014-02-12 22:27 - 2014-02-12 21:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\blg
2014-02-12 22:27 - 2014-02-12 21:27 - 00000000 ____D () C:\ProgramData\blg
2014-02-12 20:27 - 2013-11-02 21:36 - 00000000 ____D () C:\ProgramData\Intenium
2014-02-12 20:07 - 2013-10-20 18:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\Vast Studios
2014-02-12 19:55 - 2013-01-11 23:57 - 00293814 _____ () C:\Windows\DPINST.LOG
2014-02-11 22:38 - 2014-02-11 21:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\4 Friends Games
2014-02-10 22:01 - 2013-08-24 21:37 - 00000000 ____D () C:\Users\User\AppData\Roaming\Awem
2014-02-10 19:59 - 2014-02-10 19:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\Chayowo Games
2014-02-09 21:27 - 2013-10-29 22:07 - 00000000 ____D () C:\Users\User\AppData\Roaming\DominiGames
2014-02-09 19:13 - 2014-02-09 19:13 - 00000000 ____D () C:\Users\User\AppData\Roaming\YoudaGames
2014-02-07 22:49 - 2014-02-07 22:49 - 00000000 ____D () C:\Users\User\AppData\Roaming\MoonriseInteractive
2014-02-07 21:48 - 2014-02-03 23:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mariaglorum
2014-02-07 19:43 - 2014-02-07 19:43 - 00000000 ____D () C:\ProgramData\Astar Games
2014-02-06 20:57 - 2014-02-06 20:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\CattaleGames
2014-02-06 19:57 - 2013-08-24 19:40 - 00000000 ____D () C:\ProgramData\Fenomen Games
2014-02-06 13:16 - 2014-02-13 23:38 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-13 23:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-13 23:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-13 23:38 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-13 23:38 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-13 23:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-13 23:38 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-13 23:38 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-13 23:38 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-13 23:38 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-13 23:38 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-13 23:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-13 23:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-13 23:38 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-13 23:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-13 23:38 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-13 23:38 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-13 23:38 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-13 23:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 23:38 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-13 23:38 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-13 23:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 23:38 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-13 23:38 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-13 23:38 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-13 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-13 23:38 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-13 23:38 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-13 23:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-13 23:38 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-13 23:38 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-13 23:38 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 23:38 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 23:38 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-13 23:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-13 23:38 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-13 23:38 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-13 23:38 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-13 23:38 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-04 21:24 - 2014-02-04 21:23 - 00000000 ____D () C:\Users\User\AppData\Roaming\Kingdom of Seven Seals
2014-02-04 21:23 - 2013-08-12 20:09 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-02-04 20:23 - 2014-02-04 20:23 - 00000000 ____D () C:\Users\User\AppData\Roaming\KingArthur
2014-02-04 19:16 - 2013-08-21 20:19 - 00000000 ____D () C:\Users\User\AppData\Roaming\URSE Games
2014-02-03 22:19 - 2013-11-21 20:37 - 00000000 ____D () C:\Users\User\AppData\Roaming\Frogwares
2014-02-03 20:14 - 2014-02-03 20:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Bicyclestudios
2014-02-03 20:14 - 2014-02-03 20:14 - 00000000 ____D () C:\ProgramData\Bicyclestudios
2014-02-02 21:41 - 2014-02-02 21:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\Sleepwalker Games
2014-02-02 20:41 - 2013-10-20 21:37 - 00000000 ____D () C:\Users\User\AppData\Roaming\Artifex Mundi

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-08-24 18:58

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2014
Ran by User at 2014-03-04 14:37:27
Running from D:\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

123 Free Solitaire 2009 v7.2 (HKLM-x32\...\123 Free Solitaire_is1) (Version:  - TreeCardGames.com)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{2A13EF26-4D68-B2D7-A486-DBBD2FDE366B}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.2.0.6 - )
Coffee Rush (HKLM-x32\...\BFG-Coffee Rush) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version:  - Microsoft)
Druckerdeinstallation für EPSON BX310FN Series (HKLM\...\EPSON BX310FN Series) (Version:  - SEIKO EPSON Corporation)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.20140212 - Landesfinanzdirektion Thüringen)
Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.00.01 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
Epson Printer Software Downloader (HKLM-x32\...\Epson Printer Software Downloader) (Version:  - )
Epson Printer Software Downloader (x32 Version: 2.0.0 - SEIKO EPSON CORPORATION) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Epson Stylus Office BX310FN_TX510FN Handbuch (HKLM-x32\...\Epson Stylus Office BX310FN_TX510FN Benutzerhandbuch) (Version:  - )
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1b - SEIKO EPSON CORPORATION)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Kartendesigner 5 Gruß und Einladung v5.0 (HKLM-x32\...\Kartendesigner 5 Gruß und Einladung) (Version: 5.0 - S.A.D.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Mystery Case Files®: Dire Grove™ (HKLM-x32\...\BFG-Mystery Case Files - Dire Grove) (Version:  - )
Mystery Case Files®: Fate's Carnival (HKLM-x32\...\BFG-Mystery Case Files - Fates Carnival) (Version:  - )
Mystery Case Files®: Flucht aus Ravenhearst™ Sammleredition (HKLM-x32\...\BFG-Mystery Case Files - Flucht aus Ravenhearst Sammleredition) (Version:  - )
Mystery Case Files: Rückkehr nach Ravenhearst ™ (HKLM-x32\...\BFG-Mystery Case Files - Rueckkehr nach Ravenhearst) (Version:  - )
Mystery Chronicles: Mord unter Freunden (HKLM-x32\...\BFG-Mystery Chronicles - Mord unter Freunden) (Version:  - )
Mystery Chronicles: Verrat und Liebe (HKLM-x32\...\BFG-Mystery Chronicles - Verrat und Liebe) (Version:  - )
Mystery Heritage: Zeichen des Geists (HKLM-x32\...\BFG-Mystery Heritage - Zeichen des Geists) (Version:  - )
Mystery Legends - Sleepy Hollow (HKLM-x32\...\Mystery Legends - Sleepy Hollow) (Version: 1.00 - phenomedia publishing gmbh)
Mystery Legends: Beauty and the Beast (HKLM-x32\...\BFG-Mystery Legends - Beauty and the Beast) (Version:  - )
Mystery Masterpiece: Der Mondstein (HKLM-x32\...\BFG-Mystery Masterpiece - Der Mondstein) (Version:  - )
Mystery Murders: Jack the Ripper (HKLM-x32\...\BFG-Mystery Murders - Jack the Ripper) (Version:  - )
Nightfall Mysteries - Der Fluch der Oper (HKLM-x32\...\Nightfall Mysteries - Der Fluch der Oper) (Version: 1.00 - phenomedia publishing gmbh)
NVIDIA 3D Vision Controller-Treiber 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 301.42 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.16.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.6.201305161305 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.188 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.188 - Sony)
The Mirror Mysteries (HKLM-x32\...\The Mirror Mysteries) (Version: 1.00 - phenomedia publishing gmbh)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {22E52F90-D64B-4B2F-A8E8-B1F81431B7CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-01] (Google Inc.)
Task: {27D59721-0D2B-4AA9-BD76-8A9768FE3619} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3705449284-2357449535-4002406552-1000
Task: {44B09008-7D22-4631-A5DD-2639EC7F73E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-01] (Google Inc.)
Task: {50D5F902-C38F-4A27-8E44-83CA128BF5BA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)
Task: {6F56DD7A-1E9A-4B4F-9816-D4C2E3D38625} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-17] (AVAST Software)
Task: {FD1D89B7-BA36-4FF5-8CC7-8144F78D72ED} - System32\Tasks\Epson Printer Software Downloader => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26] (SEIKO EPSON CORPORATION)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Epson Printer Software Downloader.job => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-24 16:13 - 2013-01-18 16:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-01-11 23:57 - 2013-10-31 11:35 - 00070880 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2014-03-03 20:14 - 2014-03-02 19:47 - 02186240 _____ () C:\Program Files\AVAST Software\Avast\defs\14030201\algo.dll
2014-03-04 14:27 - 2014-03-04 12:11 - 02186240 _____ () C:\Program Files\AVAST Software\Avast\defs\14030400\algo.dll
2013-01-11 23:57 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2013-01-11 23:57 - 2013-09-13 10:02 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2012-11-27 15:13 - 2012-11-27 15:13 - 00585728 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2013-01-11 23:57 - 2010-01-11 15:44 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2013-10-16 16:58 - 2013-10-16 16:58 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-15 21:11 - 2014-02-15 21:11 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-20 22:00 - 2014-02-20 22:00 - 16265096 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:00F3978A
AlternateDataStreams: C:\ProgramData\TEMP:0205B36B
AlternateDataStreams: C:\ProgramData\TEMP:021496FB
AlternateDataStreams: C:\ProgramData\TEMP:021703B2
AlternateDataStreams: C:\ProgramData\TEMP:02172F27
AlternateDataStreams: C:\ProgramData\TEMP:02DD996C
AlternateDataStreams: C:\ProgramData\TEMP:03A039A3
AlternateDataStreams: C:\ProgramData\TEMP:041C0562
AlternateDataStreams: C:\ProgramData\TEMP:04B1A0AC
AlternateDataStreams: C:\ProgramData\TEMP:04BC9A2C
AlternateDataStreams: C:\ProgramData\TEMP:070D9534
AlternateDataStreams: C:\ProgramData\TEMP:072F1F69
AlternateDataStreams: C:\ProgramData\TEMP:073139EC
AlternateDataStreams: C:\ProgramData\TEMP:08D8BB20
AlternateDataStreams: C:\ProgramData\TEMP:090FB735
AlternateDataStreams: C:\ProgramData\TEMP:092BD83A
AlternateDataStreams: C:\ProgramData\TEMP:09629F6E
AlternateDataStreams: C:\ProgramData\TEMP:0AC32449
AlternateDataStreams: C:\ProgramData\TEMP:0AF3C3DF
AlternateDataStreams: C:\ProgramData\TEMP:0B278A1A
AlternateDataStreams: C:\ProgramData\TEMP:0B9DC6BB
AlternateDataStreams: C:\ProgramData\TEMP:0BACBDD9
AlternateDataStreams: C:\ProgramData\TEMP:0BCD47A5
AlternateDataStreams: C:\ProgramData\TEMP:0C2A17F2
AlternateDataStreams: C:\ProgramData\TEMP:0D278FB5
AlternateDataStreams: C:\ProgramData\TEMP:0D797314
AlternateDataStreams: C:\ProgramData\TEMP:0E22C5DB
AlternateDataStreams: C:\ProgramData\TEMP:0EC7A545
AlternateDataStreams: C:\ProgramData\TEMP:0F0A5896
AlternateDataStreams: C:\ProgramData\TEMP:0F38B460
AlternateDataStreams: C:\ProgramData\TEMP:0F38F234
AlternateDataStreams: C:\ProgramData\TEMP:0F3F6B1E
AlternateDataStreams: C:\ProgramData\TEMP:0FA1EAA7
AlternateDataStreams: C:\ProgramData\TEMP:0FAE191E
AlternateDataStreams: C:\ProgramData\TEMP:0FC68B9A
AlternateDataStreams: C:\ProgramData\TEMP:101708D3
AlternateDataStreams: C:\ProgramData\TEMP:104A718B
AlternateDataStreams: C:\ProgramData\TEMP:109734F6
AlternateDataStreams: C:\ProgramData\TEMP:120B3AFD
AlternateDataStreams: C:\ProgramData\TEMP:1234ADAE
AlternateDataStreams: C:\ProgramData\TEMP:13EF4AF6
AlternateDataStreams: C:\ProgramData\TEMP:140AD176
AlternateDataStreams: C:\ProgramData\TEMP:1416AAA6
AlternateDataStreams: C:\ProgramData\TEMP:15734396
AlternateDataStreams: C:\ProgramData\TEMP:164561C8
AlternateDataStreams: C:\ProgramData\TEMP:165AF2C6
AlternateDataStreams: C:\ProgramData\TEMP:1709732A
AlternateDataStreams: C:\ProgramData\TEMP:177313FB
AlternateDataStreams: C:\ProgramData\TEMP:186F8A82
AlternateDataStreams: C:\ProgramData\TEMP:18A25CF1
AlternateDataStreams: C:\ProgramData\TEMP:18E3BAF3
AlternateDataStreams: C:\ProgramData\TEMP:195E8317
AlternateDataStreams: C:\ProgramData\TEMP:1999DD0A
AlternateDataStreams: C:\ProgramData\TEMP:1A15E356
AlternateDataStreams: C:\ProgramData\TEMP:1A8854EC
AlternateDataStreams: C:\ProgramData\TEMP:1B7E2022
AlternateDataStreams: C:\ProgramData\TEMP:1B90AAB4
AlternateDataStreams: C:\ProgramData\TEMP:1DB77A89
AlternateDataStreams: C:\ProgramData\TEMP:1E17A249
AlternateDataStreams: C:\ProgramData\TEMP:1ECED34B
AlternateDataStreams: C:\ProgramData\TEMP:22313216
AlternateDataStreams: C:\ProgramData\TEMP:225CD7D5
AlternateDataStreams: C:\ProgramData\TEMP:234E9CC5
AlternateDataStreams: C:\ProgramData\TEMP:24164710
AlternateDataStreams: C:\ProgramData\TEMP:244E4E3A
AlternateDataStreams: C:\ProgramData\TEMP:2495D97A
AlternateDataStreams: C:\ProgramData\TEMP:24C072FF
AlternateDataStreams: C:\ProgramData\TEMP:260575F1
AlternateDataStreams: C:\ProgramData\TEMP:268BA8AB
AlternateDataStreams: C:\ProgramData\TEMP:26991AB9
AlternateDataStreams: C:\ProgramData\TEMP:26A148EB
AlternateDataStreams: C:\ProgramData\TEMP:26FBC1F9
AlternateDataStreams: C:\ProgramData\TEMP:2701CA70
AlternateDataStreams: C:\ProgramData\TEMP:270A3983
AlternateDataStreams: C:\ProgramData\TEMP:275AA066
AlternateDataStreams: C:\ProgramData\TEMP:27A88EF2
AlternateDataStreams: C:\ProgramData\TEMP:27D1368B
AlternateDataStreams: C:\ProgramData\TEMP:28CDD861
AlternateDataStreams: C:\ProgramData\TEMP:28DFF83F
AlternateDataStreams: C:\ProgramData\TEMP:29F0CA7D
AlternateDataStreams: C:\ProgramData\TEMP:2A874675
AlternateDataStreams: C:\ProgramData\TEMP:2AC146B9
AlternateDataStreams: C:\ProgramData\TEMP:2AD33723
AlternateDataStreams: C:\ProgramData\TEMP:2B1EA607
AlternateDataStreams: C:\ProgramData\TEMP:2B9555D8
AlternateDataStreams: C:\ProgramData\TEMP:2BFCDF84
AlternateDataStreams: C:\ProgramData\TEMP:2C250258
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2E33E4A6
AlternateDataStreams: C:\ProgramData\TEMP:2E49FF93
AlternateDataStreams: C:\ProgramData\TEMP:2E928E6E
AlternateDataStreams: C:\ProgramData\TEMP:2F141B68
AlternateDataStreams: C:\ProgramData\TEMP:2F360FB3
AlternateDataStreams: C:\ProgramData\TEMP:2F6462DF
AlternateDataStreams: C:\ProgramData\TEMP:2F947175
AlternateDataStreams: C:\ProgramData\TEMP:302ECBD6
AlternateDataStreams: C:\ProgramData\TEMP:30E0D641
AlternateDataStreams: C:\ProgramData\TEMP:31C9BA96
AlternateDataStreams: C:\ProgramData\TEMP:329BA65B
AlternateDataStreams: C:\ProgramData\TEMP:32A82570
AlternateDataStreams: C:\ProgramData\TEMP:32AE8659
AlternateDataStreams: C:\ProgramData\TEMP:32FFF2D1
AlternateDataStreams: C:\ProgramData\TEMP:331B76C7
AlternateDataStreams: C:\ProgramData\TEMP:33B04540
AlternateDataStreams: C:\ProgramData\TEMP:34C443B4
AlternateDataStreams: C:\ProgramData\TEMP:35501BA4
AlternateDataStreams: C:\ProgramData\TEMP:35A81752
AlternateDataStreams: C:\ProgramData\TEMP:363E775E
AlternateDataStreams: C:\ProgramData\TEMP:36FFA2FB
AlternateDataStreams: C:\ProgramData\TEMP:3815BC84
AlternateDataStreams: C:\ProgramData\TEMP:384AA0FD
AlternateDataStreams: C:\ProgramData\TEMP:38B32B54
AlternateDataStreams: C:\ProgramData\TEMP:391535F9
AlternateDataStreams: C:\ProgramData\TEMP:394EB021
AlternateDataStreams: C:\ProgramData\TEMP:3ABC38E6
AlternateDataStreams: C:\ProgramData\TEMP:3ADE134E
AlternateDataStreams: C:\ProgramData\TEMP:3B812EE0
AlternateDataStreams: C:\ProgramData\TEMP:3BC173E4
AlternateDataStreams: C:\ProgramData\TEMP:3BF63E4A
AlternateDataStreams: C:\ProgramData\TEMP:3C282BEA
AlternateDataStreams: C:\ProgramData\TEMP:3D186293
AlternateDataStreams: C:\ProgramData\TEMP:3DB6F365
AlternateDataStreams: C:\ProgramData\TEMP:3E06C78F
AlternateDataStreams: C:\ProgramData\TEMP:3E8A3E87
AlternateDataStreams: C:\ProgramData\TEMP:3EC5BC08
AlternateDataStreams: C:\ProgramData\TEMP:3FD69132
AlternateDataStreams: C:\ProgramData\TEMP:404908B5
AlternateDataStreams: C:\ProgramData\TEMP:405D842B
AlternateDataStreams: C:\ProgramData\TEMP:409A775B
AlternateDataStreams: C:\ProgramData\TEMP:40D8F125
AlternateDataStreams: C:\ProgramData\TEMP:40EE25BB
AlternateDataStreams: C:\ProgramData\TEMP:426D1496
AlternateDataStreams: C:\ProgramData\TEMP:42A3BDD7
AlternateDataStreams: C:\ProgramData\TEMP:43301D1D
AlternateDataStreams: C:\ProgramData\TEMP:43AA121F
AlternateDataStreams: C:\ProgramData\TEMP:454191C8
AlternateDataStreams: C:\ProgramData\TEMP:4573A78F
AlternateDataStreams: C:\ProgramData\TEMP:4673E9EA
AlternateDataStreams: C:\ProgramData\TEMP:488F7244
AlternateDataStreams: C:\ProgramData\TEMP:48FEA089
AlternateDataStreams: C:\ProgramData\TEMP:491270B8
AlternateDataStreams: C:\ProgramData\TEMP:494E4266
AlternateDataStreams: C:\ProgramData\TEMP:4A448DB2
AlternateDataStreams: C:\ProgramData\TEMP:4B1195DD
AlternateDataStreams: C:\ProgramData\TEMP:4B6A9FDA
AlternateDataStreams: C:\ProgramData\TEMP:4C35C064
AlternateDataStreams: C:\ProgramData\TEMP:4C49306C
AlternateDataStreams: C:\ProgramData\TEMP:4C71A42B
AlternateDataStreams: C:\ProgramData\TEMP:4C9782FB
AlternateDataStreams: C:\ProgramData\TEMP:4CA05B44
AlternateDataStreams: C:\ProgramData\TEMP:4CF76F21
AlternateDataStreams: C:\ProgramData\TEMP:4D551822
AlternateDataStreams: C:\ProgramData\TEMP:4DDE401B
AlternateDataStreams: C:\ProgramData\TEMP:4E79C4F8
AlternateDataStreams: C:\ProgramData\TEMP:4EFA2FC7
AlternateDataStreams: C:\ProgramData\TEMP:5025C6E4
AlternateDataStreams: C:\ProgramData\TEMP:5080697C
AlternateDataStreams: C:\ProgramData\TEMP:512E1728
AlternateDataStreams: C:\ProgramData\TEMP:517EFA90
AlternateDataStreams: C:\ProgramData\TEMP:51A20D23
AlternateDataStreams: C:\ProgramData\TEMP:523B97A0
AlternateDataStreams: C:\ProgramData\TEMP:52C24010
AlternateDataStreams: C:\ProgramData\TEMP:5345C8F6
AlternateDataStreams: C:\ProgramData\TEMP:537E6E55
AlternateDataStreams: C:\ProgramData\TEMP:53DF4438
AlternateDataStreams: C:\ProgramData\TEMP:53DF59D1
AlternateDataStreams: C:\ProgramData\TEMP:53F09A92
AlternateDataStreams: C:\ProgramData\TEMP:551BED5F
AlternateDataStreams: C:\ProgramData\TEMP:553056F1
AlternateDataStreams: C:\ProgramData\TEMP:561B1D2B
AlternateDataStreams: C:\ProgramData\TEMP:56699AAF
AlternateDataStreams: C:\ProgramData\TEMP:569CEE83
AlternateDataStreams: C:\ProgramData\TEMP:57231008
AlternateDataStreams: C:\ProgramData\TEMP:574F975B
AlternateDataStreams: C:\ProgramData\TEMP:58447932
AlternateDataStreams: C:\ProgramData\TEMP:58481C6F
AlternateDataStreams: C:\ProgramData\TEMP:59540531
AlternateDataStreams: C:\ProgramData\TEMP:598E0FFA
AlternateDataStreams: C:\ProgramData\TEMP:5BC73C48
AlternateDataStreams: C:\ProgramData\TEMP:5C1EAB4E
AlternateDataStreams: C:\ProgramData\TEMP:5D10C56A
AlternateDataStreams: C:\ProgramData\TEMP:5D351BC6
AlternateDataStreams: C:\ProgramData\TEMP:5E413CD6
AlternateDataStreams: C:\ProgramData\TEMP:5E73E1C2
AlternateDataStreams: C:\ProgramData\TEMP:5E9B629B
AlternateDataStreams: C:\ProgramData\TEMP:5EF1AD34
AlternateDataStreams: C:\ProgramData\TEMP:5F56E7C1
AlternateDataStreams: C:\ProgramData\TEMP:5FD26EF3
AlternateDataStreams: C:\ProgramData\TEMP:5FD47318
AlternateDataStreams: C:\ProgramData\TEMP:60E755E6
AlternateDataStreams: C:\ProgramData\TEMP:61B54B15
AlternateDataStreams: C:\ProgramData\TEMP:61F0C8FB
AlternateDataStreams: C:\ProgramData\TEMP:61FEC5E3
AlternateDataStreams: C:\ProgramData\TEMP:62AC0CCE
AlternateDataStreams: C:\ProgramData\TEMP:639BB5E9
AlternateDataStreams: C:\ProgramData\TEMP:63C48B80
AlternateDataStreams: C:\ProgramData\TEMP:641A21EA
AlternateDataStreams: C:\ProgramData\TEMP:6425A235
AlternateDataStreams: C:\ProgramData\TEMP:65AB2A58
AlternateDataStreams: C:\ProgramData\TEMP:66FC2E6F
AlternateDataStreams: C:\ProgramData\TEMP:6710EF08
AlternateDataStreams: C:\ProgramData\TEMP:6757F885
AlternateDataStreams: C:\ProgramData\TEMP:67CF910D
AlternateDataStreams: C:\ProgramData\TEMP:68A41423
AlternateDataStreams: C:\ProgramData\TEMP:691F4D97
AlternateDataStreams: C:\ProgramData\TEMP:69AF9D20
AlternateDataStreams: C:\ProgramData\TEMP:6A6D4AF4
AlternateDataStreams: C:\ProgramData\TEMP:6AF67671
AlternateDataStreams: C:\ProgramData\TEMP:6AF6BB0E
AlternateDataStreams: C:\ProgramData\TEMP:6B7447D4
AlternateDataStreams: C:\ProgramData\TEMP:6C5EC3CD
AlternateDataStreams: C:\ProgramData\TEMP:6E2D80C8
AlternateDataStreams: C:\ProgramData\TEMP:6E65510A
AlternateDataStreams: C:\ProgramData\TEMP:6EFFF8B9
AlternateDataStreams: C:\ProgramData\TEMP:6FF14C72
AlternateDataStreams: C:\ProgramData\TEMP:701FCC18
AlternateDataStreams: C:\ProgramData\TEMP:702A7F20
AlternateDataStreams: C:\ProgramData\TEMP:70989864
AlternateDataStreams: C:\ProgramData\TEMP:71004506
AlternateDataStreams: C:\ProgramData\TEMP:71AEFFEB
AlternateDataStreams: C:\ProgramData\TEMP:75798D9A
AlternateDataStreams: C:\ProgramData\TEMP:75978481
AlternateDataStreams: C:\ProgramData\TEMP:75CC0165
AlternateDataStreams: C:\ProgramData\TEMP:762408BA
AlternateDataStreams: C:\ProgramData\TEMP:769BB147
AlternateDataStreams: C:\ProgramData\TEMP:774A0E14
AlternateDataStreams: C:\ProgramData\TEMP:77B64C59
AlternateDataStreams: C:\ProgramData\TEMP:78739EC9
AlternateDataStreams: C:\ProgramData\TEMP:7881FECE
AlternateDataStreams: C:\ProgramData\TEMP:78E0DF72
AlternateDataStreams: C:\ProgramData\TEMP:7972CF54
AlternateDataStreams: C:\ProgramData\TEMP:79A7F369
AlternateDataStreams: C:\ProgramData\TEMP:7A032A04
AlternateDataStreams: C:\ProgramData\TEMP:7A0FEE87
AlternateDataStreams: C:\ProgramData\TEMP:7A3AAF2E
AlternateDataStreams: C:\ProgramData\TEMP:7B52659E
AlternateDataStreams: C:\ProgramData\TEMP:7BE5BAAB
AlternateDataStreams: C:\ProgramData\TEMP:7C412B92
AlternateDataStreams: C:\ProgramData\TEMP:7CEDF9F3
AlternateDataStreams: C:\ProgramData\TEMP:7D9B1030
AlternateDataStreams: C:\ProgramData\TEMP:7DC5D762
AlternateDataStreams: C:\ProgramData\TEMP:7E082023
AlternateDataStreams: C:\ProgramData\TEMP:7EB93F0E
AlternateDataStreams: C:\ProgramData\TEMP:8075370B
AlternateDataStreams: C:\ProgramData\TEMP:80F63EC3
AlternateDataStreams: C:\ProgramData\TEMP:816255C3
AlternateDataStreams: C:\ProgramData\TEMP:8204AA35
AlternateDataStreams: C:\ProgramData\TEMP:82529191
AlternateDataStreams: C:\ProgramData\TEMP:834DD57E
AlternateDataStreams: C:\ProgramData\TEMP:841E0E1B
AlternateDataStreams: C:\ProgramData\TEMP:85C3B823
AlternateDataStreams: C:\ProgramData\TEMP:85EA4795
AlternateDataStreams: C:\ProgramData\TEMP:86B7FDDB
AlternateDataStreams: C:\ProgramData\TEMP:870649A4
AlternateDataStreams: C:\ProgramData\TEMP:8751B175
AlternateDataStreams: C:\ProgramData\TEMP:87731E5E
AlternateDataStreams: C:\ProgramData\TEMP:88698068
AlternateDataStreams: C:\ProgramData\TEMP:8944C195
AlternateDataStreams: C:\ProgramData\TEMP:8A459C3C
AlternateDataStreams: C:\ProgramData\TEMP:8A620099
AlternateDataStreams: C:\ProgramData\TEMP:8AE92FD3
AlternateDataStreams: C:\ProgramData\TEMP:8B3C3098
AlternateDataStreams: C:\ProgramData\TEMP:8B4B9596
AlternateDataStreams: C:\ProgramData\TEMP:8BA6C9F8
AlternateDataStreams: C:\ProgramData\TEMP:8BE7A048
AlternateDataStreams: C:\ProgramData\TEMP:8BFA0030
AlternateDataStreams: C:\ProgramData\TEMP:8E11CC80
AlternateDataStreams: C:\ProgramData\TEMP:8E7F155B
AlternateDataStreams: C:\ProgramData\TEMP:8F6B75BF
AlternateDataStreams: C:\ProgramData\TEMP:8FC1A8C4
AlternateDataStreams: C:\ProgramData\TEMP:902C848D
AlternateDataStreams: C:\ProgramData\TEMP:90C320E1
AlternateDataStreams: C:\ProgramData\TEMP:90D89144
AlternateDataStreams: C:\ProgramData\TEMP:918B7566
AlternateDataStreams: C:\ProgramData\TEMP:91A12471
AlternateDataStreams: C:\ProgramData\TEMP:91FE43FF
AlternateDataStreams: C:\ProgramData\TEMP:922DA2DB
AlternateDataStreams: C:\ProgramData\TEMP:9254F782
AlternateDataStreams: C:\ProgramData\TEMP:9290C91C
AlternateDataStreams: C:\ProgramData\TEMP:934CA750
AlternateDataStreams: C:\ProgramData\TEMP:938EC881
AlternateDataStreams: C:\ProgramData\TEMP:9398DBB4
AlternateDataStreams: C:\ProgramData\TEMP:93D985FC
AlternateDataStreams: C:\ProgramData\TEMP:943E8182
AlternateDataStreams: C:\ProgramData\TEMP:94874C0A
AlternateDataStreams: C:\ProgramData\TEMP:94B46CA2
AlternateDataStreams: C:\ProgramData\TEMP:96C9689F
AlternateDataStreams: C:\ProgramData\TEMP:97AAB7F2
AlternateDataStreams: C:\ProgramData\TEMP:97C4F81F
AlternateDataStreams: C:\ProgramData\TEMP:98CD9221
AlternateDataStreams: C:\ProgramData\TEMP:98DFF516
AlternateDataStreams: C:\ProgramData\TEMP:993185CB
AlternateDataStreams: C:\ProgramData\TEMP:996104FC
AlternateDataStreams: C:\ProgramData\TEMP:9ACB70D7
AlternateDataStreams: C:\ProgramData\TEMP:9BAC4211
AlternateDataStreams: C:\ProgramData\TEMP:9BFB769D
AlternateDataStreams: C:\ProgramData\TEMP:9C3AAD57
AlternateDataStreams: C:\ProgramData\TEMP:9C732DB0
AlternateDataStreams: C:\ProgramData\TEMP:9CF728A6
AlternateDataStreams: C:\ProgramData\TEMP:9D06FB9C
AlternateDataStreams: C:\ProgramData\TEMP:9EDA68BD
AlternateDataStreams: C:\ProgramData\TEMP:9F38BF31
AlternateDataStreams: C:\ProgramData\TEMP:A015B193
AlternateDataStreams: C:\ProgramData\TEMP:A02025CE
AlternateDataStreams: C:\ProgramData\TEMP:A05F750A
AlternateDataStreams: C:\ProgramData\TEMP:A0921B2C
AlternateDataStreams: C:\ProgramData\TEMP:A0CB43B2
AlternateDataStreams: C:\ProgramData\TEMP:A1FD5369
AlternateDataStreams: C:\ProgramData\TEMP:A2FF62A6
AlternateDataStreams: C:\ProgramData\TEMP:A3251D01
AlternateDataStreams: C:\ProgramData\TEMP:A4076A3B
AlternateDataStreams: C:\ProgramData\TEMP:A4241298
AlternateDataStreams: C:\ProgramData\TEMP:A42FABF7
AlternateDataStreams: C:\ProgramData\TEMP:A5584049
AlternateDataStreams: C:\ProgramData\TEMP:A57500CB
AlternateDataStreams: C:\ProgramData\TEMP:A58B27C9
AlternateDataStreams: C:\ProgramData\TEMP:A60D0FA6
AlternateDataStreams: C:\ProgramData\TEMP:A6D6E537
AlternateDataStreams: C:\ProgramData\TEMP:A6D89509
AlternateDataStreams: C:\ProgramData\TEMP:A6E01F67
AlternateDataStreams: C:\ProgramData\TEMP:A6F30843
AlternateDataStreams: C:\ProgramData\TEMP:A76A1B1B
AlternateDataStreams: C:\ProgramData\TEMP:A798AA1A
AlternateDataStreams: C:\ProgramData\TEMP:A7DA2BCD
AlternateDataStreams: C:\ProgramData\TEMP:A8185163
AlternateDataStreams: C:\ProgramData\TEMP:A88BE334
AlternateDataStreams: C:\ProgramData\TEMP:A8DFD30C
AlternateDataStreams: C:\ProgramData\TEMP:A9056F42
AlternateDataStreams: C:\ProgramData\TEMP:A9223B61
AlternateDataStreams: C:\ProgramData\TEMP:A9562832
AlternateDataStreams: C:\ProgramData\TEMP:AA0017FD
AlternateDataStreams: C:\ProgramData\TEMP:AAA06E15
AlternateDataStreams: C:\ProgramData\TEMP:AB0A5A80
AlternateDataStreams: C:\ProgramData\TEMP:AD020DC3
AlternateDataStreams: C:\ProgramData\TEMP:AE34D87E
AlternateDataStreams: C:\ProgramData\TEMP:AE8FDB48
AlternateDataStreams: C:\ProgramData\TEMP:AECF4772
AlternateDataStreams: C:\ProgramData\TEMP:AED4A2B7
AlternateDataStreams: C:\ProgramData\TEMP:B097AC8A
AlternateDataStreams: C:\ProgramData\TEMP:B139DDF3
AlternateDataStreams: C:\ProgramData\TEMP:B285A50E
AlternateDataStreams: C:\ProgramData\TEMP:B33464A5
AlternateDataStreams: C:\ProgramData\TEMP:B38BEEEE
AlternateDataStreams: C:\ProgramData\TEMP:B4530133
AlternateDataStreams: C:\ProgramData\TEMP:B504E4C2
AlternateDataStreams: C:\ProgramData\TEMP:B64F7263
AlternateDataStreams: C:\ProgramData\TEMP:B845F669
AlternateDataStreams: C:\ProgramData\TEMP:B88DC997
AlternateDataStreams: C:\ProgramData\TEMP:B961095A
AlternateDataStreams: C:\ProgramData\TEMP:BB0F4AA4
AlternateDataStreams: C:\ProgramData\TEMP:BB71BBA2
AlternateDataStreams: C:\ProgramData\TEMP:BC8E9899
AlternateDataStreams: C:\ProgramData\TEMP:BCF55336
AlternateDataStreams: C:\ProgramData\TEMP:BD27B7FC
AlternateDataStreams: C:\ProgramData\TEMP:BD414E4B
AlternateDataStreams: C:\ProgramData\TEMP:BD8C785E
AlternateDataStreams: C:\ProgramData\TEMP:BD9F7E4E
AlternateDataStreams: C:\ProgramData\TEMP:BDDA21B6
AlternateDataStreams: C:\ProgramData\TEMP:BE6B5FC3
AlternateDataStreams: C:\ProgramData\TEMP:BEACE4C8
AlternateDataStreams: C:\ProgramData\TEMP:BEF18713
AlternateDataStreams: C:\ProgramData\TEMP:BF6A2C54
AlternateDataStreams: C:\ProgramData\TEMP:BF6C81B2
AlternateDataStreams: C:\ProgramData\TEMP:C00C7190
AlternateDataStreams: C:\ProgramData\TEMP:C07A6A6B
AlternateDataStreams: C:\ProgramData\TEMP:C10635F6
AlternateDataStreams: C:\ProgramData\TEMP:C22674B6
AlternateDataStreams: C:\ProgramData\TEMP:C30487EE
AlternateDataStreams: C:\ProgramData\TEMP:C370B84F
AlternateDataStreams: C:\ProgramData\TEMP:C4288847
AlternateDataStreams: C:\ProgramData\TEMP:C49A5AD1
AlternateDataStreams: C:\ProgramData\TEMP:C5D15631
AlternateDataStreams: C:\ProgramData\TEMP:C5E2BAEE
AlternateDataStreams: C:\ProgramData\TEMP:C6920A5D
AlternateDataStreams: C:\ProgramData\TEMP:C6D0ABC3
AlternateDataStreams: C:\ProgramData\TEMP:C72A744C
AlternateDataStreams: C:\ProgramData\TEMP:C76CFF82
AlternateDataStreams: C:\ProgramData\TEMP:C7857F06
AlternateDataStreams: C:\ProgramData\TEMP:C7973317
AlternateDataStreams: C:\ProgramData\TEMP:C87C3E2C
AlternateDataStreams: C:\ProgramData\TEMP:C8E82994
AlternateDataStreams: C:\ProgramData\TEMP:C928F3BE
AlternateDataStreams: C:\ProgramData\TEMP:C9CDDE5E
AlternateDataStreams: C:\ProgramData\TEMP:CA0CE093
AlternateDataStreams: C:\ProgramData\TEMP:CAC06C34
AlternateDataStreams: C:\ProgramData\TEMP:CB16385F
AlternateDataStreams: C:\ProgramData\TEMP:CB959782
AlternateDataStreams: C:\ProgramData\TEMP:CC141B05
AlternateDataStreams: C:\ProgramData\TEMP:CC4C59B4
AlternateDataStreams: C:\ProgramData\TEMP:CD9109D4
AlternateDataStreams: C:\ProgramData\TEMP:CDCDE97C
AlternateDataStreams: C:\ProgramData\TEMP:CF61CE5A
AlternateDataStreams: C:\ProgramData\TEMP:D086B88D
AlternateDataStreams: C:\ProgramData\TEMP:D1FE35E7
AlternateDataStreams: C:\ProgramData\TEMP:D254266B
AlternateDataStreams: C:\ProgramData\TEMP:D3A82449
AlternateDataStreams: C:\ProgramData\TEMP:D3A89E47
AlternateDataStreams: C:\ProgramData\TEMP:D48500F8
AlternateDataStreams: C:\ProgramData\TEMP:D4DD372D
AlternateDataStreams: C:\ProgramData\TEMP:D507B5A8
AlternateDataStreams: C:\ProgramData\TEMP:D5BF78B4
AlternateDataStreams: C:\ProgramData\TEMP:D5F1E592
AlternateDataStreams: C:\ProgramData\TEMP:D696AA12
AlternateDataStreams: C:\ProgramData\TEMP:D6D084A5
AlternateDataStreams: C:\ProgramData\TEMP:D8D58038
AlternateDataStreams: C:\ProgramData\TEMP:D9656460
AlternateDataStreams: C:\ProgramData\TEMP:D987CB43
AlternateDataStreams: C:\ProgramData\TEMP:D9F34335
AlternateDataStreams: C:\ProgramData\TEMP:DB2748F7
AlternateDataStreams: C:\ProgramData\TEMP:DBEF355E
AlternateDataStreams: C:\ProgramData\TEMP:DC21D414
AlternateDataStreams: C:\ProgramData\TEMP:DDF112BD
AlternateDataStreams: C:\ProgramData\TEMP:DE0BD04E
AlternateDataStreams: C:\ProgramData\TEMP:DE6EED8B
AlternateDataStreams: C:\ProgramData\TEMP:DE9AC04F
AlternateDataStreams: C:\ProgramData\TEMP:DE9F4320
AlternateDataStreams: C:\ProgramData\TEMP:DF3CC840
AlternateDataStreams: C:\ProgramData\TEMP:DF7A2D3E
AlternateDataStreams: C:\ProgramData\TEMP:DFC3B090
AlternateDataStreams: C:\ProgramData\TEMP:E14FA16F
AlternateDataStreams: C:\ProgramData\TEMP:E1D06077
AlternateDataStreams: C:\ProgramData\TEMP:E21987F7
AlternateDataStreams: C:\ProgramData\TEMP:E2295807
AlternateDataStreams: C:\ProgramData\TEMP:E31EDFDE
AlternateDataStreams: C:\ProgramData\TEMP:E329D971
AlternateDataStreams: C:\ProgramData\TEMP:E369983A
AlternateDataStreams: C:\ProgramData\TEMP:E3B5F2D1
AlternateDataStreams: C:\ProgramData\TEMP:E402E439
AlternateDataStreams: C:\ProgramData\TEMP:E40AB54F
AlternateDataStreams: C:\ProgramData\TEMP:E40D7F76
AlternateDataStreams: C:\ProgramData\TEMP:E4272706
AlternateDataStreams: C:\ProgramData\TEMP:E47BBD7B
AlternateDataStreams: C:\ProgramData\TEMP:E4E83517
AlternateDataStreams: C:\ProgramData\TEMP:E4EE99EF
AlternateDataStreams: C:\ProgramData\TEMP:E6CDFB4A
AlternateDataStreams: C:\ProgramData\TEMP:E774F04D
AlternateDataStreams: C:\ProgramData\TEMP:E7B4296D
AlternateDataStreams: C:\ProgramData\TEMP:E7B49FBF
AlternateDataStreams: C:\ProgramData\TEMP:E83EE313
AlternateDataStreams: C:\ProgramData\TEMP:E87AB4E3
AlternateDataStreams: C:\ProgramData\TEMP:E895790F
AlternateDataStreams: C:\ProgramData\TEMP:E8B61305
AlternateDataStreams: C:\ProgramData\TEMP:E8CB831A
AlternateDataStreams: C:\ProgramData\TEMP:E945C214
AlternateDataStreams: C:\ProgramData\TEMP:E94FA418
AlternateDataStreams: C:\ProgramData\TEMP:E9B2C525
AlternateDataStreams: C:\ProgramData\TEMP:E9C2F553
AlternateDataStreams: C:\ProgramData\TEMP:E9FAC3AB
AlternateDataStreams: C:\ProgramData\TEMP:EA10407C
AlternateDataStreams: C:\ProgramData\TEMP:EB4FEEF5
AlternateDataStreams: C:\ProgramData\TEMP:EC0A74A1
AlternateDataStreams: C:\ProgramData\TEMP:EC769091
AlternateDataStreams: C:\ProgramData\TEMP:EDC744FB
AlternateDataStreams: C:\ProgramData\TEMP:EDF12A30
AlternateDataStreams: C:\ProgramData\TEMP:EE9B2879
AlternateDataStreams: C:\ProgramData\TEMP:EF0BD3A1
AlternateDataStreams: C:\ProgramData\TEMP:EF0C5444
AlternateDataStreams: C:\ProgramData\TEMP:EF38B79C
AlternateDataStreams: C:\ProgramData\TEMP:EF5B3572
AlternateDataStreams: C:\ProgramData\TEMP:EFBD4447
AlternateDataStreams: C:\ProgramData\TEMP:EFF3C3C8
AlternateDataStreams: C:\ProgramData\TEMP:F0A06891
AlternateDataStreams: C:\ProgramData\TEMP:F135A76C
AlternateDataStreams: C:\ProgramData\TEMP:F13867C6
AlternateDataStreams: C:\ProgramData\TEMP:F14D1F80
AlternateDataStreams: C:\ProgramData\TEMP:F176B6C6
AlternateDataStreams: C:\ProgramData\TEMP:F2B81C2E
AlternateDataStreams: C:\ProgramData\TEMP:F2E92DCD
AlternateDataStreams: C:\ProgramData\TEMP:F33C37D5
AlternateDataStreams: C:\ProgramData\TEMP:F41E22A9
AlternateDataStreams: C:\ProgramData\TEMP:F42B5B0E
AlternateDataStreams: C:\ProgramData\TEMP:F45F3031
AlternateDataStreams: C:\ProgramData\TEMP:F53B274A
AlternateDataStreams: C:\ProgramData\TEMP:F5E8CAE0
AlternateDataStreams: C:\ProgramData\TEMP:F68CB1A4
AlternateDataStreams: C:\ProgramData\TEMP:F6A0889A
AlternateDataStreams: C:\ProgramData\TEMP:F7F4DC88
AlternateDataStreams: C:\ProgramData\TEMP:F83E8359
AlternateDataStreams: C:\ProgramData\TEMP:F84B8DB5
AlternateDataStreams: C:\ProgramData\TEMP:F94DE3B1
AlternateDataStreams: C:\ProgramData\TEMP:F9689B72
AlternateDataStreams: C:\ProgramData\TEMP:FAB64002
AlternateDataStreams: C:\ProgramData\TEMP:FC2D0F32
AlternateDataStreams: C:\ProgramData\TEMP:FD000392
AlternateDataStreams: C:\ProgramData\TEMP:FD6D11C9
AlternateDataStreams: C:\ProgramData\TEMP:FDDD8917
AlternateDataStreams: C:\ProgramData\TEMP:FED25C29
AlternateDataStreams: C:\ProgramData\TEMP:FFC3922F
AlternateDataStreams: C:\ProgramData\TEMP:FFD58FFB

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/04/2014 02:28:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2014 08:15:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/02/2014 07:25:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2014 05:10:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/28/2014 10:19:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/28/2014 08:02:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/27/2014 06:28:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/27/2014 00:55:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2014 06:57:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2014 07:58:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/04/2014 02:28:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (03/04/2014 02:28:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (03/04/2014 02:26:15 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WatchGuard Access Client Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (03/04/2014 02:26:15 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\waclient.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (03/04/2014 02:26:09 PM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (03/03/2014 08:15:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (03/03/2014 08:15:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (03/03/2014 08:13:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WatchGuard Access Client Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (03/03/2014 08:13:55 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\waclient.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (03/03/2014 08:13:48 PM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.


Microsoft Office Sessions:
=========================
Error: (03/04/2014 02:28:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2014 08:15:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/02/2014 07:25:51 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2014 05:10:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/28/2014 10:19:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/28/2014 08:02:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/27/2014 06:28:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/27/2014 00:55:45 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2014 06:57:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2014 07:58:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 20%
Total physical RAM: 8174.12 MB
Available physical RAM: 6494.96 MB
Total Pagefile: 8172.3 MB
Available Pagefile: 6384 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:80.37 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:465.76 GB) (Free:464.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 69BC329E)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 76EE849D)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________
Beste Grüße,

Kuhlambo12

Alt 05.03.2014, 11:25   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Sweet-Page und und und. - Standard

Sweet-Page und und und.



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.03.2014, 16:19   #9
kuhlambo12
 
Sweet-Page und und und. - Standard

Sweet-Page und und und.



Malwarebytes:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.05.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
User :: USER-PC [Administrator]

05.03.2014 16:39:28
mbam-log-2014-03-05 (16-39-28).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 250283
Laufzeit: 4 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
D:\Desktop\installer_123_free_solitaire.exe (PUP.Adbundler) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
AdwCleaner:

Code:
ATTFilter
# AdwCleaner v3.020 - Bericht erstellt am 05/03/2014 um 16:47:28
# Aktualisiert 27/02/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : User - USER-PC
# Gestartet von : D:\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\iWin
Ordner Gelöscht : C:\ProgramData\Alawar
Ordner Gelöscht : C:\ProgramData\Alawar Entertainment
Ordner Gelöscht : C:\ProgramData\Alawar Stargaze
Ordner Gelöscht : C:\ProgramData\BigFishSavedGames
Ordner Gelöscht : C:\Users\User\AppData\Roaming\iWin
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Alawar
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Alawar Entertainment
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Alawar Stargaze

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sviiwldg.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1307 octets] - [05/03/2014 16:46:01]
AdwCleaner[S0].txt - [1248 octets] - [05/03/2014 16:47:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1308 octets] ##########
         
JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on 05.03.2014 at 16:52:00,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish"
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\big fish games"
Successfully deleted: [Folder] "C:\Users\User\appdata\local\big fish"
Successfully deleted: [Folder] "C:\bigfishcache"



~~~ FireFox

Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\sviiwldg.default\minidumps [150 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.03.2014 at 17:01:00,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Ich soll noch zwei Sache für meine Mutter fragen.

1. Sie bekommt sehr viele Spammails >20 am Tag, was dagegen machen?

2. Die Seite von ihrem E-Mail Service lädt nur sehr langsam, ich bin beim gleichen Provider und bei mir ist alles Top schnell.

Danke dir

Probleme sind bislang aber noch nicht behoben, Firefox braucht immernoch sehr lange zum Starten, der PC hatte sich vorhin nach dem geforderten Systemneustart von AdwCleaner wieder für 2-3mins aufgehangen.
__________________
Beste Grüße,

Kuhlambo12

Alt 06.03.2014, 13:00   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Sweet-Page und und und. - Standard

Sweet-Page und und und.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.03.2014, 16:36   #11
kuhlambo12
 
Sweet-Page und und und. - Standard

Sweet-Page und und und.



Hier erstmal das frische FRST Log:

Als ich das gestartet hatte hat sich der Rechner wieder aufgehangen.


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2014
Ran by User (administrator) on USER-PC on 06-03-2014 15:48:25
Running from D:\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIFHE.EXE
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [843776 2009-06-04] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-17] (AVAST Software)
HKU\S-1-5-21-3705449284-2357449535-4002406552-1000\...\Run: [EPSON BX310FN Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFHE.EXE [223232 2008-11-17] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3705449284-2357449535-4002406552-1000\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-3705449284-2357449535-4002406552-1000\...\MountPoints2: {7cec90e7-5c1f-11e2-adf7-c86000627a19} - F:\Startme.exe
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCE9F6AD30D82CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sviiwldg.default
FF Homepage: hxxp://webmail.osnanet.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus Pop-up Addon - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sviiwldg.default\Extensions\adblockpopups@jessehakanen.net.xpi [2012-08-24]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sviiwldg.default\Extensions\elemhidehelper@adblockplus.org.xpi [2012-08-24]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sviiwldg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-09-01]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-17] (AVAST Software)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-17] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-14] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S2 waclient; C:\Windows\SysWOW64\drivers\waclient.sys [31328 2012-09-11] (PortWise)
S3 AIDA64Driver; \??\F:\#Dauertest#\AIDA64 Home Edition v1.85.1600\kerneld.x64 [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-05 16:51 - 2014-03-05 16:51 - 00000000 ____D () C:\Windows\ERUNT
2014-03-05 16:45 - 2014-03-05 16:47 - 00000000 ____D () C:\AdwCleaner
2014-03-05 16:38 - 2014-03-05 16:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\Malwarebytes
2014-03-05 16:38 - 2014-03-05 16:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 16:38 - 2014-03-05 16:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-05 16:38 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-04 21:56 - 2014-03-04 21:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery of Cleopatra
2014-03-04 21:56 - 2014-03-04 21:56 - 00000000 ____D () C:\Program Files (x86)\Mystery of Cleopatra
2014-03-04 21:35 - 2014-03-04 21:36 - 00000000 ____D () C:\Program Files (x86)\Mystery of Mortlake Mansion
2014-03-04 21:35 - 2014-03-04 21:35 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery of Mortlake Mansion
2014-03-04 21:33 - 2014-03-04 21:33 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery of the Ancients - Der Fluch des Schwarzen Wassers
2014-03-04 21:33 - 2014-03-04 21:33 - 00000000 ____D () C:\Program Files (x86)\Mystery of the Ancients - Der Fluch des Schwarzen Wassers
2014-03-04 21:28 - 2014-03-04 21:29 - 00000000 ____D () C:\Program Files (x86)\Mystery of the Ancients - Der Hexer von Lockwood
2014-03-04 21:28 - 2014-03-04 21:28 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery of the Ancients - Der Hexer von Lockwood
2014-03-04 21:17 - 2014-03-04 21:18 - 00000000 ____D () C:\Program Files (x86)\Mystery of the Earl
2014-03-04 21:17 - 2014-03-04 21:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery of the Earl
2014-03-04 21:15 - 2014-03-04 21:15 - 00000000 ____D () C:\Program Files (x86)\Mystery of Unicorn Castle
2014-03-04 21:14 - 2014-03-04 21:14 - 00000000 ____D () C:\Users\User\Freeze Tag
2014-03-04 21:14 - 2014-03-04 21:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery P.I. - Stolen in San Francisco
2014-03-04 21:14 - 2014-03-04 21:14 - 00000000 ____D () C:\Program Files (x86)\Mystery P.I. - Stolen in San Francisco
2014-03-04 20:32 - 2014-03-04 20:32 - 00000000 ____D () C:\Users\User\AppData\Roaming\PlayPond
2014-03-04 14:36 - 2014-03-06 15:48 - 00000000 ____D () C:\FRST
2014-03-03 22:02 - 2014-03-03 22:02 - 00000000 ____D () C:\Users\User\AppData\Roaming\Lazy Turtle Games
2014-03-03 20:54 - 2014-03-03 20:54 - 00000000 ____D () C:\ProgramData\MysteryChronicles
2014-03-02 20:51 - 2014-03-02 20:52 - 00000000 ____D () C:\Program Files (x86)\Mystery Masterpiece - Der Mondstein
2014-03-02 20:51 - 2014-03-02 20:51 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Masterpiece - Der Mondstein
2014-03-02 20:35 - 2014-03-02 20:36 - 00000000 ____D () C:\Program Files (x86)\Mystery Murders - Jack the Ripper
2014-03-02 20:35 - 2014-03-02 20:35 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Murders - Jack the Ripper
2014-02-28 21:19 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-02-28 21:19 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-02-28 21:19 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-02-28 21:19 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-02-28 21:18 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-02-28 21:18 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-02-28 21:17 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-02-28 21:17 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-02-28 21:17 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-02-28 21:17 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-02-28 21:17 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-02-28 21:17 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-02-28 21:17 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-02-28 21:17 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-02-28 20:22 - 2014-02-28 20:22 - 00000000 ____D () C:\Users\User\AppData\Roaming\MA2
2014-02-27 22:55 - 2014-02-27 22:56 - 00000000 ____D () C:\Users\User\Elster
2014-02-27 22:44 - 2014-02-27 22:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\elsterformular
2014-02-27 20:38 - 2014-02-27 20:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\MA
2014-02-27 18:46 - 2014-02-27 18:46 - 00000000 ____D () C:\ProgramData\elsterformular
2014-02-27 18:46 - 2014-02-27 18:46 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-02-27 13:13 - 2014-02-27 13:47 - 00000445 _____ () C:\Users\User\AppData\Roaming\prefsdb.dat
2014-02-27 13:13 - 2014-02-27 13:13 - 00000000 ____D () C:\Users\User\AppData\Roaming\perfect future studio
2014-02-27 12:58 - 2014-02-27 13:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\SAD-Kartendesigner
2014-02-27 12:58 - 2014-02-27 12:58 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S.A.D
2014-02-26 22:20 - 2014-02-26 23:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\Gold Casual Games
2014-02-26 21:19 - 2014-02-26 21:19 - 00000000 ____D () C:\Users\User\Mushroom Age
2014-02-26 20:21 - 2014-02-26 20:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\Color Brush
2014-02-26 20:21 - 2014-02-26 20:21 - 00000000 ____D () C:\ProgramData\Color Brush
2014-02-26 01:07 - 2014-02-27 22:58 - 01594028 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-26 00:05 - 2014-02-26 00:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\HillStoneAnimationStudios
2014-02-25 22:54 - 2014-02-25 22:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\Legacy Games
2014-02-23 23:04 - 2014-02-23 23:04 - 00000000 ____D () C:\Users\User\Million
2014-02-23 22:00 - 2014-02-23 22:00 - 00000000 ____D () C:\Users\User\AppData\Roaming\Jetdogs Studios
2014-02-23 00:02 - 2014-02-23 00:02 - 00000000 ____D () C:\Users\User\AppData\Roaming\MemoryClinic
2014-02-22 20:53 - 2014-02-22 21:53 - 00000000 ____D () C:\ProgramData\SugarGames
2014-02-21 23:45 - 2014-02-21 23:46 - 00000000 ____D () C:\Users\User\AppData\Roaming\MastersOfMystery2
2014-02-21 20:47 - 2014-02-21 20:47 - 00000000 ____D () C:\Users\User\AppData\Roaming\Nemopolis
2014-02-20 22:57 - 2014-02-20 22:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\Inertia Game Studios
2014-02-20 21:50 - 2014-02-20 21:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\margrave3_full
2014-02-19 23:30 - 2014-02-19 23:30 - 00000000 ____D () C:\Users\User\AppData\Roaming\TheFixerUpper
2014-02-19 21:29 - 2014-02-19 21:29 - 00000000 ____D () C:\ProgramData\MarcoPolo
2014-02-19 21:01 - 2014-02-19 21:01 - 00000000 ____D () C:\Users\User\AppData\Roaming\GameDevo
2014-02-18 22:06 - 2014-02-18 22:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\Magic3
2014-02-18 21:09 - 2014-02-18 21:09 - 00000000 ____D () C:\Users\User\AppData\Roaming\Magic Academy 2
2014-02-18 19:56 - 2014-02-18 19:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\Magic Academy
2014-02-17 20:29 - 2014-02-17 20:29 - 00000000 ____D () C:\Users\User\AppData\Roaming\BrandX Games
2014-02-16 19:27 - 2014-02-16 21:28 - 00000000 ____D () C:\Users\User\AppData\Roaming\MediaArt
2014-02-16 19:27 - 2014-02-16 21:28 - 00000000 ____D () C:\ProgramData\MediaArt
2014-02-15 21:11 - 2014-02-15 21:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 20:55 - 2014-02-27 19:34 - 00000000 ____D () C:\Users\User\AppData\Roaming\VendelGAMES
2014-02-14 22:36 - 2014-02-14 22:36 - 00000000 ____D () C:\Users\User\AppData\Roaming\Namco
2014-02-14 21:35 - 2014-02-14 21:35 - 00000000 ____D () C:\Users\User\AppData\Roaming\REXARD
2014-02-14 21:35 - 2014-02-14 21:35 - 00000000 ____D () C:\ProgramData\REXARD
2014-02-13 23:38 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 23:38 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 23:38 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 23:38 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 23:38 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 23:38 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 23:38 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 23:38 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 23:38 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 23:38 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 23:38 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 23:38 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 23:38 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 23:38 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 23:38 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 23:38 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 23:38 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 23:38 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 23:38 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 23:38 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 23:38 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 23:38 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 23:38 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 23:38 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 23:38 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 23:38 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 23:38 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 23:38 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 23:38 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 23:38 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 23:38 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 23:38 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 23:38 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 23:38 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 23:38 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 23:38 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 23:38 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 23:38 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 23:38 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 23:38 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 23:38 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 21:17 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 21:17 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 21:17 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 21:17 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 21:17 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 21:17 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 21:16 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 21:16 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 21:16 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 21:16 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 21:16 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 21:16 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 21:16 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 21:16 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 21:16 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 21:16 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 21:16 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 21:16 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 21:16 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 21:16 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 21:16 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 21:16 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 21:16 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 21:16 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 21:16 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 21:16 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 21:16 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 21:16 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-13 20:15 - 2014-02-13 20:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\Lost in the City
2014-02-12 21:27 - 2014-02-12 22:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\blg
2014-02-12 21:27 - 2014-02-12 22:27 - 00000000 ____D () C:\ProgramData\blg
2014-02-11 21:11 - 2014-02-11 22:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\4 Friends Games
2014-02-10 19:59 - 2014-02-10 19:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\Chayowo Games
2014-02-09 19:13 - 2014-02-09 19:13 - 00000000 ____D () C:\Users\User\AppData\Roaming\YoudaGames
2014-02-07 22:49 - 2014-02-07 22:49 - 00000000 ____D () C:\Users\User\AppData\Roaming\MoonriseInteractive
2014-02-07 19:43 - 2014-02-07 19:43 - 00000000 ____D () C:\ProgramData\Astar Games
2014-02-06 20:57 - 2014-02-06 20:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\CattaleGames
2014-02-04 21:23 - 2014-02-04 21:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\Kingdom of Seven Seals
2014-02-04 20:23 - 2014-02-04 20:23 - 00000000 ____D () C:\Users\User\AppData\Roaming\KingArthur

==================== One Month Modified Files and Folders =======

2014-03-06 15:48 - 2014-03-04 14:36 - 00000000 ____D () C:\FRST
2014-03-06 15:46 - 2013-04-29 16:16 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-06 15:46 - 2012-09-01 12:34 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-06 15:46 - 2012-08-24 16:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-06 15:46 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-06 15:46 - 2009-07-14 05:51 - 00081699 _____ () C:\Windows\setupact.log
2014-03-05 17:14 - 2012-08-24 16:02 - 01438471 _____ () C:\Windows\WindowsUpdate.log
2014-03-05 17:14 - 2009-07-14 05:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-05 17:14 - 2009-07-14 05:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-05 17:00 - 2012-08-24 17:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-05 16:55 - 2012-10-29 20:41 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-05 16:55 - 2010-11-21 07:50 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-03-05 16:55 - 2010-11-21 07:50 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-03-05 16:54 - 2013-04-29 16:16 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-05 16:51 - 2014-03-05 16:51 - 00000000 ____D () C:\Windows\ERUNT
2014-03-05 16:48 - 2010-11-21 04:47 - 00339712 _____ () C:\Windows\PFRO.log
2014-03-05 16:47 - 2014-03-05 16:45 - 00000000 ____D () C:\AdwCleaner
2014-03-05 16:38 - 2014-03-05 16:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\Malwarebytes
2014-03-05 16:38 - 2014-03-05 16:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 16:38 - 2014-03-05 16:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-04 21:56 - 2014-03-04 21:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery of Cleopatra
2014-03-04 21:56 - 2014-03-04 21:56 - 00000000 ____D () C:\Program Files (x86)\Mystery of Cleopatra
2014-03-04 21:36 - 2014-03-04 21:35 - 00000000 ____D () C:\Program Files (x86)\Mystery of Mortlake Mansion
2014-03-04 21:35 - 2014-03-04 21:35 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery of Mortlake Mansion
2014-03-04 21:33 - 2014-03-04 21:33 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery of the Ancients - Der Fluch des Schwarzen Wassers
2014-03-04 21:33 - 2014-03-04 21:33 - 00000000 ____D () C:\Program Files (x86)\Mystery of the Ancients - Der Fluch des Schwarzen Wassers
2014-03-04 21:29 - 2014-03-04 21:28 - 00000000 ____D () C:\Program Files (x86)\Mystery of the Ancients - Der Hexer von Lockwood
2014-03-04 21:28 - 2014-03-04 21:28 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery of the Ancients - Der Hexer von Lockwood
2014-03-04 21:18 - 2014-03-04 21:17 - 00000000 ____D () C:\Program Files (x86)\Mystery of the Earl
2014-03-04 21:17 - 2014-03-04 21:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery of the Earl
2014-03-04 21:15 - 2014-03-04 21:15 - 00000000 ____D () C:\Program Files (x86)\Mystery of Unicorn Castle
2014-03-04 21:14 - 2014-03-04 21:14 - 00000000 ____D () C:\Users\User\Freeze Tag
2014-03-04 21:14 - 2014-03-04 21:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery P.I. - Stolen in San Francisco
2014-03-04 21:14 - 2014-03-04 21:14 - 00000000 ____D () C:\Program Files (x86)\Mystery P.I. - Stolen in San Francisco
2014-03-04 20:32 - 2014-03-04 20:32 - 00000000 ____D () C:\Users\User\AppData\Roaming\PlayPond
2014-03-04 19:44 - 2013-08-21 20:19 - 00000000 ____D () C:\Users\User\AppData\Roaming\URSE Games
2014-03-03 22:02 - 2014-03-03 22:02 - 00000000 ____D () C:\Users\User\AppData\Roaming\Lazy Turtle Games
2014-03-03 20:54 - 2014-03-03 20:54 - 00000000 ____D () C:\ProgramData\MysteryChronicles
2014-03-02 21:58 - 2012-09-23 21:35 - 00000000 ____D () C:\Users\User\AppData\Roaming\Elephant Games
2014-03-02 20:52 - 2014-03-02 20:51 - 00000000 ____D () C:\Program Files (x86)\Mystery Masterpiece - Der Mondstein
2014-03-02 20:51 - 2014-03-02 20:51 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Masterpiece - Der Mondstein
2014-03-02 20:36 - 2014-03-02 20:35 - 00000000 ____D () C:\Program Files (x86)\Mystery Murders - Jack the Ripper
2014-03-02 20:35 - 2014-03-02 20:35 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Murders - Jack the Ripper
2014-02-28 23:25 - 2012-09-01 22:25 - 00000250 _____ () C:\Windows\Tasks\Epson Printer Software Downloader.job
2014-02-28 20:22 - 2014-02-28 20:22 - 00000000 ____D () C:\Users\User\AppData\Roaming\MA2
2014-02-27 22:58 - 2014-02-26 01:07 - 01594028 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-27 22:56 - 2014-02-27 22:55 - 00000000 ____D () C:\Users\User\Elster
2014-02-27 22:44 - 2014-02-27 22:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\elsterformular
2014-02-27 20:38 - 2014-02-27 20:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\MA
2014-02-27 19:34 - 2014-02-15 20:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\VendelGAMES
2014-02-27 18:46 - 2014-02-27 18:46 - 00000000 ____D () C:\ProgramData\elsterformular
2014-02-27 18:46 - 2014-02-27 18:46 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-02-27 13:47 - 2014-02-27 13:13 - 00000445 _____ () C:\Users\User\AppData\Roaming\prefsdb.dat
2014-02-27 13:13 - 2014-02-27 13:13 - 00000000 ____D () C:\Users\User\AppData\Roaming\perfect future studio
2014-02-27 13:11 - 2014-02-27 12:58 - 00000000 ____D () C:\Users\User\AppData\Roaming\SAD-Kartendesigner
2014-02-27 12:58 - 2014-02-27 12:58 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S.A.D
2014-02-27 12:58 - 2013-12-13 20:54 - 00000000 ____D () C:\Program Files (x86)\S.A.D
2014-02-26 23:20 - 2014-02-26 22:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\Gold Casual Games
2014-02-26 22:49 - 2013-09-02 20:03 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-02-26 22:49 - 2013-09-02 20:03 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-02-26 22:49 - 2013-09-02 20:03 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-02-26 22:49 - 2013-09-02 20:03 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-02-26 21:19 - 2014-02-26 21:19 - 00000000 ____D () C:\Users\User\Mushroom Age
2014-02-26 20:21 - 2014-02-26 20:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\Color Brush
2014-02-26 20:21 - 2014-02-26 20:21 - 00000000 ____D () C:\ProgramData\Color Brush
2014-02-26 19:05 - 2013-10-30 21:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\AlawarEntertainment
2014-02-26 00:05 - 2014-02-26 00:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\HillStoneAnimationStudios
2014-02-25 22:54 - 2014-02-25 22:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\Legacy Games
2014-02-25 21:50 - 2013-10-14 20:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\LegacyInteractive
2014-02-23 23:04 - 2014-02-23 23:04 - 00000000 ____D () C:\Users\User\Million
2014-02-23 22:00 - 2014-02-23 22:00 - 00000000 ____D () C:\Users\User\AppData\Roaming\Jetdogs Studios
2014-02-23 21:00 - 2014-01-02 22:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\Gogii
2014-02-23 20:45 - 2013-09-29 19:01 - 00000000 ____D () C:\Users\User\AppData\Roaming\MumboJumbo
2014-02-23 19:39 - 2013-08-22 19:38 - 00000000 ____D () C:\ProgramData\MumboJumbo
2014-02-23 00:02 - 2014-02-23 00:02 - 00000000 ____D () C:\Users\User\AppData\Roaming\MemoryClinic
2014-02-22 23:00 - 2013-09-24 20:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\EleFun Games
2014-02-22 21:53 - 2014-02-22 20:53 - 00000000 ____D () C:\ProgramData\SugarGames
2014-02-21 23:46 - 2014-02-21 23:45 - 00000000 ____D () C:\Users\User\AppData\Roaming\MastersOfMystery2
2014-02-21 21:55 - 2013-09-16 20:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\Merscom
2014-02-21 21:55 - 2013-09-16 20:18 - 00000000 ____D () C:\ProgramData\Merscom
2014-02-21 20:47 - 2014-02-21 20:47 - 00000000 ____D () C:\Users\User\AppData\Roaming\Nemopolis
2014-02-20 22:57 - 2014-02-20 22:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\Inertia Game Studios
2014-02-20 22:01 - 2012-08-24 17:54 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-20 22:00 - 2012-08-24 17:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 22:00 - 2012-08-24 17:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 21:50 - 2014-02-20 21:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\margrave3_full
2014-02-20 20:49 - 2013-08-23 19:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\ERS Game Studios
2014-02-19 23:30 - 2014-02-19 23:30 - 00000000 ____D () C:\Users\User\AppData\Roaming\TheFixerUpper
2014-02-19 21:29 - 2014-02-19 21:29 - 00000000 ____D () C:\ProgramData\MarcoPolo
2014-02-19 21:01 - 2014-02-19 21:01 - 00000000 ____D () C:\Users\User\AppData\Roaming\GameDevo
2014-02-19 19:49 - 2013-04-29 16:16 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-19 19:49 - 2013-04-29 16:16 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-18 23:53 - 2013-09-29 19:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\Meridian93
2014-02-18 22:53 - 2013-09-07 21:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\V-Games
2014-02-18 22:06 - 2014-02-18 22:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\Magic3
2014-02-18 21:09 - 2014-02-18 21:09 - 00000000 ____D () C:\Users\User\AppData\Roaming\Magic Academy 2
2014-02-18 19:56 - 2014-02-18 19:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\Magic Academy
2014-02-17 23:05 - 2013-09-09 21:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\DikobrazGames
2014-02-17 20:29 - 2014-02-17 20:29 - 00000000 ____D () C:\Users\User\AppData\Roaming\BrandX Games
2014-02-17 19:54 - 2013-10-22 20:09 - 00000000 ____D () C:\Users\User\AppData\Roaming\Blue Tea Games
2014-02-17 11:42 - 2014-01-14 18:01 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-17 11:42 - 2012-09-01 12:34 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-17 11:42 - 2012-09-01 12:34 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-02-17 11:42 - 2012-09-01 12:34 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-17 11:42 - 2012-09-01 12:34 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-17 11:42 - 2012-09-01 12:33 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-17 11:41 - 2012-08-24 16:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 21:28 - 2014-02-16 19:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\MediaArt
2014-02-16 21:28 - 2014-02-16 19:27 - 00000000 ____D () C:\ProgramData\MediaArt
2014-02-15 23:58 - 2013-08-13 22:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-15 23:57 - 2012-08-24 17:14 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 21:12 - 2014-02-15 21:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 22:36 - 2014-02-14 22:36 - 00000000 ____D () C:\Users\User\AppData\Roaming\Namco
2014-02-14 21:35 - 2014-02-14 21:35 - 00000000 ____D () C:\Users\User\AppData\Roaming\REXARD
2014-02-14 21:35 - 2014-02-14 21:35 - 00000000 ____D () C:\ProgramData\REXARD
2014-02-14 21:00 - 2013-10-19 21:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\Fenomen Games
2014-02-13 23:48 - 2012-08-24 18:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-13 23:26 - 2013-09-08 22:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\GameMill Entertainment
2014-02-13 20:26 - 2014-02-13 20:15 - 00000000 ____D () C:\Users\User\AppData\Roaming\Lost in the City
2014-02-12 22:27 - 2014-02-12 21:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\blg
2014-02-12 22:27 - 2014-02-12 21:27 - 00000000 ____D () C:\ProgramData\blg
2014-02-12 20:27 - 2013-11-02 21:36 - 00000000 ____D () C:\ProgramData\Intenium
2014-02-12 20:07 - 2013-10-20 18:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\Vast Studios
2014-02-12 19:55 - 2013-01-11 23:57 - 00293814 _____ () C:\Windows\DPINST.LOG
2014-02-11 22:38 - 2014-02-11 21:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\4 Friends Games
2014-02-10 22:01 - 2013-08-24 21:37 - 00000000 ____D () C:\Users\User\AppData\Roaming\Awem
2014-02-10 19:59 - 2014-02-10 19:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\Chayowo Games
2014-02-09 21:27 - 2013-10-29 22:07 - 00000000 ____D () C:\Users\User\AppData\Roaming\DominiGames
2014-02-09 19:13 - 2014-02-09 19:13 - 00000000 ____D () C:\Users\User\AppData\Roaming\YoudaGames
2014-02-07 22:49 - 2014-02-07 22:49 - 00000000 ____D () C:\Users\User\AppData\Roaming\MoonriseInteractive
2014-02-07 21:48 - 2014-02-03 23:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mariaglorum
2014-02-07 19:43 - 2014-02-07 19:43 - 00000000 ____D () C:\ProgramData\Astar Games
2014-02-06 20:57 - 2014-02-06 20:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\CattaleGames
2014-02-06 19:57 - 2013-08-24 19:40 - 00000000 ____D () C:\ProgramData\Fenomen Games
2014-02-06 13:16 - 2014-02-13 23:38 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-13 23:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-13 23:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-13 23:38 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-13 23:38 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-13 23:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-13 23:38 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-13 23:38 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-13 23:38 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-13 23:38 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-13 23:38 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-13 23:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-13 23:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-13 23:38 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-13 23:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-13 23:38 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-13 23:38 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-13 23:38 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-13 23:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 23:38 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-13 23:38 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-13 23:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 23:38 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-13 23:38 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-13 23:38 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-13 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-13 23:38 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-13 23:38 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-13 23:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-13 23:38 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-13 23:38 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-13 23:38 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 23:38 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 23:38 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-13 23:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-13 23:38 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-13 23:38 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-13 23:38 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-13 23:38 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-04 21:24 - 2014-02-04 21:23 - 00000000 ____D () C:\Users\User\AppData\Roaming\Kingdom of Seven Seals
2014-02-04 20:23 - 2014-02-04 20:23 - 00000000 ____D () C:\Users\User\AppData\Roaming\KingArthur

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-08-24 18:58

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---




Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2014
Ran by User at 2014-03-06 15:50:08
Running from D:\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

123 Free Solitaire 2009 v7.2 (HKLM-x32\...\123 Free Solitaire_is1) (Version:  - TreeCardGames.com)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{2A13EF26-4D68-B2D7-A486-DBBD2FDE366B}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.2.0.6 - )
Coffee Rush (HKLM-x32\...\BFG-Coffee Rush) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version:  - Microsoft)
Druckerdeinstallation für EPSON BX310FN Series (HKLM\...\EPSON BX310FN Series) (Version:  - SEIKO EPSON Corporation)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.20140212 - Landesfinanzdirektion Thüringen)
Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.00.01 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
Epson Printer Software Downloader (HKLM-x32\...\Epson Printer Software Downloader) (Version:  - )
Epson Printer Software Downloader (x32 Version: 2.0.0 - SEIKO EPSON CORPORATION) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Epson Stylus Office BX310FN_TX510FN Handbuch (HKLM-x32\...\Epson Stylus Office BX310FN_TX510FN Benutzerhandbuch) (Version:  - )
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1b - SEIKO EPSON CORPORATION)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Kartendesigner 5 Gruß und Einladung v5.0 (HKLM-x32\...\Kartendesigner 5 Gruß und Einladung) (Version: 5.0 - S.A.D.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Mystery Legends - Sleepy Hollow (HKLM-x32\...\Mystery Legends - Sleepy Hollow) (Version: 1.00 - phenomedia publishing gmbh)
Mystery Masterpiece: Der Mondstein (HKLM-x32\...\BFG-Mystery Masterpiece - Der Mondstein) (Version:  - )
Mystery Murders: Jack the Ripper (HKLM-x32\...\BFG-Mystery Murders - Jack the Ripper) (Version:  - )
Mystery of Cleopatra (HKLM-x32\...\BFG-Mystery of Cleopatra) (Version:  - )
Mystery of Mortlake Mansion (HKLM-x32\...\BFG-Mystery of Mortlake Mansion) (Version:  - )
Mystery of the Ancients: Der Fluch des Schwarzen Wassers (HKLM-x32\...\BFG-Mystery of the Ancients - Der Fluch des Schwarzen Wassers) (Version:  - )
Mystery of the Ancients: Der Hexer von Lockwood (HKLM-x32\...\BFG-Mystery of the Ancients - Der Hexer von Lockwood) (Version:  - )
Mystery of the Earl (HKLM-x32\...\BFG-Mystery of the Earl) (Version:  - )
Mystery of Unicorn Castle (HKLM-x32\...\BFG-Mystery of Unicorn Castle) (Version:  - )
Mystery P.I.™ : Stolen in San Francisco (HKLM-x32\...\BFG-Mystery P.I. - Stolen in San Francisco) (Version:  - )
Nightfall Mysteries - Der Fluch der Oper (HKLM-x32\...\Nightfall Mysteries - Der Fluch der Oper) (Version: 1.00 - phenomedia publishing gmbh)
NVIDIA 3D Vision Controller-Treiber 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 301.42 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.16.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.6.201305161305 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.188 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.188 - Sony)
The Mirror Mysteries (HKLM-x32\...\The Mirror Mysteries) (Version: 1.00 - phenomedia publishing gmbh)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {22E52F90-D64B-4B2F-A8E8-B1F81431B7CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-01] (Google Inc.)
Task: {27D59721-0D2B-4AA9-BD76-8A9768FE3619} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3705449284-2357449535-4002406552-1000
Task: {44B09008-7D22-4631-A5DD-2639EC7F73E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-01] (Google Inc.)
Task: {50D5F902-C38F-4A27-8E44-83CA128BF5BA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)
Task: {6F56DD7A-1E9A-4B4F-9816-D4C2E3D38625} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-17] (AVAST Software)
Task: {FD1D89B7-BA36-4FF5-8CC7-8144F78D72ED} - System32\Tasks\Epson Printer Software Downloader => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26] (SEIKO EPSON CORPORATION)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Epson Printer Software Downloader.job => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-24 16:13 - 2013-01-18 16:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-01-11 23:57 - 2013-10-31 11:35 - 00070880 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2014-03-05 16:33 - 2014-03-04 20:03 - 02186240 _____ () C:\Program Files\AVAST Software\Avast\defs\14030401\algo.dll
2014-03-06 15:46 - 2014-03-06 09:00 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14030600\algo.dll
2013-01-11 23:57 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2013-01-11 23:57 - 2013-09-13 10:02 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2012-11-27 15:13 - 2012-11-27 15:13 - 00585728 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2013-01-11 23:57 - 2010-01-11 15:44 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2013-10-16 16:58 - 2013-10-16 16:58 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-15 21:11 - 2014-02-15 21:11 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:00F3978A
AlternateDataStreams: C:\ProgramData\TEMP:0205B36B
AlternateDataStreams: C:\ProgramData\TEMP:021496FB
AlternateDataStreams: C:\ProgramData\TEMP:021703B2
AlternateDataStreams: C:\ProgramData\TEMP:02172F27
AlternateDataStreams: C:\ProgramData\TEMP:02DD996C
AlternateDataStreams: C:\ProgramData\TEMP:03A039A3
AlternateDataStreams: C:\ProgramData\TEMP:041C0562
AlternateDataStreams: C:\ProgramData\TEMP:04B1A0AC
AlternateDataStreams: C:\ProgramData\TEMP:04BC9A2C
AlternateDataStreams: C:\ProgramData\TEMP:070D9534
AlternateDataStreams: C:\ProgramData\TEMP:072F1F69
AlternateDataStreams: C:\ProgramData\TEMP:073139EC
AlternateDataStreams: C:\ProgramData\TEMP:08D8BB20
AlternateDataStreams: C:\ProgramData\TEMP:090FB735
AlternateDataStreams: C:\ProgramData\TEMP:092BD83A
AlternateDataStreams: C:\ProgramData\TEMP:09629F6E
AlternateDataStreams: C:\ProgramData\TEMP:0AC32449
AlternateDataStreams: C:\ProgramData\TEMP:0AF3C3DF
AlternateDataStreams: C:\ProgramData\TEMP:0B278A1A
AlternateDataStreams: C:\ProgramData\TEMP:0B9DC6BB
AlternateDataStreams: C:\ProgramData\TEMP:0BACBDD9
AlternateDataStreams: C:\ProgramData\TEMP:0BCD47A5
AlternateDataStreams: C:\ProgramData\TEMP:0C2A17F2
AlternateDataStreams: C:\ProgramData\TEMP:0D278FB5
AlternateDataStreams: C:\ProgramData\TEMP:0D797314
AlternateDataStreams: C:\ProgramData\TEMP:0E22C5DB
AlternateDataStreams: C:\ProgramData\TEMP:0EC7A545
AlternateDataStreams: C:\ProgramData\TEMP:0F0A5896
AlternateDataStreams: C:\ProgramData\TEMP:0F38B460
AlternateDataStreams: C:\ProgramData\TEMP:0F38F234
AlternateDataStreams: C:\ProgramData\TEMP:0F3F6B1E
AlternateDataStreams: C:\ProgramData\TEMP:0FA1EAA7
AlternateDataStreams: C:\ProgramData\TEMP:0FAE191E
AlternateDataStreams: C:\ProgramData\TEMP:0FC68B9A
AlternateDataStreams: C:\ProgramData\TEMP:101708D3
AlternateDataStreams: C:\ProgramData\TEMP:104A718B
AlternateDataStreams: C:\ProgramData\TEMP:109734F6
AlternateDataStreams: C:\ProgramData\TEMP:120B3AFD
AlternateDataStreams: C:\ProgramData\TEMP:1234ADAE
AlternateDataStreams: C:\ProgramData\TEMP:12383CAE
AlternateDataStreams: C:\ProgramData\TEMP:13EF4AF6
AlternateDataStreams: C:\ProgramData\TEMP:140AD176
AlternateDataStreams: C:\ProgramData\TEMP:1416AAA6
AlternateDataStreams: C:\ProgramData\TEMP:15734396
AlternateDataStreams: C:\ProgramData\TEMP:164561C8
AlternateDataStreams: C:\ProgramData\TEMP:165AF2C6
AlternateDataStreams: C:\ProgramData\TEMP:1709732A
AlternateDataStreams: C:\ProgramData\TEMP:177313FB
AlternateDataStreams: C:\ProgramData\TEMP:186F8A82
AlternateDataStreams: C:\ProgramData\TEMP:18A25CF1
AlternateDataStreams: C:\ProgramData\TEMP:18E3BAF3
AlternateDataStreams: C:\ProgramData\TEMP:195E8317
AlternateDataStreams: C:\ProgramData\TEMP:1999DD0A
AlternateDataStreams: C:\ProgramData\TEMP:1A15E356
AlternateDataStreams: C:\ProgramData\TEMP:1A8854EC
AlternateDataStreams: C:\ProgramData\TEMP:1B7E2022
AlternateDataStreams: C:\ProgramData\TEMP:1B90AAB4
AlternateDataStreams: C:\ProgramData\TEMP:1DB77A89
AlternateDataStreams: C:\ProgramData\TEMP:1E17A249
AlternateDataStreams: C:\ProgramData\TEMP:1ECED34B
AlternateDataStreams: C:\ProgramData\TEMP:22313216
AlternateDataStreams: C:\ProgramData\TEMP:225CD7D5
AlternateDataStreams: C:\ProgramData\TEMP:234E9CC5
AlternateDataStreams: C:\ProgramData\TEMP:24164710
AlternateDataStreams: C:\ProgramData\TEMP:244E4E3A
AlternateDataStreams: C:\ProgramData\TEMP:2495D97A
AlternateDataStreams: C:\ProgramData\TEMP:24C072FF
AlternateDataStreams: C:\ProgramData\TEMP:260575F1
AlternateDataStreams: C:\ProgramData\TEMP:268BA8AB
AlternateDataStreams: C:\ProgramData\TEMP:26991AB9
AlternateDataStreams: C:\ProgramData\TEMP:26A148EB
AlternateDataStreams: C:\ProgramData\TEMP:26FBC1F9
AlternateDataStreams: C:\ProgramData\TEMP:2701CA70
AlternateDataStreams: C:\ProgramData\TEMP:270A3983
AlternateDataStreams: C:\ProgramData\TEMP:275AA066
AlternateDataStreams: C:\ProgramData\TEMP:27A88EF2
AlternateDataStreams: C:\ProgramData\TEMP:27D1368B
AlternateDataStreams: C:\ProgramData\TEMP:2871B698
AlternateDataStreams: C:\ProgramData\TEMP:28CDD861
AlternateDataStreams: C:\ProgramData\TEMP:28DFF83F
AlternateDataStreams: C:\ProgramData\TEMP:29F0CA7D
AlternateDataStreams: C:\ProgramData\TEMP:2A874675
AlternateDataStreams: C:\ProgramData\TEMP:2AC146B9
AlternateDataStreams: C:\ProgramData\TEMP:2AD33723
AlternateDataStreams: C:\ProgramData\TEMP:2B1EA607
AlternateDataStreams: C:\ProgramData\TEMP:2B9555D8
AlternateDataStreams: C:\ProgramData\TEMP:2BFCDF84
AlternateDataStreams: C:\ProgramData\TEMP:2C250258
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2E33E4A6
AlternateDataStreams: C:\ProgramData\TEMP:2E49FF93
AlternateDataStreams: C:\ProgramData\TEMP:2E928E6E
AlternateDataStreams: C:\ProgramData\TEMP:2F141B68
AlternateDataStreams: C:\ProgramData\TEMP:2F360FB3
AlternateDataStreams: C:\ProgramData\TEMP:2F6462DF
AlternateDataStreams: C:\ProgramData\TEMP:2F947175
AlternateDataStreams: C:\ProgramData\TEMP:302ECBD6
AlternateDataStreams: C:\ProgramData\TEMP:30E0D641
AlternateDataStreams: C:\ProgramData\TEMP:31C9BA96
AlternateDataStreams: C:\ProgramData\TEMP:329BA65B
AlternateDataStreams: C:\ProgramData\TEMP:32A82570
AlternateDataStreams: C:\ProgramData\TEMP:32AE8659
AlternateDataStreams: C:\ProgramData\TEMP:32FFF2D1
AlternateDataStreams: C:\ProgramData\TEMP:331B76C7
AlternateDataStreams: C:\ProgramData\TEMP:33B04540
AlternateDataStreams: C:\ProgramData\TEMP:34C443B4
AlternateDataStreams: C:\ProgramData\TEMP:35501BA4
AlternateDataStreams: C:\ProgramData\TEMP:35A81752
AlternateDataStreams: C:\ProgramData\TEMP:363E775E
AlternateDataStreams: C:\ProgramData\TEMP:36FFA2FB
AlternateDataStreams: C:\ProgramData\TEMP:3815BC84
AlternateDataStreams: C:\ProgramData\TEMP:384AA0FD
AlternateDataStreams: C:\ProgramData\TEMP:38B32B54
AlternateDataStreams: C:\ProgramData\TEMP:391535F9
AlternateDataStreams: C:\ProgramData\TEMP:394EB021
AlternateDataStreams: C:\ProgramData\TEMP:3ABC38E6
AlternateDataStreams: C:\ProgramData\TEMP:3ADE134E
AlternateDataStreams: C:\ProgramData\TEMP:3B812EE0
AlternateDataStreams: C:\ProgramData\TEMP:3BC173E4
AlternateDataStreams: C:\ProgramData\TEMP:3BF63E4A
AlternateDataStreams: C:\ProgramData\TEMP:3C282BEA
AlternateDataStreams: C:\ProgramData\TEMP:3D186293
AlternateDataStreams: C:\ProgramData\TEMP:3DB6F365
AlternateDataStreams: C:\ProgramData\TEMP:3E06C78F
AlternateDataStreams: C:\ProgramData\TEMP:3E8A3E87
AlternateDataStreams: C:\ProgramData\TEMP:3EC5BC08
AlternateDataStreams: C:\ProgramData\TEMP:3FD69132
AlternateDataStreams: C:\ProgramData\TEMP:404908B5
AlternateDataStreams: C:\ProgramData\TEMP:405D842B
AlternateDataStreams: C:\ProgramData\TEMP:409A775B
AlternateDataStreams: C:\ProgramData\TEMP:40D8F125
AlternateDataStreams: C:\ProgramData\TEMP:40EE25BB
AlternateDataStreams: C:\ProgramData\TEMP:426D1496
AlternateDataStreams: C:\ProgramData\TEMP:42A3BDD7
AlternateDataStreams: C:\ProgramData\TEMP:43301D1D
AlternateDataStreams: C:\ProgramData\TEMP:43AA121F
AlternateDataStreams: C:\ProgramData\TEMP:454191C8
AlternateDataStreams: C:\ProgramData\TEMP:4573A78F
AlternateDataStreams: C:\ProgramData\TEMP:4673E9EA
AlternateDataStreams: C:\ProgramData\TEMP:488F7244
AlternateDataStreams: C:\ProgramData\TEMP:48FEA089
AlternateDataStreams: C:\ProgramData\TEMP:491270B8
AlternateDataStreams: C:\ProgramData\TEMP:494E4266
AlternateDataStreams: C:\ProgramData\TEMP:4A448DB2
AlternateDataStreams: C:\ProgramData\TEMP:4B1195DD
AlternateDataStreams: C:\ProgramData\TEMP:4B6A9FDA
AlternateDataStreams: C:\ProgramData\TEMP:4C35C064
AlternateDataStreams: C:\ProgramData\TEMP:4C49306C
AlternateDataStreams: C:\ProgramData\TEMP:4C71A42B
AlternateDataStreams: C:\ProgramData\TEMP:4C9782FB
AlternateDataStreams: C:\ProgramData\TEMP:4CA05B44
AlternateDataStreams: C:\ProgramData\TEMP:4CF76F21
AlternateDataStreams: C:\ProgramData\TEMP:4D551822
AlternateDataStreams: C:\ProgramData\TEMP:4DDE401B
AlternateDataStreams: C:\ProgramData\TEMP:4E79C4F8
AlternateDataStreams: C:\ProgramData\TEMP:4EFA2FC7
AlternateDataStreams: C:\ProgramData\TEMP:5025C6E4
AlternateDataStreams: C:\ProgramData\TEMP:5080697C
AlternateDataStreams: C:\ProgramData\TEMP:512E1728
AlternateDataStreams: C:\ProgramData\TEMP:517EFA90
AlternateDataStreams: C:\ProgramData\TEMP:51A20D23
AlternateDataStreams: C:\ProgramData\TEMP:523B97A0
AlternateDataStreams: C:\ProgramData\TEMP:52C24010
AlternateDataStreams: C:\ProgramData\TEMP:5345C8F6
AlternateDataStreams: C:\ProgramData\TEMP:537E6E55
AlternateDataStreams: C:\ProgramData\TEMP:53DF4438
AlternateDataStreams: C:\ProgramData\TEMP:53DF59D1
AlternateDataStreams: C:\ProgramData\TEMP:53F09A92
AlternateDataStreams: C:\ProgramData\TEMP:551BED5F
AlternateDataStreams: C:\ProgramData\TEMP:553056F1
AlternateDataStreams: C:\ProgramData\TEMP:561B1D2B
AlternateDataStreams: C:\ProgramData\TEMP:56699AAF
AlternateDataStreams: C:\ProgramData\TEMP:569CEE83
AlternateDataStreams: C:\ProgramData\TEMP:57231008
AlternateDataStreams: C:\ProgramData\TEMP:574F975B
AlternateDataStreams: C:\ProgramData\TEMP:58447932
AlternateDataStreams: C:\ProgramData\TEMP:58481C6F
AlternateDataStreams: C:\ProgramData\TEMP:59540531
AlternateDataStreams: C:\ProgramData\TEMP:598E0FFA
AlternateDataStreams: C:\ProgramData\TEMP:5BC73C48
AlternateDataStreams: C:\ProgramData\TEMP:5C1EAB4E
AlternateDataStreams: C:\ProgramData\TEMP:5D10C56A
AlternateDataStreams: C:\ProgramData\TEMP:5D351BC6
AlternateDataStreams: C:\ProgramData\TEMP:5E413CD6
AlternateDataStreams: C:\ProgramData\TEMP:5E73E1C2
AlternateDataStreams: C:\ProgramData\TEMP:5E9B629B
AlternateDataStreams: C:\ProgramData\TEMP:5EF1AD34
AlternateDataStreams: C:\ProgramData\TEMP:5F56E7C1
AlternateDataStreams: C:\ProgramData\TEMP:5FD26EF3
AlternateDataStreams: C:\ProgramData\TEMP:5FD47318
AlternateDataStreams: C:\ProgramData\TEMP:60E755E6
AlternateDataStreams: C:\ProgramData\TEMP:61B54B15
AlternateDataStreams: C:\ProgramData\TEMP:61F0C8FB
AlternateDataStreams: C:\ProgramData\TEMP:61FEC5E3
AlternateDataStreams: C:\ProgramData\TEMP:62AC0CCE
AlternateDataStreams: C:\ProgramData\TEMP:639BB5E9
AlternateDataStreams: C:\ProgramData\TEMP:63C48B80
AlternateDataStreams: C:\ProgramData\TEMP:641A21EA
AlternateDataStreams: C:\ProgramData\TEMP:6425A235
AlternateDataStreams: C:\ProgramData\TEMP:65AB2A58
AlternateDataStreams: C:\ProgramData\TEMP:66FC2E6F
AlternateDataStreams: C:\ProgramData\TEMP:6710EF08
AlternateDataStreams: C:\ProgramData\TEMP:6757F885
AlternateDataStreams: C:\ProgramData\TEMP:67CF910D
AlternateDataStreams: C:\ProgramData\TEMP:68A41423
AlternateDataStreams: C:\ProgramData\TEMP:691F4D97
AlternateDataStreams: C:\ProgramData\TEMP:69AF9D20
AlternateDataStreams: C:\ProgramData\TEMP:6A6D4AF4
AlternateDataStreams: C:\ProgramData\TEMP:6AF67671
AlternateDataStreams: C:\ProgramData\TEMP:6AF6BB0E
AlternateDataStreams: C:\ProgramData\TEMP:6B7447D4
AlternateDataStreams: C:\ProgramData\TEMP:6C5EC3CD
AlternateDataStreams: C:\ProgramData\TEMP:6E2D80C8
AlternateDataStreams: C:\ProgramData\TEMP:6E65510A
AlternateDataStreams: C:\ProgramData\TEMP:6EFFF8B9
AlternateDataStreams: C:\ProgramData\TEMP:6FF14C72
AlternateDataStreams: C:\ProgramData\TEMP:701FCC18
AlternateDataStreams: C:\ProgramData\TEMP:702A7F20
AlternateDataStreams: C:\ProgramData\TEMP:70989864
AlternateDataStreams: C:\ProgramData\TEMP:71004506
AlternateDataStreams: C:\ProgramData\TEMP:71AEFFEB
AlternateDataStreams: C:\ProgramData\TEMP:75798D9A
AlternateDataStreams: C:\ProgramData\TEMP:75978481
AlternateDataStreams: C:\ProgramData\TEMP:75CC0165
AlternateDataStreams: C:\ProgramData\TEMP:762408BA
AlternateDataStreams: C:\ProgramData\TEMP:769BB147
AlternateDataStreams: C:\ProgramData\TEMP:774A0E14
AlternateDataStreams: C:\ProgramData\TEMP:77B64C59
AlternateDataStreams: C:\ProgramData\TEMP:78739EC9
AlternateDataStreams: C:\ProgramData\TEMP:7881FECE
AlternateDataStreams: C:\ProgramData\TEMP:78E0DF72
AlternateDataStreams: C:\ProgramData\TEMP:7972CF54
AlternateDataStreams: C:\ProgramData\TEMP:79875988
AlternateDataStreams: C:\ProgramData\TEMP:79A7F369
AlternateDataStreams: C:\ProgramData\TEMP:7A032A04
AlternateDataStreams: C:\ProgramData\TEMP:7A0FEE87
AlternateDataStreams: C:\ProgramData\TEMP:7A3AAF2E
AlternateDataStreams: C:\ProgramData\TEMP:7ADB695A
AlternateDataStreams: C:\ProgramData\TEMP:7B52659E
AlternateDataStreams: C:\ProgramData\TEMP:7BE5BAAB
AlternateDataStreams: C:\ProgramData\TEMP:7C412B92
AlternateDataStreams: C:\ProgramData\TEMP:7CEDF9F3
AlternateDataStreams: C:\ProgramData\TEMP:7D9B1030
AlternateDataStreams: C:\ProgramData\TEMP:7DC5D762
AlternateDataStreams: C:\ProgramData\TEMP:7E082023
AlternateDataStreams: C:\ProgramData\TEMP:7EB93F0E
AlternateDataStreams: C:\ProgramData\TEMP:8075370B
AlternateDataStreams: C:\ProgramData\TEMP:80F63EC3
AlternateDataStreams: C:\ProgramData\TEMP:816255C3
AlternateDataStreams: C:\ProgramData\TEMP:8204AA35
AlternateDataStreams: C:\ProgramData\TEMP:82529191
AlternateDataStreams: C:\ProgramData\TEMP:834DD57E
AlternateDataStreams: C:\ProgramData\TEMP:841E0E1B
AlternateDataStreams: C:\ProgramData\TEMP:85C3B823
AlternateDataStreams: C:\ProgramData\TEMP:85EA4795
AlternateDataStreams: C:\ProgramData\TEMP:86B7FDDB
AlternateDataStreams: C:\ProgramData\TEMP:870649A4
AlternateDataStreams: C:\ProgramData\TEMP:8751B175
AlternateDataStreams: C:\ProgramData\TEMP:87731E5E
AlternateDataStreams: C:\ProgramData\TEMP:88698068
AlternateDataStreams: C:\ProgramData\TEMP:8944C195
AlternateDataStreams: C:\ProgramData\TEMP:8A459C3C
AlternateDataStreams: C:\ProgramData\TEMP:8A620099
AlternateDataStreams: C:\ProgramData\TEMP:8AE92FD3
AlternateDataStreams: C:\ProgramData\TEMP:8B3C3098
AlternateDataStreams: C:\ProgramData\TEMP:8B4B9596
AlternateDataStreams: C:\ProgramData\TEMP:8BA6C9F8
AlternateDataStreams: C:\ProgramData\TEMP:8BE7A048
AlternateDataStreams: C:\ProgramData\TEMP:8BFA0030
AlternateDataStreams: C:\ProgramData\TEMP:8E11CC80
AlternateDataStreams: C:\ProgramData\TEMP:8E7F155B
AlternateDataStreams: C:\ProgramData\TEMP:8F6B75BF
AlternateDataStreams: C:\ProgramData\TEMP:8FC1A8C4
AlternateDataStreams: C:\ProgramData\TEMP:902C848D
AlternateDataStreams: C:\ProgramData\TEMP:90C320E1
AlternateDataStreams: C:\ProgramData\TEMP:90D89144
AlternateDataStreams: C:\ProgramData\TEMP:918B7566
AlternateDataStreams: C:\ProgramData\TEMP:91A12471
AlternateDataStreams: C:\ProgramData\TEMP:91FE43FF
AlternateDataStreams: C:\ProgramData\TEMP:922DA2DB
AlternateDataStreams: C:\ProgramData\TEMP:9254F782
AlternateDataStreams: C:\ProgramData\TEMP:9290C91C
AlternateDataStreams: C:\ProgramData\TEMP:934CA750
AlternateDataStreams: C:\ProgramData\TEMP:938EC881
AlternateDataStreams: C:\ProgramData\TEMP:9398DBB4
AlternateDataStreams: C:\ProgramData\TEMP:93D985FC
AlternateDataStreams: C:\ProgramData\TEMP:943E8182
AlternateDataStreams: C:\ProgramData\TEMP:94874C0A
AlternateDataStreams: C:\ProgramData\TEMP:94B46CA2
AlternateDataStreams: C:\ProgramData\TEMP:96C9689F
AlternateDataStreams: C:\ProgramData\TEMP:97AAB7F2
AlternateDataStreams: C:\ProgramData\TEMP:97C4F81F
AlternateDataStreams: C:\ProgramData\TEMP:98CD9221
AlternateDataStreams: C:\ProgramData\TEMP:98DFF516
AlternateDataStreams: C:\ProgramData\TEMP:993185CB
AlternateDataStreams: C:\ProgramData\TEMP:996104FC
AlternateDataStreams: C:\ProgramData\TEMP:9ACB70D7
AlternateDataStreams: C:\ProgramData\TEMP:9BAC4211
AlternateDataStreams: C:\ProgramData\TEMP:9BFB769D
AlternateDataStreams: C:\ProgramData\TEMP:9C3AAD57
AlternateDataStreams: C:\ProgramData\TEMP:9C732DB0
AlternateDataStreams: C:\ProgramData\TEMP:9CF728A6
AlternateDataStreams: C:\ProgramData\TEMP:9D06FB9C
AlternateDataStreams: C:\ProgramData\TEMP:9EDA68BD
AlternateDataStreams: C:\ProgramData\TEMP:9F38BF31
AlternateDataStreams: C:\ProgramData\TEMP:A015B193
AlternateDataStreams: C:\ProgramData\TEMP:A02025CE
AlternateDataStreams: C:\ProgramData\TEMP:A05F750A
AlternateDataStreams: C:\ProgramData\TEMP:A0921B2C
AlternateDataStreams: C:\ProgramData\TEMP:A0CB43B2
AlternateDataStreams: C:\ProgramData\TEMP:A1FD5369
AlternateDataStreams: C:\ProgramData\TEMP:A2FF62A6
AlternateDataStreams: C:\ProgramData\TEMP:A3251D01
AlternateDataStreams: C:\ProgramData\TEMP:A4076A3B
AlternateDataStreams: C:\ProgramData\TEMP:A4241298
AlternateDataStreams: C:\ProgramData\TEMP:A42FABF7
AlternateDataStreams: C:\ProgramData\TEMP:A5584049
AlternateDataStreams: C:\ProgramData\TEMP:A57500CB
AlternateDataStreams: C:\ProgramData\TEMP:A58B27C9
AlternateDataStreams: C:\ProgramData\TEMP:A60D0FA6
AlternateDataStreams: C:\ProgramData\TEMP:A6D6E537
AlternateDataStreams: C:\ProgramData\TEMP:A6D89509
AlternateDataStreams: C:\ProgramData\TEMP:A6E01F67
AlternateDataStreams: C:\ProgramData\TEMP:A6F30843
AlternateDataStreams: C:\ProgramData\TEMP:A76A1B1B
AlternateDataStreams: C:\ProgramData\TEMP:A798AA1A
AlternateDataStreams: C:\ProgramData\TEMP:A7DA2BCD
AlternateDataStreams: C:\ProgramData\TEMP:A8185163
AlternateDataStreams: C:\ProgramData\TEMP:A88BE334
AlternateDataStreams: C:\ProgramData\TEMP:A8DFD30C
AlternateDataStreams: C:\ProgramData\TEMP:A9056F42
AlternateDataStreams: C:\ProgramData\TEMP:A9223B61
AlternateDataStreams: C:\ProgramData\TEMP:A9562832
AlternateDataStreams: C:\ProgramData\TEMP:AA0017FD
AlternateDataStreams: C:\ProgramData\TEMP:AAA06E15
AlternateDataStreams: C:\ProgramData\TEMP:AB0A5A80
AlternateDataStreams: C:\ProgramData\TEMP:AD020DC3
AlternateDataStreams: C:\ProgramData\TEMP:AE34D87E
AlternateDataStreams: C:\ProgramData\TEMP:AE8FDB48
AlternateDataStreams: C:\ProgramData\TEMP:AECF4772
AlternateDataStreams: C:\ProgramData\TEMP:AED4A2B7
AlternateDataStreams: C:\ProgramData\TEMP:B097AC8A
AlternateDataStreams: C:\ProgramData\TEMP:B139DDF3
AlternateDataStreams: C:\ProgramData\TEMP:B285A50E
AlternateDataStreams: C:\ProgramData\TEMP:B33464A5
AlternateDataStreams: C:\ProgramData\TEMP:B38BEEEE
AlternateDataStreams: C:\ProgramData\TEMP:B4530133
AlternateDataStreams: C:\ProgramData\TEMP:B504E4C2
AlternateDataStreams: C:\ProgramData\TEMP:B64F7263
AlternateDataStreams: C:\ProgramData\TEMP:B845F669
AlternateDataStreams: C:\ProgramData\TEMP:B88DC997
AlternateDataStreams: C:\ProgramData\TEMP:B961095A
AlternateDataStreams: C:\ProgramData\TEMP:BB0F4AA4
AlternateDataStreams: C:\ProgramData\TEMP:BB71BBA2
AlternateDataStreams: C:\ProgramData\TEMP:BC8E9899
AlternateDataStreams: C:\ProgramData\TEMP:BCF55336
AlternateDataStreams: C:\ProgramData\TEMP:BD27B7FC
AlternateDataStreams: C:\ProgramData\TEMP:BD414E4B
AlternateDataStreams: C:\ProgramData\TEMP:BD8C785E
AlternateDataStreams: C:\ProgramData\TEMP:BD9F7E4E
AlternateDataStreams: C:\ProgramData\TEMP:BDDA21B6
AlternateDataStreams: C:\ProgramData\TEMP:BE6B5FC3
AlternateDataStreams: C:\ProgramData\TEMP:BEACE4C8
AlternateDataStreams: C:\ProgramData\TEMP:BEF18713
AlternateDataStreams: C:\ProgramData\TEMP:BF6A2C54
AlternateDataStreams: C:\ProgramData\TEMP:BF6C81B2
AlternateDataStreams: C:\ProgramData\TEMP:C00C7190
AlternateDataStreams: C:\ProgramData\TEMP:C07A6A6B
AlternateDataStreams: C:\ProgramData\TEMP:C10635F6
AlternateDataStreams: C:\ProgramData\TEMP:C22674B6
AlternateDataStreams: C:\ProgramData\TEMP:C30487EE
AlternateDataStreams: C:\ProgramData\TEMP:C370B84F
AlternateDataStreams: C:\ProgramData\TEMP:C4288847
AlternateDataStreams: C:\ProgramData\TEMP:C49A5AD1
AlternateDataStreams: C:\ProgramData\TEMP:C5D15631
AlternateDataStreams: C:\ProgramData\TEMP:C5E2BAEE
AlternateDataStreams: C:\ProgramData\TEMP:C6920A5D
AlternateDataStreams: C:\ProgramData\TEMP:C6D0ABC3
AlternateDataStreams: C:\ProgramData\TEMP:C72A744C
AlternateDataStreams: C:\ProgramData\TEMP:C76CFF82
AlternateDataStreams: C:\ProgramData\TEMP:C7857F06
AlternateDataStreams: C:\ProgramData\TEMP:C7973317
AlternateDataStreams: C:\ProgramData\TEMP:C87C3E2C
AlternateDataStreams: C:\ProgramData\TEMP:C8E82994
AlternateDataStreams: C:\ProgramData\TEMP:C928F3BE
AlternateDataStreams: C:\ProgramData\TEMP:C9CDDE5E
AlternateDataStreams: C:\ProgramData\TEMP:CA0CE093
AlternateDataStreams: C:\ProgramData\TEMP:CA7E8F16
AlternateDataStreams: C:\ProgramData\TEMP:CAC06C34
AlternateDataStreams: C:\ProgramData\TEMP:CB16385F
AlternateDataStreams: C:\ProgramData\TEMP:CB959782
AlternateDataStreams: C:\ProgramData\TEMP:CC141B05
AlternateDataStreams: C:\ProgramData\TEMP:CC4C59B4
AlternateDataStreams: C:\ProgramData\TEMP:CD9109D4
AlternateDataStreams: C:\ProgramData\TEMP:CDCDE97C
AlternateDataStreams: C:\ProgramData\TEMP:CF61CE5A
AlternateDataStreams: C:\ProgramData\TEMP:D086B88D
AlternateDataStreams: C:\ProgramData\TEMP:D1FE35E7
AlternateDataStreams: C:\ProgramData\TEMP:D254266B
AlternateDataStreams: C:\ProgramData\TEMP:D390A6A7
AlternateDataStreams: C:\ProgramData\TEMP:D3A82449
AlternateDataStreams: C:\ProgramData\TEMP:D3A89E47
AlternateDataStreams: C:\ProgramData\TEMP:D48500F8
AlternateDataStreams: C:\ProgramData\TEMP:D4DD372D
AlternateDataStreams: C:\ProgramData\TEMP:D507B5A8
AlternateDataStreams: C:\ProgramData\TEMP:D5BF78B4
AlternateDataStreams: C:\ProgramData\TEMP:D5F1E592
AlternateDataStreams: C:\ProgramData\TEMP:D696AA12
AlternateDataStreams: C:\ProgramData\TEMP:D6D084A5
AlternateDataStreams: C:\ProgramData\TEMP:D8D58038
AlternateDataStreams: C:\ProgramData\TEMP:D9656460
AlternateDataStreams: C:\ProgramData\TEMP:D987CB43
AlternateDataStreams: C:\ProgramData\TEMP:D9F34335
AlternateDataStreams: C:\ProgramData\TEMP:DB2748F7
AlternateDataStreams: C:\ProgramData\TEMP:DBEF355E
AlternateDataStreams: C:\ProgramData\TEMP:DC21D414
AlternateDataStreams: C:\ProgramData\TEMP:DDF112BD
AlternateDataStreams: C:\ProgramData\TEMP:DE0BD04E
AlternateDataStreams: C:\ProgramData\TEMP:DE6EED8B
AlternateDataStreams: C:\ProgramData\TEMP:DE9AC04F
AlternateDataStreams: C:\ProgramData\TEMP:DE9F4320
AlternateDataStreams: C:\ProgramData\TEMP:DF3CC840
AlternateDataStreams: C:\ProgramData\TEMP:DF7A2D3E
AlternateDataStreams: C:\ProgramData\TEMP:DFC3B090
AlternateDataStreams: C:\ProgramData\TEMP:E14FA16F
AlternateDataStreams: C:\ProgramData\TEMP:E1D06077
AlternateDataStreams: C:\ProgramData\TEMP:E21987F7
AlternateDataStreams: C:\ProgramData\TEMP:E2295807
AlternateDataStreams: C:\ProgramData\TEMP:E31EDFDE
AlternateDataStreams: C:\ProgramData\TEMP:E329D971
AlternateDataStreams: C:\ProgramData\TEMP:E369983A
AlternateDataStreams: C:\ProgramData\TEMP:E3B5F2D1
AlternateDataStreams: C:\ProgramData\TEMP:E402E439
AlternateDataStreams: C:\ProgramData\TEMP:E40AB54F
AlternateDataStreams: C:\ProgramData\TEMP:E40D7F76
AlternateDataStreams: C:\ProgramData\TEMP:E4272706
AlternateDataStreams: C:\ProgramData\TEMP:E47BBD7B
AlternateDataStreams: C:\ProgramData\TEMP:E4E83517
AlternateDataStreams: C:\ProgramData\TEMP:E4EE99EF
AlternateDataStreams: C:\ProgramData\TEMP:E6CDFB4A
AlternateDataStreams: C:\ProgramData\TEMP:E774F04D
AlternateDataStreams: C:\ProgramData\TEMP:E7B4296D
AlternateDataStreams: C:\ProgramData\TEMP:E7B49FBF
AlternateDataStreams: C:\ProgramData\TEMP:E83EE313
AlternateDataStreams: C:\ProgramData\TEMP:E87AB4E3
AlternateDataStreams: C:\ProgramData\TEMP:E895790F
AlternateDataStreams: C:\ProgramData\TEMP:E8B61305
AlternateDataStreams: C:\ProgramData\TEMP:E8CB831A
AlternateDataStreams: C:\ProgramData\TEMP:E945C214
AlternateDataStreams: C:\ProgramData\TEMP:E94FA418
AlternateDataStreams: C:\ProgramData\TEMP:E9B2C525
AlternateDataStreams: C:\ProgramData\TEMP:E9C2F553
AlternateDataStreams: C:\ProgramData\TEMP:E9FAC3AB
AlternateDataStreams: C:\ProgramData\TEMP:EA10407C
AlternateDataStreams: C:\ProgramData\TEMP:EB4FEEF5
AlternateDataStreams: C:\ProgramData\TEMP:EC0A74A1
AlternateDataStreams: C:\ProgramData\TEMP:EC769091
AlternateDataStreams: C:\ProgramData\TEMP:EDC744FB
AlternateDataStreams: C:\ProgramData\TEMP:EDF12A30
AlternateDataStreams: C:\ProgramData\TEMP:EE9B2879
AlternateDataStreams: C:\ProgramData\TEMP:EF0BD3A1
AlternateDataStreams: C:\ProgramData\TEMP:EF0C5444
AlternateDataStreams: C:\ProgramData\TEMP:EF38B79C
AlternateDataStreams: C:\ProgramData\TEMP:EF5B3572
AlternateDataStreams: C:\ProgramData\TEMP:EFBD4447
AlternateDataStreams: C:\ProgramData\TEMP:EFF3C3C8
AlternateDataStreams: C:\ProgramData\TEMP:F0A06891
AlternateDataStreams: C:\ProgramData\TEMP:F135A76C
AlternateDataStreams: C:\ProgramData\TEMP:F13867C6
AlternateDataStreams: C:\ProgramData\TEMP:F14D1F80
AlternateDataStreams: C:\ProgramData\TEMP:F176B6C6
AlternateDataStreams: C:\ProgramData\TEMP:F2B81C2E
AlternateDataStreams: C:\ProgramData\TEMP:F2E92DCD
AlternateDataStreams: C:\ProgramData\TEMP:F33C37D5
AlternateDataStreams: C:\ProgramData\TEMP:F41E22A9
AlternateDataStreams: C:\ProgramData\TEMP:F42B5B0E
AlternateDataStreams: C:\ProgramData\TEMP:F45F3031
AlternateDataStreams: C:\ProgramData\TEMP:F53B274A
AlternateDataStreams: C:\ProgramData\TEMP:F5E8CAE0
AlternateDataStreams: C:\ProgramData\TEMP:F68CB1A4
AlternateDataStreams: C:\ProgramData\TEMP:F6A0889A
AlternateDataStreams: C:\ProgramData\TEMP:F7F4DC88
AlternateDataStreams: C:\ProgramData\TEMP:F83E8359
AlternateDataStreams: C:\ProgramData\TEMP:F84B8DB5
AlternateDataStreams: C:\ProgramData\TEMP:F94DE3B1
AlternateDataStreams: C:\ProgramData\TEMP:F9689B72
AlternateDataStreams: C:\ProgramData\TEMP:FAB64002
AlternateDataStreams: C:\ProgramData\TEMP:FC2D0F32
AlternateDataStreams: C:\ProgramData\TEMP:FD000392
AlternateDataStreams: C:\ProgramData\TEMP:FD6D11C9
AlternateDataStreams: C:\ProgramData\TEMP:FDDD8917
AlternateDataStreams: C:\ProgramData\TEMP:FED25C29
AlternateDataStreams: C:\ProgramData\TEMP:FFC3922F
AlternateDataStreams: C:\ProgramData\TEMP:FFD58FFB

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/06/2014 03:48:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2014 05:12:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/06/2014 03:49:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (03/06/2014 03:49:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (03/06/2014 03:46:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WatchGuard Access Client Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (03/06/2014 03:46:23 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\waclient.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (03/06/2014 03:46:17 PM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (03/05/2014 05:12:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (03/05/2014 05:12:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (03/05/2014 05:10:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WatchGuard Access Client Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (03/05/2014 05:10:19 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\waclient.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (03/05/2014 05:10:12 PM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.


Microsoft Office Sessions:
=========================
Error: (03/06/2014 03:48:11 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2014 05:12:06 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 19%
Total physical RAM: 8174.12 MB
Available physical RAM: 6590.29 MB
Total Pagefile: 8172.3 MB
Available Pagefile: 6480.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:82.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:465.76 GB) (Free:464.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 69BC329E)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 76EE849D)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Eset:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=77fc9c6006cfff4eb5d06efc7945290b
# engine=17340
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-06 04:15:42
# local_time=2014-03-06 05:15:42 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 77 1492342 1492403 0 0
# compatibility_mode=5893 16776573 100 94 90359 145752392 0 0
# scanned=147325
# found=0
# cleaned=0
# scan_time=4716
         


und der SecurityCheck:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
  Adobe Flash Player 12.0.0.70 Flash Player out of Date!  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (27.0.1) 
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Wie gesagt, Probleme sind immernoch da. PC hängt sich auf, Browser läuft nur sehr schleppend und der Firefox startet auch nur sehr sehr langsam.
__________________
Beste Grüße,

Kuhlambo12

Alt 07.03.2014, 13:25   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Sweet-Page und und und. - Standard

Sweet-Page und und und.



Deinstalliere mal Avast und teste den Rechner dann nochmal.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.03.2014, 15:59   #13
kuhlambo12
 
Sweet-Page und und und. - Standard

Sweet-Page und und und.



Hab avast! deinstalliert, hat aber nicht wirklich was gebracht.
__________________
Beste Grüße,

Kuhlambo12

Alt 09.03.2014, 07:53   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Sweet-Page und und und. - Standard

Sweet-Page und und und.



Ok dann bitte jetzt mal einen Clean Boot machen
How to perform a clean boot in Windows

Besser?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.03.2014, 22:53   #15
kuhlambo12
 
Sweet-Page und und und. - Standard

Sweet-Page und und und.



So sorry, hatte das komplett vergessen zu mache.

Jo hab jetzt den Clean Boot durchgeführt. Geändert hat sich allerdings nicht viel.
Am Anfang dachte ich, dass der PC schneller sei und es besser laufen würde, aber dann hat sich die Kiste wieder aufgehangen und der Browser ist immernoch gleich langsam.
__________________
Beste Grüße,

Kuhlambo12

Antwort

Themen zu Sweet-Page und und und.
device driver, iexplore.exe, pup.adbundler, pup.optional.installcore.a, pup.optional.qone8, pup.optional.skytech.a, pup.optional.softonic.a, pup.optional.sweetpage.a, pup.optional.worldsetup, pup.optional.wpmanager, sweet-page, sweet-page entfernen, sweetpage, sweetpage entfernen, wildtangent games, windowsapps, zugemüllt



Ähnliche Themen: Sweet-Page und und und.


  1. sweet-page.com entfernen
    Anleitungen, FAQs & Links - 15.03.2015 (2)
  2. Sweet-Page Chrome
    Plagegeister aller Art und deren Bekämpfung - 06.12.2014 (13)
  3. Windows 8.1: Rootkit-gen, SupTab, Sweet Page
    Log-Analyse und Auswertung - 13.11.2014 (16)
  4. Sweet-Page.com ständig in Mozilla Firefox
    Log-Analyse und Auswertung - 18.06.2014 (8)
  5. Sweet Page und mehr
    Plagegeister aller Art und deren Bekämpfung - 14.06.2014 (5)
  6. Sweet Page, jetzt startet Avira nicht
    Log-Analyse und Auswertung - 06.06.2014 (5)
  7. Sweet Page
    Log-Analyse und Auswertung - 04.06.2014 (1)
  8. Webget und Sweet page
    Plagegeister aller Art und deren Bekämpfung - 23.05.2014 (10)
  9. Windows7 - Sweet Page
    Log-Analyse und Auswertung - 14.05.2014 (3)
  10. Entfernung Sweet-page.com
    Plagegeister aller Art und deren Bekämpfung - 01.05.2014 (3)
  11. Sweet page :(
    Plagegeister aller Art und deren Bekämpfung - 13.04.2014 (9)
  12. sweet-page.com entfernen / Logfiles
    Log-Analyse und Auswertung - 31.03.2014 (1)
  13. Sweet-page.com Browser Hijacker entfernen
    Anleitungen, FAQs & Links - 25.02.2014 (2)
  14. Sweet Page nicht entfernbar
    Plagegeister aller Art und deren Bekämpfung - 23.02.2014 (19)
  15. Sweet Page Virus entfernen
    Plagegeister aller Art und deren Bekämpfung - 28.01.2014 (1)
  16. Sweet-Page.com entfernen
    Anleitungen, FAQs & Links - 28.12.2013 (2)
  17. Sweet Page entfernen
    Anleitungen, FAQs & Links - 28.12.2013 (2)

Zum Thema Sweet-Page und und und. - Moin, ich melde mich hier von dem Laptop meiner Mutter auf dem ich heute Sweetpage und FindRight etc. finden durfte. Allgemein sieht der Toplappen sehr zugemüllt aus. Sweetpage habe ich - Sweet-Page und und und....
Archiv
Du betrachtest: Sweet-Page und und und. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.