Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 21.05.2014, 22:57   #1
Pandorae
 
Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen - Standard

Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen



Hallo,
Ich habe mit Norton Internet Security einen vollständigen Systemscan durchgeführt. Bei diesem Scan wurde "Trojan.ADH.2" gefunden und konnte nicht entfernt werden bzw. sollte er manuell entfernt werden. Dazu ging ich auf die Norton Seite von diesem Virus (Trojan.ADH.2 | Symantec) und um diesen Schädling zu entfernen sollte man nur den "Norton Power Eraser" downloaden und ausführen. Dies habe ich gemacht, jedoch fand der keine Risiken. Wenn ich aber den Systemscan starte, besteht das Problem weiterhin.

Hier die gewünschten Logs:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:25 on 21/05/2014 (Schach)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
Ran by Schach (administrator) on SOKRATES on 21-05-2014 22:26:59
Running from C:\Users\rahel_000\Downloads
Platform: Windows 8.1 (Update 1) (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe
(Aztec Media Inc) C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe
(Aztec Media Inc) C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VAIO Clip.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-10-28] (Realtek Semiconductor)
HKLM\...\Run: [Bluetooth] => c:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [534232 2013-09-25] (Broadcom Corporation.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM\...\Run: [HP LaserJet 200 color MFP M276 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2011-10-10] (Hewlett-Packard Company)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2362392 2013-11-21] (Sony Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1446757697-2309439942-254719417-1002\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-1446757697-2309439942-254719417-1002\...\MountPoints2: {a8772377-8618-11e3-824f-806e6f6e6963} - "D:\SETUP.EXE" 
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll [490000 2014-05-18] ()
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll [664592 2014-05-18] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.2.0.38
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://vaioportal.sony.eu
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.2.0.38
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchURL = hxxp://home.microsoft.com/access/autosearch.asp?p=%s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=146&itype=a&ver=12692&tm=315&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=146&itype=a&ver=12692&tm=315&src=ds&p={searchTerms}
SearchScopes: HKCU - DefaultScope {01EEB4B6-0C7E-4EFA-836B-74AC56DE4CFC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=SEJB
SearchScopes: HKCU - {01EEB4B6-0C7E-4EFA-836B-74AC56DE4CFC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=SEJB
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=146&itype=n&ver=12302&tm=315&src=ds&p={searchTerms}
SearchScopes: HKCU - {CECE89A5-3192-4691-BDE0-BBAD40157163} URL = hxxp://rover.ebay.com/rover/1/5222-42442-16445-29/4?mpre=hxxp://shop.ebay.ch/?oemInLn=ieSrch-&_nkw={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll (Aztec Media Inc)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll.dll (Aztec Media Inc)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default
FF SearchEngineOrder.1: default-search.net
FF Homepage: hxxp://www.default-search.net?sid=476&aid=146&itype=n&ver=12302&tm=315&src=hmp
FF Keyword.URL: hxxp://www.default-search.net/search?sid=476&aid=146&itype=n&ver=12302&tm=315&src=ds&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Linkey for Firefox - C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\Extensions\extension@linkeyproject.com [2014-04-12]
FF Extension: Popular Website Buddy - C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\Extensions\jid1-l6V8exwLVv1lBw@jetpack [2014-03-30]
FF Extension: Settings Manager - C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\Extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757} [2014-04-12]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF [2014-03-29]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn\ []

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-10-28] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-16] (WildTangent)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company)
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-18] (Intel Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-27] (Sony Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2013-11-21] (Sony Corporation)
R2 SystemkService; C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe [3543056 2014-05-18] (Aztec Media Inc)
R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; c:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1369136 2013-09-25] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7488176 2014-01-26] (Broadcom Corporation)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-03-29] (Symantec Corporation)
S1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg [36240 2014-05-18] (Aztec Media Inc)
R4 F06DEFF2-5B9C-490D-910F-35D3A91196222; C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg [36240 2014-05-18] (Aztec Media Inc)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140520.001\IDSvia64.sys [525016 2014-03-28] (Symantec Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-20] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140521.001\ENG64.SYS [126040 2014-03-29] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140521.001\EX64.SYS [2099288 2014-03-29] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2013-10-09] (Realsil Semiconductor Corporation)
S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-04-28] ()
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-28] (Synaptics Incorporated)
R0 SMR410; C:\Windows\System32\drivers\SMR410.SYS [96856 2014-05-21] (Symantec Corporation)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1502000.026\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-03-29] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 xusb22; C:\Windows\system32\DRIVERS\xusb22.sys [87040 2013-08-22] (Microsoft Corporation)
U3 ugdyypob; \??\C:\Users\RAHEL_~1\AppData\Local\Temp\ugdyypob.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-21 22:26 - 2014-05-21 22:26 - 00027907 _____ () C:\Users\rahel_000\Downloads\FRST.txt
2014-05-21 22:25 - 2014-05-21 22:25 - 02067456 _____ (Farbar) C:\Users\rahel_000\Downloads\FRST64.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00380416 _____ () C:\Users\rahel_000\Downloads\Gmer-19357.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00050477 _____ () C:\Users\rahel_000\Downloads\Defogger.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00000474 _____ () C:\Users\rahel_000\Downloads\defogger_disable.log
2014-05-21 22:14 - 2014-05-21 22:14 - 00009214 _____ () C:\Users\rahel_000\Desktop\gmer.txt
2014-05-21 22:06 - 2014-05-21 22:06 - 00380416 _____ () C:\Users\Fuchs\Downloads\Gmer-19357.exe
2014-05-21 22:04 - 2014-05-21 22:04 - 00048595 _____ () C:\Users\Fuchs\Desktop\FRST.txt
2014-05-21 22:04 - 2014-05-21 22:04 - 00031958 _____ () C:\Users\Fuchs\Desktop\Addition.txt
2014-05-21 22:03 - 2014-05-21 22:26 - 00000000 ____D () C:\FRST
2014-05-21 22:02 - 2014-05-21 22:02 - 02067456 _____ (Farbar) C:\Users\Fuchs\Downloads\FRST64(1).exe
2014-05-21 22:00 - 2014-05-21 22:00 - 00576495 _____ () C:\Users\Fuchs\Downloads\FRST64.exe
2014-05-21 22:00 - 2014-05-21 22:00 - 00000474 _____ () C:\Users\Fuchs\Desktop\defogger_disable.log
2014-05-21 22:00 - 2014-05-21 22:00 - 00000000 _____ () C:\Users\rahel_000\defogger_reenable
2014-05-21 21:59 - 2014-05-21 21:59 - 00050477 _____ () C:\Users\Fuchs\Downloads\Defogger.exe
2014-05-21 21:18 - 2014-05-21 21:18 - 00096856 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR410.SYS
2014-05-21 21:18 - 2014-05-21 21:18 - 00000020 _____ () C:\Windows\system32\Drivers\SMR410.dat
2014-05-21 21:17 - 2014-05-21 22:15 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\NPE
2014-05-21 21:17 - 2014-05-21 21:17 - 03077584 ____N (Symantec Corporation) C:\Users\Fuchs\Downloads\NPE.exe
2014-05-21 19:04 - 2014-05-21 22:22 - 00000000 ____D () C:\ProgramData\systemk
2014-05-16 21:19 - 2014-05-16 21:19 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-16 21:18 - 2014-05-16 21:18 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\WildTangent
2014-05-16 01:01 - 2014-05-16 01:01 - 00000000 ____D () C:\5a79d5eb9d2d0944646633
2014-05-15 19:43 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\Windows\system32\mrt_map.dll
2014-05-15 19:43 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\Windows\system32\mrt100.dll
2014-05-15 19:43 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt_map.dll
2014-05-15 19:43 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt100.dll
2014-05-15 19:43 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-15 19:43 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-05-15 19:43 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-15 19:43 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-05-15 19:43 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-05-15 18:38 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-05-15 18:38 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-05-15 18:38 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2014-05-15 18:38 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-05-15 18:38 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-05-15 18:38 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-05-15 18:38 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-05-15 18:38 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-05-15 18:38 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-05-15 18:38 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-05-15 18:38 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 18:38 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-05-15 18:38 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 18:38 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-05-15 18:38 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-05-15 18:38 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-05-15 18:38 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-05-15 18:38 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-05-15 18:38 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-05-15 18:38 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-05-15 18:38 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-05-15 18:38 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-05-15 18:38 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-05-15 18:38 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-05-15 18:38 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-15 18:38 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-05-15 18:38 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-15 18:37 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 18:37 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 18:37 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 18:37 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 18:37 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 18:37 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-10 18:43 - 2014-05-11 19:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 16:24 - 2014-05-10 18:48 - 00001310 _____ () C:\Users\Public\Desktop\WildStar.lnk
2014-05-10 16:24 - 2014-05-10 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2014-05-10 16:24 - 2014-05-10 16:24 - 00000000 ____D () C:\Program Files (x86)\NCSOFT
2014-05-10 16:22 - 2014-05-10 16:22 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\NCSOFT
2014-05-10 16:22 - 2014-05-10 16:22 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\NCSOFT
2014-05-10 16:11 - 2014-05-10 16:11 - 10527224 _____ (NCSOFT) C:\Users\Fuchs\Downloads\Wildstar(2).exe
2014-05-10 16:07 - 2014-05-10 16:07 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-05-04 00:23 - 2014-05-04 00:23 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-05-02 15:10 - 2014-05-02 15:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 15:10 - 2014-05-02 15:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-01 13:53 - 2014-05-01 13:53 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Introversion
2014-04-28 18:58 - 2014-05-14 20:15 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-04-28 03:08 - 2014-04-28 03:08 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\CrashDumps
2014-04-28 01:08 - 2014-04-28 01:08 - 00262192 _____ () C:\Windows\Minidump\042814-46328-01.dmp
2014-04-28 01:06 - 2013-12-17 09:36 - 29339936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 22104352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 15930288 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 15699056 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 13656024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 12947384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 11311392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-04-28 01:06 - 2013-12-17 09:36 - 09281544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 07721112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 07598080 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 06330064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 02971424 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 02789664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 02367776 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 02007840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432762.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432762.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00458528 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00388384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00032544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-04-28 01:03 - 2014-04-28 01:03 - 00003132 _____ () C:\Windows\System32\Tasks\USER_ESRV_SVC
2014-04-28 01:03 - 2014-04-28 01:03 - 00002060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care (Desktop).lnk
2014-04-28 01:03 - 2014-04-28 01:03 - 00001992 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Manual.lnk
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Schach\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Schach
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\rahel_000\AppData\Roaming\iolo
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Gast
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Administrator
2014-04-25 17:46 - 2014-04-25 17:46 - 00295656 _____ () C:\Windows\Minidump\042514-35578-01.dmp
2014-04-25 17:43 - 2014-04-25 17:43 - 02143832 _____ () C:\Users\rahel_000\Downloads\instsf449.exe
2014-04-25 17:36 - 2014-04-25 17:37 - 00292104 _____ () C:\Windows\Minidump\042514-36828-01.dmp
2014-04-25 17:35 - 2014-04-25 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-04-25 17:35 - 2014-04-25 17:44 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-04-24 13:04 - 2014-04-24 13:51 - 00000000 ____D () C:\Users\Fuchs\Documents\Matur
2014-04-23 17:48 - 2014-04-23 17:48 - 00000000 ____D () C:\Users\rahel_000\Documents\Games for Windows - LIVE Demos
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-04-23 17:44 - 2014-04-23 17:44 - 00642712 _____ (Microsoft Corporation) C:\Users\rahel_000\Downloads\gfwlivesetup.exe
2014-04-23 17:43 - 2014-04-23 17:43 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\Macromedia
2014-04-23 17:41 - 2014-04-28 01:37 - 00000000 ____D () C:\Update
2014-04-23 17:38 - 2014-04-23 17:38 - 00000000 __SHD () C:\Users\rahel_000\AppData\Local\EmieUserList
2014-04-23 17:38 - 2014-04-23 17:38 - 00000000 __SHD () C:\Users\rahel_000\AppData\Local\EmieSiteList
2014-04-22 22:45 - 2014-04-22 22:45 - 00000000 ____D () C:\Users\dub_cm_auto
2014-04-22 11:51 - 2014-04-22 12:21 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\.minecraft

==================== One Month Modified Files and Folders =======

2014-05-21 22:27 - 2014-05-21 22:26 - 00027907 _____ () C:\Users\rahel_000\Downloads\FRST.txt
2014-05-21 22:26 - 2014-05-21 22:03 - 00000000 ____D () C:\FRST
2014-05-21 22:25 - 2014-05-21 22:25 - 02067456 _____ (Farbar) C:\Users\rahel_000\Downloads\FRST64.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00380416 _____ () C:\Users\rahel_000\Downloads\Gmer-19357.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00050477 _____ () C:\Users\rahel_000\Downloads\Defogger.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00000474 _____ () C:\Users\rahel_000\Downloads\defogger_disable.log
2014-05-21 22:22 - 2014-05-21 19:04 - 00000000 ____D () C:\ProgramData\systemk
2014-05-21 22:22 - 2014-03-31 22:19 - 00000000 ____D () C:\Users\rahel_000\AppData\Roaming\ClassicShell
2014-05-21 22:22 - 2014-03-30 01:44 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\ClassicShell
2014-05-21 22:22 - 2014-03-29 22:01 - 00000000 ___RD () C:\Users\rahel_000\SkyDrive
2014-05-21 22:22 - 2014-03-29 21:57 - 00000000 ___RD () C:\Users\rahel_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-21 22:22 - 2014-03-29 21:57 - 00000000 ___RD () C:\Users\rahel_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-21 22:15 - 2014-05-21 21:17 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\NPE
2014-05-21 22:15 - 2014-03-30 01:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-21 22:14 - 2014-05-21 22:14 - 00009214 _____ () C:\Users\rahel_000\Desktop\gmer.txt
2014-05-21 22:13 - 2014-03-30 00:58 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6EB015A1-94C7-4988-A780-46552CF01F96}
2014-05-21 22:10 - 2014-03-30 01:50 - 00154112 ___SH () C:\Users\Fuchs\Downloads\Thumbs.db
2014-05-21 22:06 - 2014-05-21 22:06 - 00380416 _____ () C:\Users\Fuchs\Downloads\Gmer-19357.exe
2014-05-21 22:04 - 2014-05-21 22:04 - 00048595 _____ () C:\Users\Fuchs\Desktop\FRST.txt
2014-05-21 22:04 - 2014-05-21 22:04 - 00031958 _____ () C:\Users\Fuchs\Desktop\Addition.txt
2014-05-21 22:02 - 2014-05-21 22:02 - 02067456 _____ (Farbar) C:\Users\Fuchs\Downloads\FRST64(1).exe
2014-05-21 22:00 - 2014-05-21 22:00 - 00576495 _____ () C:\Users\Fuchs\Downloads\FRST64.exe
2014-05-21 22:00 - 2014-05-21 22:00 - 00000474 _____ () C:\Users\Fuchs\Desktop\defogger_disable.log
2014-05-21 22:00 - 2014-05-21 22:00 - 00000000 _____ () C:\Users\rahel_000\defogger_reenable
2014-05-21 22:00 - 2014-03-29 21:55 - 00000000 ____D () C:\Users\rahel_000
2014-05-21 22:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-05-21 21:59 - 2014-05-21 21:59 - 00050477 _____ () C:\Users\Fuchs\Downloads\Defogger.exe
2014-05-21 21:46 - 2014-01-26 01:52 - 01774435 _____ () C:\Windows\WindowsUpdate.log
2014-05-21 21:18 - 2014-05-21 21:18 - 00096856 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR410.SYS
2014-05-21 21:18 - 2014-05-21 21:18 - 00000020 _____ () C:\Windows\system32\Drivers\SMR410.dat
2014-05-21 21:18 - 2014-03-29 23:16 - 00000000 ____D () C:\ProgramData\Norton
2014-05-21 21:17 - 2014-05-21 21:17 - 03077584 ____N (Symantec Corporation) C:\Users\Fuchs\Downloads\NPE.exe
2014-05-21 19:07 - 2014-03-30 00:56 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Adobe
2014-05-21 19:07 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-21 19:04 - 2014-03-30 00:56 - 00000000 ____D () C:\Users\Fuchs
2014-05-21 19:04 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-18 21:12 - 2014-03-29 23:18 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-17 00:55 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-05-16 23:32 - 2013-08-22 16:46 - 00019789 _____ () C:\Windows\setupact.log
2014-05-16 23:12 - 2014-03-30 10:31 - 00000000 ____D () C:\ProgramData\Origin
2014-05-16 23:12 - 2014-03-30 10:31 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-16 21:19 - 2014-05-16 21:19 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-16 21:19 - 2014-01-26 02:25 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-05-16 21:18 - 2014-05-16 21:18 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\WildTangent
2014-05-16 21:18 - 2014-01-26 02:25 - 00000000 ____D () C:\ProgramData\WildTangent
2014-05-16 20:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-16 16:49 - 2014-03-30 00:56 - 00000000 ___RD () C:\Users\Fuchs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 16:49 - 2014-03-30 00:56 - 00000000 ___RD () C:\Users\Fuchs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 01:01 - 2014-05-16 01:01 - 00000000 ____D () C:\5a79d5eb9d2d0944646633
2014-05-16 01:01 - 2014-03-30 00:06 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 19:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-05-14 23:15 - 2014-03-30 01:01 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1446757697-2309439942-254719417-1005
2014-05-14 22:24 - 2014-03-30 03:04 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\Apple Computer
2014-05-14 20:15 - 2014-04-28 18:58 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-14 20:15 - 2014-03-30 01:25 - 00003766 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 20:03 - 2014-03-30 00:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-12 00:57 - 2014-03-30 10:28 - 00000000 ____D () C:\Users\Fuchs\Documents\Französisch
2014-05-11 19:54 - 2014-05-10 18:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-11 14:39 - 2014-03-30 00:56 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Packages
2014-05-10 18:48 - 2014-05-10 16:24 - 00001310 _____ () C:\Users\Public\Desktop\WildStar.lnk
2014-05-10 16:24 - 2014-05-10 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2014-05-10 16:24 - 2014-05-10 16:24 - 00000000 ____D () C:\Program Files (x86)\NCSOFT
2014-05-10 16:22 - 2014-05-10 16:22 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\NCSOFT
2014-05-10 16:22 - 2014-05-10 16:22 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\NCSOFT
2014-05-10 16:11 - 2014-05-10 16:11 - 10527224 _____ (NCSOFT) C:\Users\Fuchs\Downloads\Wildstar(2).exe
2014-05-10 16:07 - 2014-05-10 16:07 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-05-10 16:07 - 2014-03-30 10:38 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\Origin
2014-05-10 16:07 - 2014-03-30 10:37 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Origin
2014-05-07 21:41 - 2014-03-30 01:55 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-07 00:12 - 2014-04-10 21:11 - 00000000 ____D () C:\ProgramData\CyberLink
2014-05-06 18:22 - 2014-03-30 13:46 - 00080997 _____ () C:\Windows\DirectX.log
2014-05-06 18:06 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-06 06:40 - 2014-05-15 18:37 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:25 - 2014-05-15 18:37 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:00 - 2014-05-15 18:37 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 18:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 00:49 - 2013-09-13 23:00 - 00005070 _____ () C:\Windows\PFRO.log
2014-05-04 00:23 - 2014-05-04 00:23 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-05-02 15:10 - 2014-05-02 15:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 15:10 - 2014-05-02 15:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-01 22:30 - 2013-08-22 17:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 22:30 - 2013-08-22 17:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-01 13:53 - 2014-05-01 13:53 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Introversion
2014-04-28 16:18 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-04-28 03:08 - 2014-04-28 03:08 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\CrashDumps
2014-04-28 01:37 - 2014-04-23 17:41 - 00000000 ____D () C:\Update
2014-04-28 01:37 - 2014-01-26 02:01 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2014-04-28 01:34 - 2014-03-29 22:04 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1446757697-2309439942-254719417-1002
2014-04-28 01:28 - 2014-01-26 02:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home
2014-04-28 01:18 - 2014-01-26 01:58 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-04-28 01:08 - 2014-04-28 01:08 - 00262192 _____ () C:\Windows\Minidump\042814-46328-01.dmp
2014-04-28 01:08 - 2014-04-02 17:52 - 774908773 _____ () C:\Windows\MEMORY.DMP
2014-04-28 01:08 - 2014-04-02 17:52 - 00000000 ____D () C:\Windows\Minidump
2014-04-28 01:08 - 2014-01-26 01:52 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-04-28 01:08 - 2014-01-26 01:52 - 00000000 ____D () C:\Windows\system32\NV
2014-04-28 01:08 - 2014-01-26 01:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-28 01:03 - 2014-04-28 01:03 - 00003132 _____ () C:\Windows\System32\Tasks\USER_ESRV_SVC
2014-04-28 01:03 - 2014-04-28 01:03 - 00002060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care (Desktop).lnk
2014-04-28 01:03 - 2014-04-28 01:03 - 00001992 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Manual.lnk
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Schach\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Schach
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\rahel_000\AppData\Roaming\iolo
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Gast
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Administrator
2014-04-28 01:03 - 2014-01-26 01:58 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-04-28 01:03 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-04-28 01:02 - 2014-01-26 09:30 - 00000000 ____D () C:\Program Files\Sony
2014-04-28 01:01 - 2014-01-26 02:35 - 00013792 _____ () C:\Windows\system32\Drivers\semav6thermal64ro.sys
2014-04-27 00:47 - 2014-03-30 01:52 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\Skype
2014-04-25 17:52 - 2014-04-25 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-04-25 17:46 - 2014-04-25 17:46 - 00295656 _____ () C:\Windows\Minidump\042514-35578-01.dmp
2014-04-25 17:44 - 2014-04-25 17:35 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-04-25 17:43 - 2014-04-25 17:43 - 02143832 _____ () C:\Users\rahel_000\Downloads\instsf449.exe
2014-04-25 17:37 - 2014-04-25 17:36 - 00292104 _____ () C:\Windows\Minidump\042514-36828-01.dmp
2014-04-24 13:51 - 2014-04-24 13:04 - 00000000 ____D () C:\Users\Fuchs\Documents\Matur
2014-04-23 17:48 - 2014-04-23 17:48 - 00000000 ____D () C:\Users\rahel_000\Documents\Games for Windows - LIVE Demos
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-04-23 17:44 - 2014-04-23 17:44 - 00642712 _____ (Microsoft Corporation) C:\Users\rahel_000\Downloads\gfwlivesetup.exe
2014-04-23 17:43 - 2014-04-23 17:43 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\Macromedia
2014-04-23 17:38 - 2014-04-23 17:38 - 00000000 __SHD () C:\Users\rahel_000\AppData\Local\EmieUserList
2014-04-23 17:38 - 2014-04-23 17:38 - 00000000 __SHD () C:\Users\rahel_000\AppData\Local\EmieSiteList
2014-04-22 22:45 - 2014-04-22 22:45 - 00000000 ____D () C:\Users\dub_cm_auto
2014-04-22 13:50 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-04-22 12:21 - 2014-04-22 11:51 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\.minecraft
2014-04-21 16:08 - 2014-01-26 09:20 - 00801394 _____ () C:\Windows\system32\perfh00C.dat
2014-04-21 16:08 - 2014-01-26 09:20 - 00158846 _____ () C:\Windows\system32\perfc00C.dat
2014-04-21 16:08 - 2014-01-26 09:10 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-04-21 16:08 - 2014-01-26 09:10 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-04-21 16:08 - 2013-09-13 23:06 - 02737336 _____ () C:\Windows\system32\PerfStringBackup.INI

Some content of TEMP:
====================
C:\Users\Fuchs\AppData\Local\Temp\COMAP.EXE
C:\Users\Fuchs\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\rahel_000\AppData\Local\Temp\ClassicShellSetup_4_0_4.exe
C:\Users\rahel_000\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\rahel_000\AppData\Local\Temp\readSTILog.dll
C:\Users\rahel_000\AppData\Local\Temp\sdanircmdc.exe
C:\Users\rahel_000\AppData\Local\Temp\sdapskill.exe
C:\Users\rahel_000\AppData\Local\Temp\sdaspwn.exe
C:\Users\rahel_000\AppData\Local\Temp\sfamcc00001.dll
C:\Users\rahel_000\AppData\Local\Temp\sfareca00001.dll
C:\Users\rahel_000\AppData\Local\Temp\sfextra.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-21 19:34

==================== End Of Log ============================
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2014
Ran by Schach at 2014-05-21 22:35:30
Running from C:\Users\rahel_000\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 Content (HKLM-x32\...\Adobe Premiere Elements 10 Content) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 Content (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 Content 1 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 Content 2 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 Content 3 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 HD Content 1 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 HD Content 2 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 HD Content 3 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Antichamber (HKLM-x32\...\Steam App 219890) (Version:  - Alexander Bruce)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.181 - Broadcom Corporation)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
Canon MP640 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series) (Version:  - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.13.10.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.13.10.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.13.10.0 - Canon Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.3202 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.3202 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5804.52 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.5804.52 - CyberLink Corp.) Hidden
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Elements 10 Organizer (x32 Version: 10.0 - Ihr Firmenname) Hidden
Enchanted Cavern 2 (x32 Version: 2.2.0.110 - WildTangent) Hidden
ESDL (x32 Version: 1.0.0 - Sony Corporation) Hidden
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
HP LaserJet 200 color MFP M276 (HKLM-x32\...\{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}) (Version: 5.0.12201.1116 - Hewlett-Packard)
HP LaserJet 200 color MFP M276 Fax (x32 Version: 29.0.84.0 - Hewlett-Packard Co.) Hidden
HP LaserJet 200 color MFP M276 HP Device Toolbox (x32 Version: 29.0.84.0 - Hewlett-Packard Co.) Hidden
HP LJ200 M276 HP Scan (x32 Version: 1.0.302.0 - Hewlett-Packard Co.) Hidden
HP Product FWUpdater (x32 Version: 4.0.0.7242 - Hewlett-Packard Company) Hidden
HP Unified IO (Version: 2.0.0.404 - HP) Hidden
HP Unified IO (x32 Version: 2.0.0.404 - HP) Hidden
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM276DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
HPDXP (x32 Version: 3.0.26.8 - HP) Hidden
HPLaserJet200color-MFPM276_HelpLearnCenter_SI (HKLM-x32\...\{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden
HPLJUTCore (x32 Version: 004.005.0001 - HP) Hidden
HPLJUTM276 (x32 Version: 3.00.0003 - HP) Hidden
hppFaxDrvM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM276LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
hppSendFaxM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM276 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.2.1000 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Linkey (HKCU\...\Linkey) (Version: 0.0.0.431 - Aztec Media Inc) <==== ATTENTION
LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden
Luxor HD (x32 Version: 2.2.0.110 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Media Go (HKLM-x32\...\{B55B7EAE-C58C-496E-A383-3A6ABDD83A62}) (Version: 2.5.290 - Sony)
MergeModule_x64 (Version: 8.0.00 - Sony Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4569.1508 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
My Game Long Name (HKLM\...\UDK-2e58f89b-4447-4111-94b2-a2343153024d) (Version:  - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-3a56167a-3ca4-4f13-bae3-02685a1f8720) (Version:  - Epic Games, Inc.)
My Kingdom for the Princess 3 (x32 Version: 2.2.0.110 - WildTangent) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.2.0.38 - Symantec Corporation)
NVIDIA Control Panel 327.39 (Version: 327.39 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 327.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.39 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
NXPProximityInstaller (HKLM-x32\...\NXPProximityInstaller) (Version: 6.5.9.0 - NXP Semiconductors)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4454.1510 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
PlayMemories Home (HKLM-x32\...\{4C93E894-BE17-463B-A789-4CAB706987A0}) (Version: 8.0.21.11211 - Sony Corporation)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.16.2.15545 - Sony Computer Entertainment Inc.)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7054 - Realtek Semiconductor Corp.)
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
RonyaSoft CD DVD Label Maker 1.03 (HKLM-x32\...\RonyaSoft CD DVD Label Maker) (Version: 1.03 - RonyaSoft)
Settings Manager (HKLM-x32\...\Settings Manager) (Version: 5.0.0.12302 - Aztec Media Inc) <==== ATTENTION
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Premiere Elements 10 x64 Plugin (HKLM\...\{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (x32 Version: 5.7.1 - SmartSound Software Inc.) Hidden
SOHLib for PlayMemories Home (Version: 1.0.1.11110 - Sony Corporation) Hidden
Spelunky (HKLM-x32\...\Steam App 239350) (Version:  - )
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.10 - Synaptics Incorporated)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Swapper (HKLM-x32\...\Steam App 231160) (Version:  - Olli Harjola, Otto Hantula, Tom Jubert, Carlo Castellano)
Thinking with Time Machine (HKLM-x32\...\Steam App 286080) (Version:  - Stridemann)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.3.0.05310 - Sony Corporation)
VAIO BIOS Data Transfer Utility (x32 Version: 1.1.0.09260 - Sony Corporation) Hidden
VAIO Care (HKLM\...\{92907606-B2FC-4193-B0CE-A21159DA3ABB}) (Version: 8.4.0.14286 - Sony Corporation)
VAIO Care Hardware Diagnostics Plugin (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.11.0.09260 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{31A52292-831E-45E0-8333-7D35BCD130B8}) (Version: 1.0.3.09050 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.4.1.13060 - Sony Corporation)
VAIO CPU Fan Diagnostic (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.2.0.03050 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.12.0.07300 - Sony Corporation)
VAIO Easy Connect (x32 Version: 8.2.0.14170 - Sony Corporation) Hidden
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.5.0.09250 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.5.0.09250 - Sony Corporation) Hidden
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.3.00.10220 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.3.00.10220 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 3.0.0.08080 - Sony Corporation)
VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.2.0.10110 - Sony Corporation)
VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.3.00.10240 - Sony Corporation)
VAIO Movie Creator (x32 Version: 4.3.00.10240 - Sony Corporation) Hidden
VAIO Sample Music (HKLM-x32\...\{E54A5A2B-E06C-41A6-A0DE-04C5AA4B415C}) (Version: 1.0.1.10240 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.3.1.10120 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
VI3.0x64 (Version: 1.0.0 - Sony Corporation) Hidden
VI3.0x86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32 - WildTangent) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VUx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.8030 - Broadcom Corporation)
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.25 - WildTangent) Hidden
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

==================== Restore Points  =========================

06-05-2014 16:10:56 Windows Update
15-05-2014 17:47:27 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {06908362-4A01-4958-8851-56051A9C2B59} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2013-07-05] (Sony Corporation)
Task: {0901A7F4-2A16-440F-8478-3218F2084F23} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2013-11-07] (Sony Corporation)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0FDDA7B6-6900-46B3-AB9C-A8F0F888E3F3} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {12DD77AE-FC3A-43BD-8DA8-673CAC56A9A1} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {13000560-C7AA-4B47-BCEA-153837CC0F55} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\WSCStub.exe [2014-03-12] (Symantec Corporation)
Task: {1A603CD3-6EFA-44EF-A69F-A1CB6D7E14BF} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {1AD691B7-46F8-4EAD-B58E-C0F307BDAB6A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {1EF351E3-2B87-4613-8B5C-BC4316B41633} - System32\Tasks\Sony Corporation\VAIO Improvement\v3\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\v3\Sony.VAIO.VAIOImprovement.Uploader.exe [2013-08-09] (Sony Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {25310D83-8472-41A1-AE47-D83A8A882EB0} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-09-24] (Sony Corporation)
Task: {288D6658-EB27-4929-8190-9E9CEA7E2C4A} - System32\Tasks\Sony Corporation\VAIO Improvement\v3\VAIOImprovementUploaderUserDisconected => C:\Program Files\Sony\VAIO Improvement\v3\Sony.VAIO.VAIOImprovement.Uploader.exe [2013-08-09] (Sony Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {31DD3361-4A8D-4B9A-BDC3-6C0357E464F0} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {388C3D2E-EF07-4336-9E80-8653BC3D41FA} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3C0FF926-EEA0-43CC-BEE8-048804B0FD54} - System32\Tasks\Sony Corporation\VAIO Care\DeployVAIOManual => %ProgramData%\Sony Corporation\VAIO Care\VAIOUserGuideUpdate.exe
Task: {40E7E6CE-91EE-4CF9-B5DF-9258380B3733} - System32\Tasks\Sony Corporation\VAIO Care\UpdateContacts => %ProgramData%\Sony Corporation\VAIO Care\UpdateContacts.exe
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {49B12BFC-6BDA-420A-B251-833E5BEBF9D7} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-08-14] (Sony Corporation)
Task: {4BE49BA9-F7A7-45B6-901F-B54E158ECCEF} - System32\Tasks\AdobeAAMUpdater-1.0-Sokrates-Fuchs => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {4C9F7F2A-9C43-4670-80A0-492DA202C881} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-05-16] (Microsoft Corporation)
Task: {5A2869E0-ABA5-466E-899B-A960F1F29EFB} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2012-06-15] (Hewlett Packard)
Task: {5D6FD31A-80B1-48CE-846C-82A9C30B5FD1} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {603F2271-9EF0-4668-9D6F-3F2F1BA797C2} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-09-24] (Sony Corporation)
Task: {60F3F8B2-35D9-4D44-818C-6CDEB05F9F72} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIO Capture\VAIO Clip => C:\Program Files (x86)\Sony\VAIO Control Center\VAIO Clip.exe [2013-08-14] (Sony Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6EFAD63B-E31B-44E7-9498-A61F8D9003B6} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-04-25] (CyberLink Corp.)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {777AC6D0-6983-48CE-BB67-94BFA0C2CFE6} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-08-14] (Sony Corporation)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {81B83905-DC1C-45D1-885B-A078F333F6AE} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {880E78D2-8886-4DAE-99CF-2C982883F67C} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {899368AE-1C11-4643-A078-A08D9A9DDD06} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {8A973F96-158B-4869-AB57-0E0C08FC992C} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {8B4164FA-C9FD-44F1-8288-B741BC6AA5F1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {99C6BDFE-FDE7-4823-B5AD-9E690FA57473} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-02-27] (Sony Corporation)
Task: {9FE0334F-FBEB-4E1D-AB11-1566ABE560B4} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2014-03-01] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A5713AAF-6C8A-4857-A994-C5730BA20BF2} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2013-09-27] (Sony Corporation)
Task: {A962FC3B-89BE-4948-A585-F117400D31E9} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2013-06-01] (Sony Corporation)
Task: {B249FBFC-4FE4-4B46-A2EF-EADA65351BED} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-10-28] (Synaptics Incorporated)
Task: {BC70C071-B74F-44A6-9D4B-8FE6AB2AF252} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {BE0026D1-5328-4F7A-BAB9-F22BF2924CBD} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1446757697-2309439942-254719417-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {BF1075D7-0809-431D-B11C-1D3FE220C521} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {C0870AB0-5712-466D-B986-EAE1AC75F00D} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C3A70705-8E32-42DB-9D2C-34028A9647C1} - System32\Tasks\PDVDServ Task => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.EXE [2013-03-19] (CyberLink Corp.)
Task: {C6080CE6-568C-4120-8330-F56CE77489D5} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {CF1ACA55-470E-4207-825E-EC8A641D1D00} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DD751CA9-C14A-43A7-88CF-ADC0B9DD78CA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)
Task: {E040298F-5BBB-4147-B393-95C08C199D46} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {E07CF3FF-E164-44BD-9FC9-562AC23D3D0E} - System32\Tasks\Sony Corporation\VAIO Improvement\v3\VAIOImprovementUploaderUserConected => C:\Program Files\Sony\VAIO Improvement\v3\Sony.VAIO.VAIOImprovement.Uploader.exe [2013-08-09] (Sony Corporation)
Task: {E0EC6C88-7C01-4807-8ADA-B24833BC52A5} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E8237AFB-EB50-4833-BB26-55E9474E212C} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {E8757698-C215-4C22-A830-0B93E1EF55DA} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1446757697-2309439942-254719417-1005
Task: {F271E6D3-247A-4A25-843C-F75067AE0728} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2013-09-19] (Sony Corporation)
Task: {FEA7F518-59A3-47C3-925B-9A06503C8DEC} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-04-12 19:34 - 2014-05-18 11:50 - 00664592 _____ () C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll
2013-09-25 16:20 - 2013-09-25 16:20 - 00049368 _____ () c:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2014-03-30 00:33 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-03-30 00:28 - 2014-01-02 19:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-01-26 01:52 - 2013-12-17 09:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-08-30 13:46 - 2013-10-03 10:42 - 00069120 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-12 19:34 - 2014-05-18 11:50 - 00490000 _____ () C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll
2014-04-12 19:34 - 2014-05-18 11:50 - 00020496 _____ () C:\Program Files (x86)\Settings Manager\systemk\syskldr.dll
2014-01-26 01:47 - 2013-09-18 04:32 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2012-08-30 13:39 - 2013-10-03 10:42 - 00112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
2014-05-10 18:43 - 2014-05-11 19:54 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\rahel_000\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: NXP NearFieldProximity Provider
Description: NXP NearFieldProximity Provider
Class Guid: {5630831c-06c9-4856-b327-f5d32586e060}
Manufacturer: NXP Semiconductors(Proximity)
Service: WUDFRd
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/21/2014 07:54:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2ec

Startzeit: 01cf751cf2501cec

Endzeit: 4294967295

Anwendungspfad: C:\Windows\system32\wwahost.exe

Berichts-ID: e622eff0-e110-11e3-8288-342387967e48

Vollständiger Name des fehlerhaften Pakets: BD9B8345.VAIOMessageCenter_2.1.1.2210_x64__05bme2bjq6sag

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SonyCorporation.VAIOMessageCenter

Error: (05/19/2014 06:52:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 29.0.1.5239 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1f18

Startzeit: 01cf72ddc6337fdd

Endzeit: 15

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: f48b0d71-df75-11e3-8287-342387967e48

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (05/18/2014 09:39:46 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/18/2014 02:54:41 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/16/2014 00:39:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sokrates)
Description: Bei der Aktivierung der App „BD9B8345.VAIOMessageCenter_05bme2bjq6sag!SonyCorporation.VAIOMessageCenter“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (05/16/2014 00:09:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sokrates)
Description: Bei der Aktivierung der App „BD9B8345.VAIOMessageCenter_05bme2bjq6sag!SonyCorporation.VAIOMessageCenter“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (05/15/2014 11:39:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sokrates)
Description: Bei der Aktivierung der App „BD9B8345.VAIOMessageCenter_05bme2bjq6sag!SonyCorporation.VAIOMessageCenter“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (05/15/2014 10:54:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sokrates)
Description: Bei der Aktivierung der App „BD9B8345.VAIOMessageCenter_05bme2bjq6sag!SonyCorporation.VAIOMessageCenter“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (05/15/2014 10:39:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sokrates)
Description: Bei der Aktivierung der App „BD9B8345.VAIOMessageCenter_05bme2bjq6sag!SonyCorporation.VAIOMessageCenter“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (05/15/2014 10:24:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sokrates)
Description: Bei der Aktivierung der App „BD9B8345.TVSideView_05bme2bjq6sag!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


System errors:
=============
Error: (05/21/2014 10:28:13 PM) (Source: DCOM) (EventID: 10010) (User: Sokrates)
Description: {9F070738-F6EA-408A-A6BD-AED405E67A13}

Error: (05/21/2014 10:28:08 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (05/21/2014 10:23:27 PM) (Source: DCOM) (EventID: 10010) (User: Sokrates)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/21/2014 07:35:34 PM) (Source: DCOM) (EventID: 10010) (User: Sokrates)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/21/2014 07:35:04 PM) (Source: DCOM) (EventID: 10010) (User: Sokrates)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/21/2014 07:06:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Energy Server Service" wurde mit folgendem Fehler beendet: 
%%268439612

Error: (05/21/2014 07:05:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "F06DEFF2-5B9C-490D-910F-35D3A9119622" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/21/2014 07:05:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Systemk Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (05/21/2014 07:04:02 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎20.‎05.‎2014 um 05:53:31 unerwartet heruntergefahren.

Error: (05/19/2014 10:35:59 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst nvsvc erreicht.


Microsoft Office Sessions:
=========================
Error: (05/21/2014 07:54:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.170312ec01cf751cf2501cec4294967295C:\Windows\system32\wwahost.exee622eff0-e110-11e3-8288-342387967e48BD9B8345.VAIOMessageCenter_2.1.1.2210_x64__05bme2bjq6sagSonyCorporation.VAIOMessageCenter

Error: (05/19/2014 06:52:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe29.0.1.52391f1801cf72ddc6337fdd15C:\Program Files (x86)\Mozilla Firefox\firefox.exef48b0d71-df75-11e3-8287-342387967e48

Error: (05/18/2014 09:39:46 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/18/2014 02:54:41 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/16/2014 00:39:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sokrates)
Description: BD9B8345.VAIOMessageCenter_05bme2bjq6sag!SonyCorporation.VAIOMessageCenter-2144927141

Error: (05/16/2014 00:09:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sokrates)
Description: BD9B8345.VAIOMessageCenter_05bme2bjq6sag!SonyCorporation.VAIOMessageCenter-2144927141

Error: (05/15/2014 11:39:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sokrates)
Description: BD9B8345.VAIOMessageCenter_05bme2bjq6sag!SonyCorporation.VAIOMessageCenter-2144927141

Error: (05/15/2014 10:54:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sokrates)
Description: BD9B8345.VAIOMessageCenter_05bme2bjq6sag!SonyCorporation.VAIOMessageCenter-2144927141

Error: (05/15/2014 10:39:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sokrates)
Description: BD9B8345.VAIOMessageCenter_05bme2bjq6sag!SonyCorporation.VAIOMessageCenter-2144927141

Error: (05/15/2014 10:24:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sokrates)
Description: BD9B8345.TVSideView_05bme2bjq6sag!App-2144927141


CodeIntegrity Errors:
===================================
  Date: 2014-05-21 22:34:28.455
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-05-21 19:03:59.760
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-05-21 19:03:59.666
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-05-18 02:43:18.329
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-05-18 02:43:18.235
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-05-16 23:17:12.201
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-05-16 23:17:12.108
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-05-16 16:44:11.686
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-05-16 16:44:11.592
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-05-14 22:46:16.908
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 8087.8 MB
Available physical RAM: 5273.04 MB
Total Pagefile: 16279.8 MB
Available Pagefile: 13745.1 MB
Total Virtual: 131072 MB
Available Virtual: 131071.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:902.76 GB) (Free:544.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: E2384E5C)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-21 22:31:22
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002b WDC_WD10JPVX-55JC3T3 rev.01.01A01 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\RAHEL_~1\AppData\Local\Temp\ugdyypob.sys


---- User code sections - GMER 2.1 ----

.text   C:\Windows\System32\spoolsv.exe[1408] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                      00007ff8bfe2169a 4 bytes [E2, BF, F8, 7F]
.text   C:\Windows\System32\spoolsv.exe[1408] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                      00007ff8bfe216a2 4 bytes [E2, BF, F8, 7F]
.text   C:\Windows\System32\spoolsv.exe[1408] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118                                         00007ff8bfe2181a 4 bytes [E2, BF, F8, 7F]
.text   C:\Windows\System32\spoolsv.exe[1408] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142                                         00007ff8bfe21832 4 bytes [E2, BF, F8, 7F]
.text   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1752] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506  00007ff8bfe2169a 4 bytes [E2, BF, F8, 7F]
.text   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1752] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514  00007ff8bfe216a2 4 bytes [E2, BF, F8, 7F]
.text   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1752] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118     00007ff8bfe2181a 4 bytes [E2, BF, F8, 7F]
.text   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1752] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142     00007ff8bfe21832 4 bytes [E2, BF, F8, 7F]
.text   C:\Windows\System32\svchost.exe[1140] c:\windows\system32\WSOCK32.dll!setsockopt + 194                                            00007ff8b5ca1f6a 4 bytes [CA, B5, F8, 7F]
.text   C:\Windows\System32\svchost.exe[1140] c:\windows\system32\WSOCK32.dll!setsockopt + 218                                            00007ff8b5ca1f82 4 bytes [CA, B5, F8, 7F]
.text   C:\Windows\System32\svchost.exe[2140] c:\windows\system32\WSOCK32.dll!setsockopt + 194                                            00007ff8b5ca1f6a 4 bytes [CA, B5, F8, 7F]
.text   C:\Windows\System32\svchost.exe[2140] c:\windows\system32\WSOCK32.dll!setsockopt + 218                                            00007ff8b5ca1f82 4 bytes [CA, B5, F8, 7F]
.text   C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation                                        00007ff8be3728c0 7 bytes JMP 00007ff9bdd302d0
.text   C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW                                               00007ff8be3743d8 7 bytes JMP 00007ff9bdd30308
.text   C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA                                                 00007ff8be421f20 7 bytes JMP 00007ff9bdd30378
.text   C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW                                                 00007ff8be4240b4 7 bytes JMP 00007ff9bdd303b0
.text   C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW                                                00007ff8be424510 7 bytes JMP 00007ff9bdd30340
.text   C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW                                        00007ff8be424af0 7 bytes JMP 00007ff9bdd30260
.text   C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx                                        00007ff8be44cea0 7 bytes JMP 00007ff9bdd30228
.text   C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW                                          00007ff8be44cf10 7 bytes JMP 00007ff9bdd30298
.text   C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                             00007ff8bdd42300 7 bytes JMP 00007ff9bdd300d8
.text   C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                  00007ff8bdd45770 5 bytes JMP 00007ff9bdd30180
.text   C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                               00007ff8bdd45860 5 bytes JMP 00007ff9bdd30148
.text   C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                           00007ff8bdd45a30 5 bytes JMP 00007ff9bdd30110
.text   C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\USER32.dll!CreateWindowExW                                                  00007ff8be53b6f4 10 bytes JMP 00007ff9bdd30490
.text   C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW                                              00007ff8be5445d8 5 bytes JMP 00007ff9bdd30458
.text   C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo                                       00007ff8be544750 9 bytes JMP 00007ff9bdd303e8
.text   C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA                                              00007ff8be554fc0 5 bytes JMP 00007ff9bdd30420
.text   C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                          00007ff8be181500 8 bytes JMP 00007ff9bdd301b8
.text   C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                            00007ff8be181750 8 bytes JMP 00007ff9bdd301f0
.text   C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1                                                 00007ff8bb887c28 5 bytes JMP 00007ff9bb6b0110
.text   C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\dxgi.dll!CreateDXGIFactory                                                  00007ff8bb894b84 5 bytes JMP 00007ff9bb6b00d8
.text   C:\Windows\system32\nvvsvc.exe[7888] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                       00007ff8bfe2169a 4 bytes [E2, BF, F8, 7F]
.text   C:\Windows\system32\nvvsvc.exe[7888] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                       00007ff8bfe216a2 4 bytes [E2, BF, F8, 7F]
.text   C:\Windows\system32\nvvsvc.exe[7888] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118                                          00007ff8bfe2181a 4 bytes [E2, BF, F8, 7F]
.text   C:\Windows\system32\nvvsvc.exe[7888] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142                                          00007ff8bfe21832 4 bytes [E2, BF, F8, 7F]
.text   C:\Windows\Explorer.EXE[6640] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                              00007ff8bfe2169a 4 bytes [E2, BF, F8, 7F]
.text   C:\Windows\Explorer.EXE[6640] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                              00007ff8bfe216a2 4 bytes [E2, BF, F8, 7F]
.text   C:\Windows\Explorer.EXE[6640] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118                                                 00007ff8bfe2181a 4 bytes [E2, BF, F8, 7F]
.text   C:\Windows\Explorer.EXE[6640] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142                                                 00007ff8bfe21832 4 bytes [E2, BF, F8, 7F]
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5260] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506               00007ff8bfe2169a 4 bytes [E2, BF, F8, 7F]
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5260] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514               00007ff8bfe216a2 4 bytes [E2, BF, F8, 7F]
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5260] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118                  00007ff8bfe2181a 4 bytes [E2, BF, F8, 7F]
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5260] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142                  00007ff8bfe21832 4 bytes [E2, BF, F8, 7F]
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5260] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194                     00007ff8b5ca1f6a 4 bytes [CA, B5, F8, 7F]
.text   C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5260] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218                     00007ff8b5ca1f82 4 bytes [CA, B5, F8, 7F]
.text   c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4048] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194              00007ff8b5ca1f6a 4 bytes [CA, B5, F8, 7F]
.text   c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4048] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218              00007ff8b5ca1f82 4 bytes [CA, B5, F8, 7F]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\SYSTEM32\ntdll.dll [1844:1848]                                                                                         0000000000f9975e
Thread  C:\Windows\system32\csrss.exe [6648:7340]                                                                                         fffff96000983b90
Thread  C:\Windows\SYSTEM32\ntdll.dll [4820:3552]                                                                                         00000000011aa794
Thread  C:\Windows\SYSTEM32\ntdll.dll [4820:5576]                                                                                         00000000011a4980

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                             unknown MBR code

---- EOF - GMER 2.1 ----
         
Als ich GMER ausführte, kamen noch folgende Fehlermeldungen.
C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
C:\Users\rahel_000\ntuser.dat: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Hier noch die Angaben von Norton Internet Security:
Code:
ATTFilter
Dateiname: sysapcrt.dll
Bedrohungsname: Trojan.ADH.2
Vollständiger Pfad: c:\program files (x86)\settings manager\systemk\sysapcrt.dll

____________________________



Details
Sehr wenige Benutzer,  Sehr neu,  Risiko Hoch





Ursprung
Heruntergeladen von
 Unbekannt





Aktivität
Ausgeführte Aktionen: 3



____________________________



Auf Computern ab 
21.05.2014 um 19:09:43


Zuletzt verwendet 
21.05.2014 um 20:21:07


Start-Element 
Nein


Gestartet 
Nein


____________________________


Sehr wenige Benutzer
Weniger als 5 Benutzer in der Norton Community haben diese Datei verwendet.

Sehr neu
Diese Datei wurde vor weniger als 1 Woche veröffentlicht.

Hoch
Das Risiko dieser Datei ist hoch.

Art der Bedrohung: Virus. Programme, die andere Programme, Dateien oder Computerbereiche infizieren, indem sie sich einfügen oder anhängen.



____________________________



Quelle: externe Medien



Quelldatei:
sysapcrt.dll




____________________________

Dateiaktionen

Infizierte Datei: c:\program files (x86)\settings manager\systemk\ sysapcrt.dll Zugriff verweigert
____________________________

Registrierungsaktionen

Registrierungsänderung: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\ AppCertDlls->x86, Registrierungsstruktur: 32 bit Reparatur nicht versucht
Registrierungsänderung: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\ AppCertDlls->x86, Registrierungsstruktur: 64 bit Reparatur nicht versucht
____________________________


Dateiabdruck - SHA:
a53271758302959148a6030318dda385f7fe73892aa8516db73ea51db2de8c5c
Dateiabdruck - MD5:
Nicht verfügbar
         
Es gab ausserdem noch ein Log von dem Norton Power Eraser, dieser wäre aber zu lang, um ihn auch noch in diesem Beitrag zu posten...
Ich hoffe, dass mir jemand helfen kann.

Liebe Grüsse
Rahel

Alt 22.05.2014, 05:45   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen - Standard

Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen



hi,

Adware & Co. deinstallieren
  • Lade Dir bitte von hier Revo Uninstaller herunter.
  • Installiere und starte das Programm.
  • Suche im Uninstallerfeld nach den Programmen, die unter:

    diesen Zusatz haben:
  • Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:




Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________

__________________

Alt 22.05.2014, 07:58   #3
Pandorae
 
Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen - Standard

Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen



Hallo,

Erstmal danke für die schnelle Antwort! Hier sind die gewünschten Logs:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 22.05.2014
Suchlauf-Zeit: 08:15:42
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.05.22.01
Rootkit Datenbank: v2014.05.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Schach

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 365548
Verstrichene Zeit: 10 Min, 42 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 8
PUP.Optional.Linkey.A, HKU\S-1-5-21-1446757697-2309439942-254719417-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, In Quarantäne, [aebb1143aecdce68f826ff2ca55d5fa1], 
PUP.Optional.Linkey.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, In Quarantäne, [aebb1143aecdce68f826ff2ca55d5fa1], 
PUP.Optional.Linkey.A, HKU\S-1-5-21-1446757697-2309439942-254719417-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, In Quarantäne, [aebb1143aecdce68f826ff2ca55d5fa1], 
PUP.Optional.Linkey.A, HKU\S-1-5-21-1446757697-2309439942-254719417-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, In Quarantäne, [aebb1143aecdce68f826ff2ca55d5fa1], 
PUP.Optional.Linkey.A, HKU\S-1-5-21-1446757697-2309439942-254719417-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, In Quarantäne, [aebb1143aecdce68f826ff2ca55d5fa1], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SYSTEMK\General, In Quarantäne, [7fea5ff5d9a271c5dc204f4554ae6898], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-1446757697-2309439942-254719417-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [6207c0944e2d05311ee7e4ad4cb6ab55], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-1446757697-2309439942-254719417-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [aebb5bf981fad561ec19454c8c768779], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 9
PUP.Optional.AztecMedia.A, C:\Users\Fuchs\AppData\Local\Temp\nsc441D.tmp\Helper.dll, In Quarantäne, [18515cf81f5cd264f74156f1838133cd], 
PUP.Optional.AztecMedia.A, C:\Users\Fuchs\AppData\Local\Temp\nsc441D.tmp\Starter.exe, In Quarantäne, [baaf381ccface94d82a71e2927dde719], 
PUP.Optional.AztecMedia.A, C:\Users\Fuchs\AppData\Local\Temp\nse1E65.tmp\Helper.dll, In Quarantäne, [0f5aa4b03a415cda84b4d176679d669a], 
PUP.Optional.AztecMedia.A, C:\Users\Fuchs\AppData\Local\Temp\nse1E65.tmp\Starter.exe, In Quarantäne, [e1886fe514670c2a07224bfcda2aab55], 
PUP.Optional.DefaultSearch.A, C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\searchplugins\default-search.xml, In Quarantäne, [3e2bfc581d5e280e1cd7dcb87290cf31], 
PUP.Optional.DefaultSearch.A, C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\searchplugins\default-search.xml, In Quarantäne, [5019054f25560531e60dcacaef1331cf], 
PUP.Optional.DefaultSearch.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml, In Quarantäne, [2d3caca8ea91e4525f95207456acc937], 
PUP.Optional.DefaultSearch.A, C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=476&aid=146&itype=a&ver=12692&tm=315&src=ds&p=");), Ersetzt,[bcadee66a9d22016870bbec113f12dd3]
PUP.Optional.DefaultSearch.A, C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=476&aid=146&itype=n&ver=12302&tm=315&src=ds&p=");), Ersetzt,[3b2e490b6d0e53e30989730c50b4cb35]

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Code:
ATTFilter
# AdwCleaner v3.210 - Bericht erstellt am 22/05/2014 um 08:35:18
# Aktualisiert 19/05/2014 von Xplode
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Schach - SOKRATES
# Gestartet von : C:\Users\rahel_000\Desktop\adwcleaner_3.210.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\rahel_000\AppData\LocalLow\DataMngr
Datei Gelöscht : C:\Users\rahel_000\Desktop\eBay.lnk

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\SystemK
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17037


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.order.1", "default-search.net");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=476&aid=146&itype=n&ver=12302&tm=315&src=ds&p=");

[ Datei : C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js ]


[ Datei : C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js ]


[ Datei : C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js ]


[ Datei : C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js ]


[ Datei : C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js ]


[ Datei : C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js ]


[ Datei : C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js ]


[ Datei : C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js ]


[ Datei : C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js ]


[ Datei : C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js ]


[ Datei : C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js ]


[ Datei : C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js ]


[ Datei : C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [9208 octets] - [22/05/2014 08:34:32]
AdwCleaner[S0].txt - [5727 octets] - [22/05/2014 08:35:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5787 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Schach on 22.05.2014 at  8:42:09,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\rahel_000\AppData\Roaming\mozilla\firefox\profiles\u0ghnwd0.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.05.2014 at  8:48:06,25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
Ran by Schach (administrator) on SOKRATES on 22-05-2014 08:50:24
Running from C:\Users\rahel_000\Downloads
Platform: Windows 8.1 (Update 1) (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VAIO Clip.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-10-28] (Realtek Semiconductor)
HKLM\...\Run: [Bluetooth] => c:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [534232 2013-09-25] (Broadcom Corporation.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM\...\Run: [HP LaserJet 200 color MFP M276 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2011-10-10] (Hewlett-Packard Company)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2362392 2013-11-21] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1446757697-2309439942-254719417-1002\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-1446757697-2309439942-254719417-1002\...\MountPoints2: {a8772377-8618-11e3-824f-806e6f6e6963} - "D:\SETUP.EXE" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.2.0.38
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://vaioportal.sony.eu
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.2.0.38
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchURL = hxxp://home.microsoft.com/access/autosearch.asp?p=%s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {01EEB4B6-0C7E-4EFA-836B-74AC56DE4CFC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=SEJB
SearchScopes: HKCU - {CECE89A5-3192-4691-BDE0-BBAD40157163} URL = hxxp://rover.ebay.com/rover/1/5222-42442-16445-29/4?mpre=hxxp://shop.ebay.ch/?oemInLn=ieSrch-&_nkw={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default
FF Homepage: https://www.google.ch/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Popular Website Buddy - C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\Extensions\jid1-l6V8exwLVv1lBw@jetpack [2014-03-30]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF [2014-03-29]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn\ []

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-10-28] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-16] (WildTangent)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company)
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-18] (Intel Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-27] (Sony Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2013-11-21] (Sony Corporation)
R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; c:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7488176 2014-01-26] (Broadcom Corporation)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-03-29] (Symantec Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140521.001\IDSvia64.sys [525016 2014-03-28] (Symantec Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-20] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140521.001\ENG64.SYS [126040 2014-03-29] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140521.001\EX64.SYS [2099288 2014-03-29] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2013-10-09] (Realsil Semiconductor Corporation)
S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-04-28] ()
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-28] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1502000.026\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-03-29] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 xusb22; C:\Windows\system32\DRIVERS\xusb22.sys [87040 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-22 08:48 - 2014-05-22 08:48 - 00000750 _____ () C:\Users\rahel_000\Desktop\JRT.txt
2014-05-22 08:42 - 2014-05-22 08:42 - 00000000 ____D () C:\Windows\ERUNT
2014-05-22 08:39 - 2014-05-22 08:39 - 01016261 _____ (Thisisu) C:\Users\rahel_000\Downloads\JRT.exe
2014-05-22 08:39 - 2014-05-22 08:39 - 00005871 _____ () C:\Users\rahel_000\Desktop\AdwCleaner[S0].txt
2014-05-22 08:32 - 2014-05-22 08:35 - 00000000 ____D () C:\AdwCleaner
2014-05-22 08:31 - 2014-05-22 08:32 - 01326389 _____ () C:\Users\rahel_000\Desktop\adwcleaner_3.210.exe
2014-05-22 08:31 - 2014-05-22 08:31 - 00004566 _____ () C:\Users\rahel_000\Desktop\mbam.txt
2014-05-22 08:14 - 2014-05-22 08:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-22 08:13 - 2014-05-22 08:13 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-22 08:13 - 2014-05-22 08:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-22 08:13 - 2014-05-22 08:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-22 08:13 - 2014-05-22 08:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-22 08:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-22 08:13 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-22 08:13 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-22 08:11 - 2014-05-22 08:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\rahel_000\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-22 07:53 - 2014-05-22 07:53 - 00001280 _____ () C:\Users\rahel_000\Desktop\Revo Uninstaller.lnk
2014-05-22 07:53 - 2014-05-22 07:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-22 07:52 - 2014-05-22 07:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\rahel_000\Downloads\revosetup95.exe
2014-05-21 23:04 - 2014-05-21 23:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-21 23:04 - 2014-05-21 23:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-21 23:04 - 2014-05-21 23:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-21 23:04 - 2014-05-21 23:04 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-21 23:04 - 2014-05-21 23:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-21 23:04 - 2014-05-21 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-21 23:04 - 2014-05-21 23:04 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-21 23:03 - 2014-05-21 23:03 - 00921512 _____ (Oracle Corporation) C:\Users\rahel_000\Downloads\jxpiinstall.exe
2014-05-21 23:02 - 2014-05-21 23:02 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-05-21 22:56 - 2014-05-21 22:56 - 00980106 _____ () C:\Users\rahel_000\Desktop\Info20140521225334.xml
2014-05-21 22:53 - 2014-05-21 23:09 - 00000000 ____D () C:\NPE
2014-05-21 22:51 - 2014-05-21 22:51 - 03077584 ____N (Symantec Corporation) C:\Users\rahel_000\Downloads\NPE.exe
2014-05-21 22:35 - 2014-05-21 22:35 - 00045387 _____ () C:\Users\rahel_000\Desktop\Addition.txt
2014-05-21 22:34 - 2014-05-22 08:50 - 00023955 _____ () C:\Users\rahel_000\Downloads\FRST.txt
2014-05-21 22:26 - 2014-05-21 22:27 - 00058247 _____ () C:\Users\rahel_000\Desktop\FRST.txt
2014-05-21 22:25 - 2014-05-21 22:25 - 02067456 _____ (Farbar) C:\Users\rahel_000\Downloads\FRST64.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00380416 _____ () C:\Users\rahel_000\Downloads\Gmer-19357.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00050477 _____ () C:\Users\rahel_000\Downloads\Defogger.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00000474 _____ () C:\Users\rahel_000\Desktop\defogger_disable.log
2014-05-21 22:14 - 2014-05-21 23:28 - 00009961 _____ () C:\Users\rahel_000\Desktop\gmer.txt
2014-05-21 22:06 - 2014-05-21 22:06 - 00380416 _____ () C:\Users\Fuchs\Downloads\Gmer-19357.exe
2014-05-21 22:04 - 2014-05-21 22:04 - 00048595 _____ () C:\Users\Fuchs\Desktop\FRST.txt
2014-05-21 22:04 - 2014-05-21 22:04 - 00031958 _____ () C:\Users\Fuchs\Desktop\Addition.txt
2014-05-21 22:03 - 2014-05-22 08:50 - 00000000 ____D () C:\FRST
2014-05-21 22:02 - 2014-05-21 22:02 - 02067456 _____ (Farbar) C:\Users\Fuchs\Downloads\FRST64(1).exe
2014-05-21 22:00 - 2014-05-21 22:00 - 00576495 _____ () C:\Users\Fuchs\Downloads\FRST64.exe
2014-05-21 22:00 - 2014-05-21 22:00 - 00000474 _____ () C:\Users\Fuchs\Desktop\defogger_disable.log
2014-05-21 22:00 - 2014-05-21 22:00 - 00000000 _____ () C:\Users\rahel_000\defogger_reenable
2014-05-21 21:59 - 2014-05-21 21:59 - 00050477 _____ () C:\Users\Fuchs\Downloads\Defogger.exe
2014-05-21 21:17 - 2014-05-21 23:27 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\NPE
2014-05-21 21:17 - 2014-05-21 21:17 - 03077584 ____N (Symantec Corporation) C:\Users\Fuchs\Downloads\NPE.exe
2014-05-16 21:19 - 2014-05-16 21:19 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-16 21:18 - 2014-05-16 21:18 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\WildTangent
2014-05-16 01:01 - 2014-05-16 01:01 - 00000000 ____D () C:\5a79d5eb9d2d0944646633
2014-05-15 19:43 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\Windows\system32\mrt_map.dll
2014-05-15 19:43 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\Windows\system32\mrt100.dll
2014-05-15 19:43 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt_map.dll
2014-05-15 19:43 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt100.dll
2014-05-15 19:43 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-15 19:43 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-05-15 19:43 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-15 19:43 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-05-15 19:43 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-05-15 18:38 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-05-15 18:38 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-05-15 18:38 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2014-05-15 18:38 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-05-15 18:38 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-05-15 18:38 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-05-15 18:38 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-05-15 18:38 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-05-15 18:38 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-05-15 18:38 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-05-15 18:38 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 18:38 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-05-15 18:38 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 18:38 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-05-15 18:38 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-05-15 18:38 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-05-15 18:38 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-05-15 18:38 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-05-15 18:38 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-05-15 18:38 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-05-15 18:38 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-05-15 18:38 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-05-15 18:38 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-05-15 18:38 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-05-15 18:38 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-15 18:38 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-05-15 18:38 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-15 18:37 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 18:37 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 18:37 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 18:37 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 18:37 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 18:37 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-10 18:43 - 2014-05-11 19:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 16:24 - 2014-05-10 18:48 - 00001310 _____ () C:\Users\Public\Desktop\WildStar.lnk
2014-05-10 16:24 - 2014-05-10 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2014-05-10 16:24 - 2014-05-10 16:24 - 00000000 ____D () C:\Program Files (x86)\NCSOFT
2014-05-10 16:22 - 2014-05-10 16:22 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\NCSOFT
2014-05-10 16:22 - 2014-05-10 16:22 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\NCSOFT
2014-05-10 16:11 - 2014-05-10 16:11 - 10527224 _____ (NCSOFT) C:\Users\Fuchs\Downloads\Wildstar(2).exe
2014-05-10 16:07 - 2014-05-10 16:07 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-05-04 00:23 - 2014-05-04 00:23 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-05-02 15:10 - 2014-05-02 15:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 15:10 - 2014-05-02 15:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-01 13:53 - 2014-05-01 13:53 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Introversion
2014-04-28 18:58 - 2014-05-14 20:15 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-04-28 03:08 - 2014-04-28 03:08 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\CrashDumps
2014-04-28 01:08 - 2014-04-28 01:08 - 00262192 _____ () C:\Windows\Minidump\042814-46328-01.dmp
2014-04-28 01:06 - 2013-12-17 09:36 - 29339936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 22104352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 15930288 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 15699056 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 13656024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 12947384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 11311392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-04-28 01:06 - 2013-12-17 09:36 - 09281544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 07721112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 07598080 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 06330064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 02971424 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 02789664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 02367776 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 02007840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432762.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432762.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00458528 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00388384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00032544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-04-28 01:03 - 2014-04-28 01:03 - 00003132 _____ () C:\Windows\System32\Tasks\USER_ESRV_SVC
2014-04-28 01:03 - 2014-04-28 01:03 - 00002060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care (Desktop).lnk
2014-04-28 01:03 - 2014-04-28 01:03 - 00001992 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Manual.lnk
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Schach\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Schach
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\rahel_000\AppData\Roaming\iolo
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Gast
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Administrator
2014-04-25 17:46 - 2014-04-25 17:46 - 00295656 _____ () C:\Windows\Minidump\042514-35578-01.dmp
2014-04-25 17:43 - 2014-04-25 17:43 - 02143832 _____ () C:\Users\rahel_000\Downloads\instsf449.exe
2014-04-25 17:36 - 2014-04-25 17:37 - 00292104 _____ () C:\Windows\Minidump\042514-36828-01.dmp
2014-04-25 17:35 - 2014-04-25 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-04-25 17:35 - 2014-04-25 17:44 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-04-24 13:04 - 2014-04-24 13:51 - 00000000 ____D () C:\Users\Fuchs\Documents\Matur
2014-04-23 17:48 - 2014-04-23 17:48 - 00000000 ____D () C:\Users\rahel_000\Documents\Games for Windows - LIVE Demos
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-04-23 17:44 - 2014-04-23 17:44 - 00642712 _____ (Microsoft Corporation) C:\Users\rahel_000\Downloads\gfwlivesetup.exe
2014-04-23 17:43 - 2014-04-23 17:43 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\Macromedia
2014-04-23 17:41 - 2014-05-21 23:16 - 00000000 ____D () C:\Update
2014-04-23 17:38 - 2014-04-23 17:38 - 00000000 __SHD () C:\Users\rahel_000\AppData\Local\EmieUserList
2014-04-23 17:38 - 2014-04-23 17:38 - 00000000 __SHD () C:\Users\rahel_000\AppData\Local\EmieSiteList
2014-04-22 22:45 - 2014-04-22 22:45 - 00000000 ____D () C:\Users\dub_cm_auto
2014-04-22 11:51 - 2014-04-22 12:21 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\.minecraft

==================== One Month Modified Files and Folders =======

2014-05-22 08:50 - 2014-05-21 22:34 - 00023955 _____ () C:\Users\rahel_000\Downloads\FRST.txt
2014-05-22 08:50 - 2014-05-21 22:03 - 00000000 ____D () C:\FRST
2014-05-22 08:49 - 2014-03-29 22:04 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1446757697-2309439942-254719417-1002
2014-05-22 08:48 - 2014-05-22 08:48 - 00000750 _____ () C:\Users\rahel_000\Desktop\JRT.txt
2014-05-22 08:42 - 2014-05-22 08:42 - 00000000 ____D () C:\Windows\ERUNT
2014-05-22 08:41 - 2014-03-31 22:19 - 00000000 ____D () C:\Users\rahel_000\AppData\Roaming\ClassicShell
2014-05-22 08:39 - 2014-05-22 08:39 - 01016261 _____ (Thisisu) C:\Users\rahel_000\Downloads\JRT.exe
2014-05-22 08:39 - 2014-05-22 08:39 - 00005871 _____ () C:\Users\rahel_000\Desktop\AdwCleaner[S0].txt
2014-05-22 08:38 - 2014-01-26 01:52 - 02007892 _____ () C:\Windows\WindowsUpdate.log
2014-05-22 08:36 - 2013-09-13 23:00 - 00010174 _____ () C:\Windows\PFRO.log
2014-05-22 08:36 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-22 08:35 - 2014-05-22 08:32 - 00000000 ____D () C:\AdwCleaner
2014-05-22 08:32 - 2014-05-22 08:31 - 01326389 _____ () C:\Users\rahel_000\Desktop\adwcleaner_3.210.exe
2014-05-22 08:31 - 2014-05-22 08:31 - 00004566 _____ () C:\Users\rahel_000\Desktop\mbam.txt
2014-05-22 08:29 - 2014-05-22 08:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-22 08:15 - 2014-03-30 01:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-22 08:13 - 2014-05-22 08:13 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-22 08:13 - 2014-05-22 08:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-22 08:13 - 2014-05-22 08:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-22 08:13 - 2014-05-22 08:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-22 08:11 - 2014-05-22 08:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\rahel_000\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-22 08:07 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-05-22 08:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-05-22 07:53 - 2014-05-22 07:53 - 00001280 _____ () C:\Users\rahel_000\Desktop\Revo Uninstaller.lnk
2014-05-22 07:53 - 2014-05-22 07:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-22 07:52 - 2014-05-22 07:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\rahel_000\Downloads\revosetup95.exe
2014-05-22 01:21 - 2014-03-30 01:55 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-22 01:21 - 2014-03-30 01:44 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\ClassicShell
2014-05-22 01:07 - 2014-03-30 01:01 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1446757697-2309439942-254719417-1005
2014-05-22 00:30 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-05-21 23:28 - 2014-05-21 22:14 - 00009961 _____ () C:\Users\rahel_000\Desktop\gmer.txt
2014-05-21 23:27 - 2014-05-21 21:17 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\NPE
2014-05-21 23:16 - 2014-04-23 17:41 - 00000000 ____D () C:\Update
2014-05-21 23:09 - 2014-05-21 22:53 - 00000000 ____D () C:\NPE
2014-05-21 23:06 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-05-21 23:04 - 2014-05-21 23:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-21 23:04 - 2014-05-21 23:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-21 23:04 - 2014-05-21 23:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-21 23:04 - 2014-05-21 23:04 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-21 23:04 - 2014-05-21 23:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-21 23:04 - 2014-05-21 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-21 23:04 - 2014-05-21 23:04 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-21 23:03 - 2014-05-21 23:03 - 00921512 _____ (Oracle Corporation) C:\Users\rahel_000\Downloads\jxpiinstall.exe
2014-05-21 23:02 - 2014-05-21 23:02 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-05-21 23:02 - 2014-01-26 02:01 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2014-05-21 23:02 - 2014-01-26 01:58 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-05-21 23:01 - 2014-01-26 09:30 - 00000000 ____D () C:\Program Files\Sony
2014-05-21 23:01 - 2014-01-26 01:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-21 22:56 - 2014-05-21 22:56 - 00980106 _____ () C:\Users\rahel_000\Desktop\Info20140521225334.xml
2014-05-21 22:51 - 2014-05-21 22:51 - 03077584 ____N (Symantec Corporation) C:\Users\rahel_000\Downloads\NPE.exe
2014-05-21 22:35 - 2014-05-21 22:35 - 00045387 _____ () C:\Users\rahel_000\Desktop\Addition.txt
2014-05-21 22:34 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-05-21 22:28 - 2014-03-30 02:05 - 00000000 ____D () C:\Users\rahel_000\AppData\Roaming\HpUpdate
2014-05-21 22:27 - 2014-05-21 22:26 - 00058247 _____ () C:\Users\rahel_000\Desktop\FRST.txt
2014-05-21 22:25 - 2014-05-21 22:25 - 02067456 _____ (Farbar) C:\Users\rahel_000\Downloads\FRST64.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00380416 _____ () C:\Users\rahel_000\Downloads\Gmer-19357.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00050477 _____ () C:\Users\rahel_000\Downloads\Defogger.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00000474 _____ () C:\Users\rahel_000\Desktop\defogger_disable.log
2014-05-21 22:22 - 2014-03-29 22:01 - 00000000 ___RD () C:\Users\rahel_000\SkyDrive
2014-05-21 22:22 - 2014-03-29 21:57 - 00000000 ___RD () C:\Users\rahel_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-21 22:22 - 2014-03-29 21:57 - 00000000 ___RD () C:\Users\rahel_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-21 22:13 - 2014-03-30 00:58 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6EB015A1-94C7-4988-A780-46552CF01F96}
2014-05-21 22:10 - 2014-03-30 01:50 - 00154112 ___SH () C:\Users\Fuchs\Downloads\Thumbs.db
2014-05-21 22:06 - 2014-05-21 22:06 - 00380416 _____ () C:\Users\Fuchs\Downloads\Gmer-19357.exe
2014-05-21 22:04 - 2014-05-21 22:04 - 00048595 _____ () C:\Users\Fuchs\Desktop\FRST.txt
2014-05-21 22:04 - 2014-05-21 22:04 - 00031958 _____ () C:\Users\Fuchs\Desktop\Addition.txt
2014-05-21 22:02 - 2014-05-21 22:02 - 02067456 _____ (Farbar) C:\Users\Fuchs\Downloads\FRST64(1).exe
2014-05-21 22:00 - 2014-05-21 22:00 - 00576495 _____ () C:\Users\Fuchs\Downloads\FRST64.exe
2014-05-21 22:00 - 2014-05-21 22:00 - 00000474 _____ () C:\Users\Fuchs\Desktop\defogger_disable.log
2014-05-21 22:00 - 2014-05-21 22:00 - 00000000 _____ () C:\Users\rahel_000\defogger_reenable
2014-05-21 22:00 - 2014-03-29 21:55 - 00000000 ____D () C:\Users\rahel_000
2014-05-21 21:59 - 2014-05-21 21:59 - 00050477 _____ () C:\Users\Fuchs\Downloads\Defogger.exe
2014-05-21 21:18 - 2014-03-29 23:16 - 00000000 ____D () C:\ProgramData\Norton
2014-05-21 21:17 - 2014-05-21 21:17 - 03077584 ____N (Symantec Corporation) C:\Users\Fuchs\Downloads\NPE.exe
2014-05-21 19:07 - 2014-03-30 00:56 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Adobe
2014-05-21 19:07 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-21 19:04 - 2014-03-30 00:56 - 00000000 ____D () C:\Users\Fuchs
2014-05-18 21:12 - 2014-03-29 23:18 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-16 23:32 - 2013-08-22 16:46 - 00019789 _____ () C:\Windows\setupact.log
2014-05-16 23:12 - 2014-03-30 10:31 - 00000000 ____D () C:\ProgramData\Origin
2014-05-16 23:12 - 2014-03-30 10:31 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-16 21:19 - 2014-05-16 21:19 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-16 21:19 - 2014-01-26 02:25 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-05-16 21:18 - 2014-05-16 21:18 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\WildTangent
2014-05-16 21:18 - 2014-01-26 02:25 - 00000000 ____D () C:\ProgramData\WildTangent
2014-05-16 20:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-16 16:49 - 2014-03-30 00:56 - 00000000 ___RD () C:\Users\Fuchs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 16:49 - 2014-03-30 00:56 - 00000000 ___RD () C:\Users\Fuchs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 01:01 - 2014-05-16 01:01 - 00000000 ____D () C:\5a79d5eb9d2d0944646633
2014-05-16 01:01 - 2014-03-30 00:06 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 22:24 - 2014-03-30 03:04 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\Apple Computer
2014-05-14 20:15 - 2014-04-28 18:58 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-14 20:15 - 2014-03-30 01:25 - 00003766 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 20:03 - 2014-03-30 00:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-12 07:26 - 2014-05-22 08:13 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-22 08:13 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-22 08:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-12 00:57 - 2014-03-30 10:28 - 00000000 ____D () C:\Users\Fuchs\Documents\Französisch
2014-05-11 19:54 - 2014-05-10 18:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-11 14:39 - 2014-03-30 00:56 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Packages
2014-05-10 18:48 - 2014-05-10 16:24 - 00001310 _____ () C:\Users\Public\Desktop\WildStar.lnk
2014-05-10 16:24 - 2014-05-10 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2014-05-10 16:24 - 2014-05-10 16:24 - 00000000 ____D () C:\Program Files (x86)\NCSOFT
2014-05-10 16:22 - 2014-05-10 16:22 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\NCSOFT
2014-05-10 16:22 - 2014-05-10 16:22 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\NCSOFT
2014-05-10 16:11 - 2014-05-10 16:11 - 10527224 _____ (NCSOFT) C:\Users\Fuchs\Downloads\Wildstar(2).exe
2014-05-10 16:07 - 2014-05-10 16:07 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-05-10 16:07 - 2014-03-30 10:38 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\Origin
2014-05-10 16:07 - 2014-03-30 10:37 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Origin
2014-05-07 00:12 - 2014-04-10 21:11 - 00000000 ____D () C:\ProgramData\CyberLink
2014-05-06 18:22 - 2014-03-30 13:46 - 00080997 _____ () C:\Windows\DirectX.log
2014-05-06 18:06 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-06 06:40 - 2014-05-15 18:37 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:25 - 2014-05-15 18:37 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:00 - 2014-05-15 18:37 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 18:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 00:23 - 2014-05-04 00:23 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-05-02 15:10 - 2014-05-02 15:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 15:10 - 2014-05-02 15:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-01 22:30 - 2013-08-22 17:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 22:30 - 2013-08-22 17:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-01 13:53 - 2014-05-01 13:53 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Introversion
2014-04-28 03:08 - 2014-04-28 03:08 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\CrashDumps
2014-04-28 01:28 - 2014-01-26 02:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home
2014-04-28 01:08 - 2014-04-28 01:08 - 00262192 _____ () C:\Windows\Minidump\042814-46328-01.dmp
2014-04-28 01:08 - 2014-04-02 17:52 - 774908773 _____ () C:\Windows\MEMORY.DMP
2014-04-28 01:08 - 2014-04-02 17:52 - 00000000 ____D () C:\Windows\Minidump
2014-04-28 01:08 - 2014-01-26 01:52 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-04-28 01:08 - 2014-01-26 01:52 - 00000000 ____D () C:\Windows\system32\NV
2014-04-28 01:08 - 2014-01-26 01:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-28 01:03 - 2014-04-28 01:03 - 00003132 _____ () C:\Windows\System32\Tasks\USER_ESRV_SVC
2014-04-28 01:03 - 2014-04-28 01:03 - 00002060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care (Desktop).lnk
2014-04-28 01:03 - 2014-04-28 01:03 - 00001992 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Manual.lnk
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Schach\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Schach
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\rahel_000\AppData\Roaming\iolo
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Gast
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Administrator
2014-04-28 01:03 - 2014-01-26 01:58 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-04-28 01:03 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-04-28 01:01 - 2014-01-26 02:35 - 00013792 _____ () C:\Windows\system32\Drivers\semav6thermal64ro.sys
2014-04-27 00:47 - 2014-03-30 01:52 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\Skype
2014-04-25 17:52 - 2014-04-25 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-04-25 17:46 - 2014-04-25 17:46 - 00295656 _____ () C:\Windows\Minidump\042514-35578-01.dmp
2014-04-25 17:44 - 2014-04-25 17:35 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-04-25 17:43 - 2014-04-25 17:43 - 02143832 _____ () C:\Users\rahel_000\Downloads\instsf449.exe
2014-04-25 17:37 - 2014-04-25 17:36 - 00292104 _____ () C:\Windows\Minidump\042514-36828-01.dmp
2014-04-24 13:51 - 2014-04-24 13:04 - 00000000 ____D () C:\Users\Fuchs\Documents\Matur
2014-04-23 17:48 - 2014-04-23 17:48 - 00000000 ____D () C:\Users\rahel_000\Documents\Games for Windows - LIVE Demos
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-04-23 17:44 - 2014-04-23 17:44 - 00642712 _____ (Microsoft Corporation) C:\Users\rahel_000\Downloads\gfwlivesetup.exe
2014-04-23 17:43 - 2014-04-23 17:43 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\Macromedia
2014-04-23 17:38 - 2014-04-23 17:38 - 00000000 __SHD () C:\Users\rahel_000\AppData\Local\EmieUserList
2014-04-23 17:38 - 2014-04-23 17:38 - 00000000 __SHD () C:\Users\rahel_000\AppData\Local\EmieSiteList
2014-04-22 22:45 - 2014-04-22 22:45 - 00000000 ____D () C:\Users\dub_cm_auto
2014-04-22 12:21 - 2014-04-22 11:51 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\.minecraft

Some content of TEMP:
====================
C:\Users\Fuchs\AppData\Local\Temp\COMAP.EXE
C:\Users\Fuchs\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\rahel_000\AppData\Local\Temp\ClassicShellSetup_4_0_4.exe
C:\Users\rahel_000\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\rahel_000\AppData\Local\Temp\Quarantine.exe
C:\Users\rahel_000\AppData\Local\Temp\readSTILog.dll
C:\Users\rahel_000\AppData\Local\Temp\sdanircmdc.exe
C:\Users\rahel_000\AppData\Local\Temp\sdapskill.exe
C:\Users\rahel_000\AppData\Local\Temp\sdaspwn.exe
C:\Users\rahel_000\AppData\Local\Temp\sfamcc00001.dll
C:\Users\rahel_000\AppData\Local\Temp\sfareca00001.dll
C:\Users\rahel_000\AppData\Local\Temp\sfextra.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-21 19:34

==================== End Of Log ============================
         
--- --- ---

--- --- ---
__________________

Alt 23.05.2014, 10:47   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen - Standard

Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.05.2014, 08:06   #5
Pandorae
 
Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen - Standard

Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen



Hallo,

Ich selber würde jetzt keine Probleme mehr sehen, da der Internet Security Scan nichts mehr findet. Aber anscheinend gibts es ja doch noch Probleme, wenn der ESET Scanner etwas findet. Dass ich, wenn ich Firefox starte, auf einer anderen Seite als meiner gewünschten Startseite lande, konnte ja auch entfernt werden und das war auch das, was ich hauptsächtlich bemerkte.

Liebe Grüsse
Rahel

ESET-Log:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6e843fbb032f4744bc9766f3a3925ae6
# engine=18390
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-24 02:07:57
# local_time=2014-05-24 04:07:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode=3591 16777213 100 88 1739755 163493862 0 0
# compatibility_mode=5893 16776574 100 94 0 25778570 0 0
# scanned=614272
# found=32
# cleaned=0
# scan_time=13407
sh=6736252706F89DFC6899FEE6C360D8BFBF401BEC ft=1 fh=374276c930bcde15 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF10.dll"
sh=7909DF2339D78F00C24092FFF9491317AB954316 ft=1 fh=2ff184a74c05a271 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF11.dll"
sh=E5FCE2519122FAF40529BA6294CB3F0844E0C738 ft=1 fh=f13e05a62680f109 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF12.dll"
sh=EFC055DC03DD7698ABBFB92718A7777E2973F079 ft=1 fh=6ef019d475ea6325 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF13.dll"
sh=D2859A7F5E059C24ED68665DA69EDF33A7352D55 ft=1 fh=357742a168447bbd vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF14.dll"
sh=5F46910AFA74FD8EE8574E183A04B8E781F1A249 ft=1 fh=9887df60e379ba2f vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF15.dll"
sh=D755D4C9CC3700F4869589360F53F61B6CC2CC72 ft=1 fh=ce2f72d226aff2b4 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF16.dll"
sh=D5224E3374B861B523BC618B725D88774D077E39 ft=1 fh=c6333adf6866c44f vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF17.dll"
sh=B538DC950FD59AA3F4D1349FE0BD2E2B92603612 ft=1 fh=21900040b5af4e8e vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF18.dll"
sh=B785203A7E1C00F93B888EB494B33EA5D108571E ft=1 fh=fe3406bdfbae635e vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF19.dll"
sh=11A9C493387FFF75D1DDEDBB8F4449CD06DF8C93 ft=1 fh=005351c573d9875e vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF2.dll"
sh=7AE7378589350EA7FF89791FB017E371E653A5B7 ft=1 fh=f8ea411c78bbb34f vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF20.dll"
sh=DFEDDDF25967D22BBDFC60DAB1911B85FEE88D01 ft=1 fh=dc927e8494037489 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF21.dll"
sh=693DE5FECAD1B00542B339DD2F9A529B4A06A5E2 ft=1 fh=e35a43df301ed0c6 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF22.dll"
sh=4ED4F94AF4D97B67412714D0747B45CF0FD6B2DA ft=1 fh=0444909e9111ddc6 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF23.dll"
sh=1AFC1DF188673069ACE2163F696052C1ECB08144 ft=1 fh=9a5377a5e8bddacd vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF24.dll"
sh=75E809C271D5E5ADE512E408C9EA5ADE196DE89C ft=1 fh=7061a52b9960f21b vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF25.dll"
sh=C400C8D7DA9B44EF26D343A43D7079E4A87AF733 ft=1 fh=dbd9550bceae1ea9 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF26.dll"
sh=4E650F2C07952D0925C8D71B2B0D36B410D27C51 ft=1 fh=e213dfeb1eda7c6b vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF27.dll"
sh=BD6032EF269C1FFAB0931168C6B5CBFE0D8AAF72 ft=1 fh=076f8ebd13e4e9b1 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF28.dll"
sh=764939C29CA79FC7F2802ABCE2CD20C6244BA0BF ft=1 fh=3561307f0699aa6f vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF29.dll"
sh=7670B37DBB5192661C56908529F0C994E45A6954 ft=1 fh=36b8f310622c76d5 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF4.dll"
sh=FDD7DD7F09B21EB50AAC74FC235F05A594DAC4DC ft=1 fh=4edf44d6b267a41c vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF5.dll"
sh=BD07028D4DA0F02790633480206025807B0F78E2 ft=1 fh=473dff4246a7fd2a vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF6.dll"
sh=42E09CB7ADCA9A141089F3F2D45F746B1C236F98 ft=1 fh=ffd8dd6bffaac829 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF7.dll"
sh=53B8D8514A3C23F2B745FBD5C03E09BB24BF331D ft=1 fh=07e550a04c82e3f3 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF8.dll"
sh=6539535AAB146A3C27DB949B4376C7895C3731B6 ft=1 fh=e1ba3d53c2ef126c vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF9.dll"
sh=E0C5E31B4A4DAA88C64BB4CA1E304C4D70481F1F ft=1 fh=626d7421e12db363 vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="E:\Datentransfer_zu_Sony_Vaio\Downloads\cbsidlm-cbsi145-JoyToKey-ORG-75220348.exe"
sh=A7BD555A46FD823EEF3798E79FA191A7E2C22031 ft=1 fh=53ec8d2c3f3ac30a vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="E:\Datentransfer_zu_Sony_Vaio\Downloads\gimp-2.8.8-setup - CHIP-Downloader.exe"
sh=1F103692D20FB119B64F951B27CFE9E5AB2DE301 ft=1 fh=8edf59d8455c51dd vn="Variante von Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="E:\Datentransfer_zu_Sony_Vaio\Downloads\HC2Setup.exe"
sh=4AF149084322DBB9BA0198F3A0BF4EAF1437EA38 ft=1 fh=c2f4d7b67b427a0a vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="E:\Datentransfer_zu_Sony_Vaio\Downloads\openfreely_1296.exe"
sh=79274AFC84B8E582B917235D331C935FECC422FD ft=1 fh=6ec544a0c04266dd vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="E:\Datentransfer_zu_Sony_Vaio\Downloads\Recuva - CHIP-Downloader.exe"
         
Checkup-Log:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.83  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender           
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 55  
 Adobe Flash Player 	13.0.0.214  
 Adobe Reader XI  
 Mozilla Firefox (29.0.1) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
Ran by Schach (administrator) on SOKRATES on 24-05-2014 08:52:33
Running from C:\Users\rahel_000\Desktop
Platform: Windows 8.1 (Update 1) (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VAIO Clip.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-10-28] (Realtek Semiconductor)
HKLM\...\Run: [Bluetooth] => c:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [534232 2013-09-25] (Broadcom Corporation.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM\...\Run: [HP LaserJet 200 color MFP M276 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2011-10-10] (Hewlett-Packard Company)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2362392 2013-11-21] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1446757697-2309439942-254719417-1002\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-1446757697-2309439942-254719417-1002\...\MountPoints2: {a8772377-8618-11e3-824f-806e6f6e6963} - "D:\SETUP.EXE" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.2.0.38
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://vaioportal.sony.eu
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.2.0.38
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchURL = hxxp://home.microsoft.com/access/autosearch.asp?p=%s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {01EEB4B6-0C7E-4EFA-836B-74AC56DE4CFC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=SEJB
SearchScopes: HKCU - {CECE89A5-3192-4691-BDE0-BBAD40157163} URL = hxxp://rover.ebay.com/rover/1/5222-42442-16445-29/4?mpre=hxxp://shop.ebay.ch/?oemInLn=ieSrch-&_nkw={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default
FF Homepage: https://www.google.ch/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Popular Website Buddy - C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\Extensions\jid1-l6V8exwLVv1lBw@jetpack [2014-03-30]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF [2014-03-29]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn\ []

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-10-28] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-16] (WildTangent)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company)
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-18] (Intel Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-27] (Sony Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2013-11-21] (Sony Corporation)
R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; c:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7488176 2014-01-26] (Broadcom Corporation)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-03-29] (Symantec Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140523.001\IDSvia64.sys [525016 2014-03-28] (Symantec Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-20] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140523.017\ENG64.SYS [126040 2014-03-29] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140523.017\EX64.SYS [2099288 2014-03-29] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2013-10-09] (Realsil Semiconductor Corporation)
S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-04-28] ()
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-28] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1503000.00C\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1503000.00C\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-03-29] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R3 SymNetS; C:\Windows\system32\drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 xusb22; C:\Windows\system32\DRIVERS\xusb22.sys [87040 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-24 08:48 - 2014-05-24 08:48 - 00854367 _____ () C:\Users\rahel_000\Desktop\SecurityCheck.exe
2014-05-24 00:19 - 2014-05-24 00:20 - 02347384 _____ (ESET) C:\Users\rahel_000\Downloads\esetsmartinstaller_deu.exe
2014-05-22 22:26 - 2014-05-22 22:26 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Daedalic Entertainment GmbH
2014-05-22 22:26 - 2014-05-22 22:26 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-22 08:48 - 2014-05-22 08:48 - 00000750 _____ () C:\Users\rahel_000\Desktop\JRT.txt
2014-05-22 08:42 - 2014-05-22 08:42 - 00000000 ____D () C:\Windows\ERUNT
2014-05-22 08:39 - 2014-05-22 08:39 - 01016261 _____ (Thisisu) C:\Users\rahel_000\Downloads\JRT.exe
2014-05-22 08:39 - 2014-05-22 08:39 - 00005871 _____ () C:\Users\rahel_000\Desktop\AdwCleaner[S0].txt
2014-05-22 08:32 - 2014-05-22 08:35 - 00000000 ____D () C:\AdwCleaner
2014-05-22 08:31 - 2014-05-22 08:32 - 01326389 _____ () C:\Users\rahel_000\Desktop\adwcleaner_3.210.exe
2014-05-22 08:31 - 2014-05-22 08:31 - 00004566 _____ () C:\Users\rahel_000\Desktop\mbam.txt
2014-05-22 08:14 - 2014-05-22 08:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-22 08:13 - 2014-05-22 08:13 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-22 08:13 - 2014-05-22 08:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-22 08:13 - 2014-05-22 08:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-22 08:13 - 2014-05-22 08:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-22 08:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-22 08:13 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-22 08:13 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-22 08:11 - 2014-05-22 08:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\rahel_000\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-22 07:53 - 2014-05-22 07:53 - 00001280 _____ () C:\Users\rahel_000\Desktop\Revo Uninstaller.lnk
2014-05-22 07:53 - 2014-05-22 07:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-22 07:52 - 2014-05-22 07:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\rahel_000\Downloads\revosetup95.exe
2014-05-21 23:04 - 2014-05-21 23:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-21 23:04 - 2014-05-21 23:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-21 23:04 - 2014-05-21 23:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-21 23:04 - 2014-05-21 23:04 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-21 23:04 - 2014-05-21 23:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-21 23:04 - 2014-05-21 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-21 23:04 - 2014-05-21 23:04 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-21 23:03 - 2014-05-21 23:03 - 00921512 _____ (Oracle Corporation) C:\Users\rahel_000\Downloads\jxpiinstall.exe
2014-05-21 23:02 - 2014-05-21 23:02 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-05-21 22:56 - 2014-05-21 22:56 - 00980106 _____ () C:\Users\rahel_000\Desktop\Info20140521225334.xml
2014-05-21 22:53 - 2014-05-21 23:09 - 00000000 ____D () C:\NPE
2014-05-21 22:51 - 2014-05-21 22:51 - 03077584 ____N (Symantec Corporation) C:\Users\rahel_000\Downloads\NPE.exe
2014-05-21 22:35 - 2014-05-21 22:35 - 00045387 _____ () C:\Users\rahel_000\Desktop\Addition.txt
2014-05-21 22:34 - 2014-05-22 08:50 - 00060443 _____ () C:\Users\rahel_000\Downloads\FRST.txt
2014-05-21 22:26 - 2014-05-24 08:52 - 00023997 _____ () C:\Users\rahel_000\Desktop\FRST.txt
2014-05-21 22:25 - 2014-05-21 22:25 - 02067456 _____ (Farbar) C:\Users\rahel_000\Desktop\FRST64.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00380416 _____ () C:\Users\rahel_000\Downloads\Gmer-19357.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00050477 _____ () C:\Users\rahel_000\Downloads\Defogger.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00000474 _____ () C:\Users\rahel_000\Desktop\defogger_disable.log
2014-05-21 22:14 - 2014-05-21 23:28 - 00009961 _____ () C:\Users\rahel_000\Desktop\gmer.txt
2014-05-21 22:06 - 2014-05-21 22:06 - 00380416 _____ () C:\Users\Fuchs\Downloads\Gmer-19357.exe
2014-05-21 22:03 - 2014-05-24 08:52 - 00000000 ____D () C:\FRST
2014-05-21 22:02 - 2014-05-21 22:02 - 02067456 _____ (Farbar) C:\Users\Fuchs\Downloads\FRST64(1).exe
2014-05-21 22:00 - 2014-05-21 22:00 - 00576495 _____ () C:\Users\Fuchs\Downloads\FRST64.exe
2014-05-21 22:00 - 2014-05-21 22:00 - 00000000 _____ () C:\Users\rahel_000\defogger_reenable
2014-05-21 21:59 - 2014-05-21 21:59 - 00050477 _____ () C:\Users\Fuchs\Downloads\Defogger.exe
2014-05-21 21:17 - 2014-05-21 23:27 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\NPE
2014-05-21 21:17 - 2014-05-21 21:17 - 03077584 ____N (Symantec Corporation) C:\Users\Fuchs\Downloads\NPE.exe
2014-05-16 21:19 - 2014-05-16 21:19 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-16 21:18 - 2014-05-16 21:18 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\WildTangent
2014-05-16 01:01 - 2014-05-16 01:01 - 00000000 ____D () C:\5a79d5eb9d2d0944646633
2014-05-15 19:43 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\Windows\system32\mrt_map.dll
2014-05-15 19:43 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\Windows\system32\mrt100.dll
2014-05-15 19:43 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt_map.dll
2014-05-15 19:43 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt100.dll
2014-05-15 19:43 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-15 19:43 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-05-15 19:43 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-15 19:43 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-05-15 19:43 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-05-15 18:38 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-05-15 18:38 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-05-15 18:38 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2014-05-15 18:38 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-05-15 18:38 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-05-15 18:38 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-05-15 18:38 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-05-15 18:38 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-05-15 18:38 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-05-15 18:38 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-05-15 18:38 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 18:38 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-05-15 18:38 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 18:38 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-05-15 18:38 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-05-15 18:38 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-05-15 18:38 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-05-15 18:38 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-05-15 18:38 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-05-15 18:38 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-05-15 18:38 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-05-15 18:38 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-05-15 18:38 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-05-15 18:38 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-05-15 18:38 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-15 18:38 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-05-15 18:38 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-15 18:37 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 18:37 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 18:37 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 18:37 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 18:37 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 18:37 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-10 18:43 - 2014-05-11 19:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 16:24 - 2014-05-10 18:48 - 00001310 _____ () C:\Users\Public\Desktop\WildStar.lnk
2014-05-10 16:24 - 2014-05-10 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2014-05-10 16:24 - 2014-05-10 16:24 - 00000000 ____D () C:\Program Files (x86)\NCSOFT
2014-05-10 16:22 - 2014-05-10 16:22 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\NCSOFT
2014-05-10 16:22 - 2014-05-10 16:22 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\NCSOFT
2014-05-10 16:11 - 2014-05-10 16:11 - 10527224 _____ (NCSOFT) C:\Users\Fuchs\Downloads\Wildstar(2).exe
2014-05-10 16:07 - 2014-05-10 16:07 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-05-04 00:23 - 2014-05-04 00:23 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-05-02 15:10 - 2014-05-02 15:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 15:10 - 2014-05-02 15:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-01 13:53 - 2014-05-01 13:53 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Introversion
2014-04-28 18:58 - 2014-05-14 20:15 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-04-28 03:08 - 2014-04-28 03:08 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\CrashDumps
2014-04-28 01:08 - 2014-04-28 01:08 - 00262192 _____ () C:\Windows\Minidump\042814-46328-01.dmp
2014-04-28 01:06 - 2013-12-17 09:36 - 29339936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 22104352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 15930288 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 15699056 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 13656024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 12947384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 11311392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-04-28 01:06 - 2013-12-17 09:36 - 09281544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 07721112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 07598080 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 06330064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 02971424 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 02789664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 02367776 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 02007840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432762.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432762.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00458528 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00388384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00032544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-04-28 01:03 - 2014-04-28 01:03 - 00003132 _____ () C:\Windows\System32\Tasks\USER_ESRV_SVC
2014-04-28 01:03 - 2014-04-28 01:03 - 00002060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care (Desktop).lnk
2014-04-28 01:03 - 2014-04-28 01:03 - 00001992 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Manual.lnk
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Schach\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Schach
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\rahel_000\AppData\Roaming\iolo
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Gast
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Administrator
2014-04-25 17:46 - 2014-04-25 17:46 - 00295656 _____ () C:\Windows\Minidump\042514-35578-01.dmp
2014-04-25 17:43 - 2014-04-25 17:43 - 02143832 _____ () C:\Users\rahel_000\Downloads\instsf449.exe
2014-04-25 17:36 - 2014-04-25 17:37 - 00292104 _____ () C:\Windows\Minidump\042514-36828-01.dmp
2014-04-25 17:35 - 2014-04-25 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-04-25 17:35 - 2014-04-25 17:44 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-04-24 13:04 - 2014-04-24 13:51 - 00000000 ____D () C:\Users\Fuchs\Documents\Matur

==================== One Month Modified Files and Folders =======

2014-05-24 08:52 - 2014-05-21 22:26 - 00023997 _____ () C:\Users\rahel_000\Desktop\FRST.txt
2014-05-24 08:52 - 2014-05-21 22:03 - 00000000 ____D () C:\FRST
2014-05-24 08:51 - 2014-03-31 22:19 - 00000000 ____D () C:\Users\rahel_000\AppData\Roaming\ClassicShell
2014-05-24 08:48 - 2014-05-24 08:48 - 00854367 _____ () C:\Users\rahel_000\Desktop\SecurityCheck.exe
2014-05-24 08:15 - 2014-03-30 01:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-24 08:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-05-24 04:14 - 2014-03-29 22:04 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1446757697-2309439942-254719417-1002
2014-05-24 04:10 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-05-24 00:22 - 2014-01-26 09:20 - 00801394 _____ () C:\Windows\system32\perfh00C.dat
2014-05-24 00:22 - 2014-01-26 09:20 - 00158846 _____ () C:\Windows\system32\perfc00C.dat
2014-05-24 00:22 - 2014-01-26 09:10 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-05-24 00:22 - 2014-01-26 09:10 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-05-24 00:22 - 2013-09-13 23:06 - 02737336 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-24 00:20 - 2014-05-24 00:19 - 02347384 _____ (ESET) C:\Users\rahel_000\Downloads\esetsmartinstaller_deu.exe
2014-05-24 00:19 - 2013-08-22 16:46 - 00020584 _____ () C:\Windows\setupact.log
2014-05-24 00:11 - 2014-03-30 01:44 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\ClassicShell
2014-05-24 00:10 - 2014-03-30 00:56 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Adobe
2014-05-22 23:24 - 2014-03-30 01:55 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-22 23:18 - 2014-01-26 01:52 - 01213945 _____ () C:\Windows\WindowsUpdate.log
2014-05-22 23:16 - 2014-03-30 01:01 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1446757697-2309439942-254719417-1005
2014-05-22 23:15 - 2014-03-30 00:58 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6EB015A1-94C7-4988-A780-46552CF01F96}
2014-05-22 22:26 - 2014-05-22 22:26 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Daedalic Entertainment GmbH
2014-05-22 22:26 - 2014-05-22 22:26 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-22 08:50 - 2014-05-21 22:34 - 00060443 _____ () C:\Users\rahel_000\Downloads\FRST.txt
2014-05-22 08:48 - 2014-05-22 08:48 - 00000750 _____ () C:\Users\rahel_000\Desktop\JRT.txt
2014-05-22 08:42 - 2014-05-22 08:42 - 00000000 ____D () C:\Windows\ERUNT
2014-05-22 08:39 - 2014-05-22 08:39 - 01016261 _____ (Thisisu) C:\Users\rahel_000\Downloads\JRT.exe
2014-05-22 08:39 - 2014-05-22 08:39 - 00005871 _____ () C:\Users\rahel_000\Desktop\AdwCleaner[S0].txt
2014-05-22 08:36 - 2013-09-13 23:00 - 00010174 _____ () C:\Windows\PFRO.log
2014-05-22 08:36 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-22 08:35 - 2014-05-22 08:32 - 00000000 ____D () C:\AdwCleaner
2014-05-22 08:32 - 2014-05-22 08:31 - 01326389 _____ () C:\Users\rahel_000\Desktop\adwcleaner_3.210.exe
2014-05-22 08:31 - 2014-05-22 08:31 - 00004566 _____ () C:\Users\rahel_000\Desktop\mbam.txt
2014-05-22 08:29 - 2014-05-22 08:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-22 08:13 - 2014-05-22 08:13 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-22 08:13 - 2014-05-22 08:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-22 08:13 - 2014-05-22 08:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-22 08:13 - 2014-05-22 08:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-22 08:11 - 2014-05-22 08:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\rahel_000\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-22 08:07 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-05-22 07:53 - 2014-05-22 07:53 - 00001280 _____ () C:\Users\rahel_000\Desktop\Revo Uninstaller.lnk
2014-05-22 07:53 - 2014-05-22 07:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-22 07:52 - 2014-05-22 07:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\rahel_000\Downloads\revosetup95.exe
2014-05-22 00:30 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-05-21 23:28 - 2014-05-21 22:14 - 00009961 _____ () C:\Users\rahel_000\Desktop\gmer.txt
2014-05-21 23:27 - 2014-05-21 21:17 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\NPE
2014-05-21 23:16 - 2014-04-23 17:41 - 00000000 ____D () C:\Update
2014-05-21 23:09 - 2014-05-21 22:53 - 00000000 ____D () C:\NPE
2014-05-21 23:06 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-05-21 23:04 - 2014-05-21 23:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-21 23:04 - 2014-05-21 23:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-21 23:04 - 2014-05-21 23:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-21 23:04 - 2014-05-21 23:04 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-21 23:04 - 2014-05-21 23:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-21 23:04 - 2014-05-21 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-21 23:04 - 2014-05-21 23:04 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-21 23:03 - 2014-05-21 23:03 - 00921512 _____ (Oracle Corporation) C:\Users\rahel_000\Downloads\jxpiinstall.exe
2014-05-21 23:02 - 2014-05-21 23:02 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-05-21 23:02 - 2014-01-26 02:01 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2014-05-21 23:02 - 2014-01-26 01:58 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-05-21 23:01 - 2014-01-26 09:30 - 00000000 ____D () C:\Program Files\Sony
2014-05-21 23:01 - 2014-01-26 01:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-21 22:56 - 2014-05-21 22:56 - 00980106 _____ () C:\Users\rahel_000\Desktop\Info20140521225334.xml
2014-05-21 22:51 - 2014-05-21 22:51 - 03077584 ____N (Symantec Corporation) C:\Users\rahel_000\Downloads\NPE.exe
2014-05-21 22:35 - 2014-05-21 22:35 - 00045387 _____ () C:\Users\rahel_000\Desktop\Addition.txt
2014-05-21 22:28 - 2014-03-30 02:05 - 00000000 ____D () C:\Users\rahel_000\AppData\Roaming\HpUpdate
2014-05-21 22:25 - 2014-05-21 22:25 - 02067456 _____ (Farbar) C:\Users\rahel_000\Desktop\FRST64.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00380416 _____ () C:\Users\rahel_000\Downloads\Gmer-19357.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00050477 _____ () C:\Users\rahel_000\Downloads\Defogger.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00000474 _____ () C:\Users\rahel_000\Desktop\defogger_disable.log
2014-05-21 22:22 - 2014-03-29 22:01 - 00000000 ___RD () C:\Users\rahel_000\SkyDrive
2014-05-21 22:22 - 2014-03-29 21:57 - 00000000 ___RD () C:\Users\rahel_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-21 22:22 - 2014-03-29 21:57 - 00000000 ___RD () C:\Users\rahel_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-21 22:10 - 2014-03-30 01:50 - 00154112 ___SH () C:\Users\Fuchs\Downloads\Thumbs.db
2014-05-21 22:06 - 2014-05-21 22:06 - 00380416 _____ () C:\Users\Fuchs\Downloads\Gmer-19357.exe
2014-05-21 22:02 - 2014-05-21 22:02 - 02067456 _____ (Farbar) C:\Users\Fuchs\Downloads\FRST64(1).exe
2014-05-21 22:00 - 2014-05-21 22:00 - 00576495 _____ () C:\Users\Fuchs\Downloads\FRST64.exe
2014-05-21 22:00 - 2014-05-21 22:00 - 00000000 _____ () C:\Users\rahel_000\defogger_reenable
2014-05-21 22:00 - 2014-03-29 21:55 - 00000000 ____D () C:\Users\rahel_000
2014-05-21 21:59 - 2014-05-21 21:59 - 00050477 _____ () C:\Users\Fuchs\Downloads\Defogger.exe
2014-05-21 21:18 - 2014-03-29 23:16 - 00000000 ____D () C:\ProgramData\Norton
2014-05-21 21:17 - 2014-05-21 21:17 - 03077584 ____N (Symantec Corporation) C:\Users\Fuchs\Downloads\NPE.exe
2014-05-21 19:07 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-21 19:04 - 2014-03-30 00:56 - 00000000 ____D () C:\Users\Fuchs
2014-05-18 21:12 - 2014-03-29 23:18 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-16 23:12 - 2014-03-30 10:31 - 00000000 ____D () C:\ProgramData\Origin
2014-05-16 23:12 - 2014-03-30 10:31 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-16 21:19 - 2014-05-16 21:19 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-16 21:19 - 2014-01-26 02:25 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-05-16 21:18 - 2014-05-16 21:18 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\WildTangent
2014-05-16 21:18 - 2014-01-26 02:25 - 00000000 ____D () C:\ProgramData\WildTangent
2014-05-16 20:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-16 16:49 - 2014-03-30 00:56 - 00000000 ___RD () C:\Users\Fuchs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 16:49 - 2014-03-30 00:56 - 00000000 ___RD () C:\Users\Fuchs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 01:01 - 2014-05-16 01:01 - 00000000 ____D () C:\5a79d5eb9d2d0944646633
2014-05-16 01:01 - 2014-03-30 00:06 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 22:24 - 2014-03-30 03:04 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\Apple Computer
2014-05-14 20:15 - 2014-04-28 18:58 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-14 20:15 - 2014-03-30 01:25 - 00003766 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 20:03 - 2014-03-30 00:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-12 07:26 - 2014-05-22 08:13 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-22 08:13 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-22 08:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-12 00:57 - 2014-03-30 10:28 - 00000000 ____D () C:\Users\Fuchs\Documents\Französisch
2014-05-11 19:54 - 2014-05-10 18:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-11 14:39 - 2014-03-30 00:56 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Packages
2014-05-10 18:48 - 2014-05-10 16:24 - 00001310 _____ () C:\Users\Public\Desktop\WildStar.lnk
2014-05-10 16:24 - 2014-05-10 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2014-05-10 16:24 - 2014-05-10 16:24 - 00000000 ____D () C:\Program Files (x86)\NCSOFT
2014-05-10 16:22 - 2014-05-10 16:22 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\NCSOFT
2014-05-10 16:22 - 2014-05-10 16:22 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\NCSOFT
2014-05-10 16:11 - 2014-05-10 16:11 - 10527224 _____ (NCSOFT) C:\Users\Fuchs\Downloads\Wildstar(2).exe
2014-05-10 16:07 - 2014-05-10 16:07 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-05-10 16:07 - 2014-03-30 10:38 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\Origin
2014-05-10 16:07 - 2014-03-30 10:37 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Origin
2014-05-07 00:12 - 2014-04-10 21:11 - 00000000 ____D () C:\ProgramData\CyberLink
2014-05-06 18:22 - 2014-03-30 13:46 - 00080997 _____ () C:\Windows\DirectX.log
2014-05-06 18:06 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-06 06:40 - 2014-05-15 18:37 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:25 - 2014-05-15 18:37 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:00 - 2014-05-15 18:37 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 18:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 00:23 - 2014-05-04 00:23 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-05-02 15:10 - 2014-05-02 15:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 15:10 - 2014-05-02 15:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-01 22:30 - 2013-08-22 17:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 22:30 - 2013-08-22 17:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-01 13:53 - 2014-05-01 13:53 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Introversion
2014-04-28 03:08 - 2014-04-28 03:08 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\CrashDumps
2014-04-28 01:28 - 2014-01-26 02:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home
2014-04-28 01:08 - 2014-04-28 01:08 - 00262192 _____ () C:\Windows\Minidump\042814-46328-01.dmp
2014-04-28 01:08 - 2014-04-02 17:52 - 774908773 _____ () C:\Windows\MEMORY.DMP
2014-04-28 01:08 - 2014-04-02 17:52 - 00000000 ____D () C:\Windows\Minidump
2014-04-28 01:08 - 2014-01-26 01:52 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-04-28 01:08 - 2014-01-26 01:52 - 00000000 ____D () C:\Windows\system32\NV
2014-04-28 01:08 - 2014-01-26 01:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-28 01:03 - 2014-04-28 01:03 - 00003132 _____ () C:\Windows\System32\Tasks\USER_ESRV_SVC
2014-04-28 01:03 - 2014-04-28 01:03 - 00002060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care (Desktop).lnk
2014-04-28 01:03 - 2014-04-28 01:03 - 00001992 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Manual.lnk
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Schach\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Schach
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\rahel_000\AppData\Roaming\iolo
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Gast
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Administrator
2014-04-28 01:03 - 2014-01-26 01:58 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-04-28 01:03 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-04-28 01:01 - 2014-01-26 02:35 - 00013792 _____ () C:\Windows\system32\Drivers\semav6thermal64ro.sys
2014-04-27 00:47 - 2014-03-30 01:52 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\Skype
2014-04-25 17:52 - 2014-04-25 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-04-25 17:46 - 2014-04-25 17:46 - 00295656 _____ () C:\Windows\Minidump\042514-35578-01.dmp
2014-04-25 17:44 - 2014-04-25 17:35 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-04-25 17:43 - 2014-04-25 17:43 - 02143832 _____ () C:\Users\rahel_000\Downloads\instsf449.exe
2014-04-25 17:37 - 2014-04-25 17:36 - 00292104 _____ () C:\Windows\Minidump\042514-36828-01.dmp
2014-04-24 13:51 - 2014-04-24 13:04 - 00000000 ____D () C:\Users\Fuchs\Documents\Matur

Some content of TEMP:
====================
C:\Users\Fuchs\AppData\Local\Temp\COMAP.EXE
C:\Users\Fuchs\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\rahel_000\AppData\Local\Temp\ClassicShellSetup_4_0_4.exe
C:\Users\rahel_000\AppData\Local\Temp\COMAP.EXE
C:\Users\rahel_000\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\rahel_000\AppData\Local\Temp\Quarantine.exe
C:\Users\rahel_000\AppData\Local\Temp\readSTILog.dll
C:\Users\rahel_000\AppData\Local\Temp\sdanircmdc.exe
C:\Users\rahel_000\AppData\Local\Temp\sdapskill.exe
C:\Users\rahel_000\AppData\Local\Temp\sdaspwn.exe
C:\Users\rahel_000\AppData\Local\Temp\sfamcc00001.dll
C:\Users\rahel_000\AppData\Local\Temp\sfareca00001.dll
C:\Users\rahel_000\AppData\Local\Temp\sfextra.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-21 19:34

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Alt 25.05.2014, 06:17   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen - Standard

Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen



Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen




Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.




Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
--> Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen

Alt 25.05.2014, 06:17   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen - Standard

Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen



Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen




Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.




Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.05.2014, 21:24   #8
Pandorae
 
Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen - Standard

Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen



Vielen Dank für die tolle Hilfe! Alles ist erledigt und funktioniert wunderbar. Der Thread kann gerne aus deinen Abos gelöscht werden.

Alt 26.05.2014, 19:44   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen - Standard

Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen
association, bingbar, device driver, norton power eraser, onedrive, pup.optional.aztecmedia.a, pup.optional.defaultsearch.a, pup.optional.linkey.a, pup.optional.settingsmanager.a, pup.optional.softonic.a, schach, services.exe, svchost.exe, trojan.adh.2, vonteera, win32/cnetinstaller.b, win32/downloadsponsor.a, win32/installiq.a, win32/somoto.a, win32/toolbar.searchsuite.q, windows 8.1, wscript.exe, xperia



Ähnliche Themen: Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen


  1. Trojan:Win32 lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 07.02.2014 (18)
  2. Trojan-Downloader.Win32MultiDL.c lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 29.07.2013 (27)
  3. Trojan-Downloaser.Win32MultiDL.c lässt sich nicht entfernen
    Mülltonne - 12.07.2013 (1)
  4. Win32.Trojan.Agent lässt sich nicht entfernen!
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (4)
  5. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|12843 (Trojan.Agent) lässt sich nicht entfernen :(
    Plagegeister aller Art und deren Bekämpfung - 16.10.2012 (9)
  6. Trojan.Ransom - Windows-Verschlüsselungstrojaner lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (8)
  7. Trojan:Win32/Sirefef.AC lässt sich einfach nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 26.03.2012 (5)
  8. Trojan:WinNT/Bubnix.gen!A - lässt sich nicht entfernen
    Log-Analyse und Auswertung - 15.10.2010 (1)
  9. Spybot+Firefox hängen sich auf / Windows Security Alert lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 11.05.2010 (15)
  10. Trojan.bho lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 04.03.2010 (1)
  11. Trojan.Flush.M lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 25.04.2009 (5)
  12. Win32:Trojan-gen lässt sich nicht entfernen
    Log-Analyse und Auswertung - 19.02.2009 (5)
  13. Trojan.BHO lässt sich nicht entfernen
    Log-Analyse und Auswertung - 14.02.2009 (9)
  14. Trojan.Vundo.DVD lässt sich nicht entfernen
    Log-Analyse und Auswertung - 16.01.2008 (4)
  15. REMON.SYS TROJAN Rootkit.Agent.AB lässt sich nicht entfernen HILFE !!!
    Plagegeister aller Art und deren Bekämpfung - 14.11.2005 (1)
  16. Trojan-PSW.WIN32.Agent.am lässt sich nicht dauerhaft entfernen
    Plagegeister aller Art und deren Bekämpfung - 09.06.2005 (2)
  17. trojan-gen(other) lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 24.05.2005 (5)

Zum Thema Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen - Hallo, Ich habe mit Norton Internet Security einen vollständigen Systemscan durchgeführt. Bei diesem Scan wurde "Trojan.ADH.2" gefunden und konnte nicht entfernt werden bzw. sollte er manuell entfernt werden. Dazu ging - Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen...
Archiv
Du betrachtest: Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.