| |
| |||||||
Log-Analyse und Auswertung: Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
21.05.2014, 22:57
| #1 |
| |  Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen Hallo, Ich habe mit Norton Internet Security einen vollständigen Systemscan durchgeführt. Bei diesem Scan wurde "Trojan.ADH.2" gefunden und konnte nicht entfernt werden bzw. sollte er manuell entfernt werden. Dazu ging ich auf die Norton Seite von diesem Virus (Trojan.ADH.2 | Symantec) und um diesen Schädling zu entfernen sollte man nur den "Norton Power Eraser" downloaden und ausführen. Dies habe ich gemacht, jedoch fand der keine Risiken. Wenn ich aber den Systemscan starte, besteht das Problem weiterhin. Hier die gewünschten Logs: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:25 on 21/05/2014 (Schach)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
Ran by Schach (administrator) on SOKRATES on 21-05-2014 22:26:59
Running from C:\Users\rahel_000\Downloads
Platform: Windows 8.1 (Update 1) (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe
(Aztec Media Inc) C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe
(Aztec Media Inc) C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VAIO Clip.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-10-28] (Realtek Semiconductor)
HKLM\...\Run: [Bluetooth] => c:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [534232 2013-09-25] (Broadcom Corporation.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM\...\Run: [HP LaserJet 200 color MFP M276 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2011-10-10] (Hewlett-Packard Company)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2362392 2013-11-21] (Sony Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1446757697-2309439942-254719417-1002\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-1446757697-2309439942-254719417-1002\...\MountPoints2: {a8772377-8618-11e3-824f-806e6f6e6963} - "D:\SETUP.EXE"
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll [490000 2014-05-18] ()
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll [664592 2014-05-18] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.2.0.38
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://vaioportal.sony.eu
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.2.0.38
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchURL = hxxp://home.microsoft.com/access/autosearch.asp?p=%s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=146&itype=a&ver=12692&tm=315&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=146&itype=a&ver=12692&tm=315&src=ds&p={searchTerms}
SearchScopes: HKCU - DefaultScope {01EEB4B6-0C7E-4EFA-836B-74AC56DE4CFC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=SEJB
SearchScopes: HKCU - {01EEB4B6-0C7E-4EFA-836B-74AC56DE4CFC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=SEJB
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=146&itype=n&ver=12302&tm=315&src=ds&p={searchTerms}
SearchScopes: HKCU - {CECE89A5-3192-4691-BDE0-BBAD40157163} URL = hxxp://rover.ebay.com/rover/1/5222-42442-16445-29/4?mpre=hxxp://shop.ebay.ch/?oemInLn=ieSrch-&_nkw={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll (Aztec Media Inc)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll.dll (Aztec Media Inc)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default
FF SearchEngineOrder.1: default-search.net
FF Homepage: hxxp://www.default-search.net?sid=476&aid=146&itype=n&ver=12302&tm=315&src=hmp
FF Keyword.URL: hxxp://www.default-search.net/search?sid=476&aid=146&itype=n&ver=12302&tm=315&src=ds&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Linkey for Firefox - C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\Extensions\extension@linkeyproject.com [2014-04-12]
FF Extension: Popular Website Buddy - C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\Extensions\jid1-l6V8exwLVv1lBw@jetpack [2014-03-30]
FF Extension: Settings Manager - C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\Extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757} [2014-04-12]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF [2014-03-29]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn\ []
==================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-10-28] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-16] (WildTangent)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company)
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-18] (Intel Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-27] (Sony Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2013-11-21] (Sony Corporation)
R2 SystemkService; C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe [3543056 2014-05-18] (Aztec Media Inc)
R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; c:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1369136 2013-09-25] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7488176 2014-01-26] (Broadcom Corporation)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-03-29] (Symantec Corporation)
S1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg [36240 2014-05-18] (Aztec Media Inc)
R4 F06DEFF2-5B9C-490D-910F-35D3A91196222; C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg [36240 2014-05-18] (Aztec Media Inc)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140520.001\IDSvia64.sys [525016 2014-03-28] (Symantec Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-20] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140521.001\ENG64.SYS [126040 2014-03-29] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140521.001\EX64.SYS [2099288 2014-03-29] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2013-10-09] (Realsil Semiconductor Corporation)
S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-04-28] ()
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-28] (Synaptics Incorporated)
R0 SMR410; C:\Windows\System32\drivers\SMR410.SYS [96856 2014-05-21] (Symantec Corporation)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1502000.026\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-03-29] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 xusb22; C:\Windows\system32\DRIVERS\xusb22.sys [87040 2013-08-22] (Microsoft Corporation)
U3 ugdyypob; \??\C:\Users\RAHEL_~1\AppData\Local\Temp\ugdyypob.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-21 22:26 - 2014-05-21 22:26 - 00027907 _____ () C:\Users\rahel_000\Downloads\FRST.txt
2014-05-21 22:25 - 2014-05-21 22:25 - 02067456 _____ (Farbar) C:\Users\rahel_000\Downloads\FRST64.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00380416 _____ () C:\Users\rahel_000\Downloads\Gmer-19357.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00050477 _____ () C:\Users\rahel_000\Downloads\Defogger.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00000474 _____ () C:\Users\rahel_000\Downloads\defogger_disable.log
2014-05-21 22:14 - 2014-05-21 22:14 - 00009214 _____ () C:\Users\rahel_000\Desktop\gmer.txt
2014-05-21 22:06 - 2014-05-21 22:06 - 00380416 _____ () C:\Users\Fuchs\Downloads\Gmer-19357.exe
2014-05-21 22:04 - 2014-05-21 22:04 - 00048595 _____ () C:\Users\Fuchs\Desktop\FRST.txt
2014-05-21 22:04 - 2014-05-21 22:04 - 00031958 _____ () C:\Users\Fuchs\Desktop\Addition.txt
2014-05-21 22:03 - 2014-05-21 22:26 - 00000000 ____D () C:\FRST
2014-05-21 22:02 - 2014-05-21 22:02 - 02067456 _____ (Farbar) C:\Users\Fuchs\Downloads\FRST64(1).exe
2014-05-21 22:00 - 2014-05-21 22:00 - 00576495 _____ () C:\Users\Fuchs\Downloads\FRST64.exe
2014-05-21 22:00 - 2014-05-21 22:00 - 00000474 _____ () C:\Users\Fuchs\Desktop\defogger_disable.log
2014-05-21 22:00 - 2014-05-21 22:00 - 00000000 _____ () C:\Users\rahel_000\defogger_reenable
2014-05-21 21:59 - 2014-05-21 21:59 - 00050477 _____ () C:\Users\Fuchs\Downloads\Defogger.exe
2014-05-21 21:18 - 2014-05-21 21:18 - 00096856 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR410.SYS
2014-05-21 21:18 - 2014-05-21 21:18 - 00000020 _____ () C:\Windows\system32\Drivers\SMR410.dat
2014-05-21 21:17 - 2014-05-21 22:15 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\NPE
2014-05-21 21:17 - 2014-05-21 21:17 - 03077584 ____N (Symantec Corporation) C:\Users\Fuchs\Downloads\NPE.exe
2014-05-21 19:04 - 2014-05-21 22:22 - 00000000 ____D () C:\ProgramData\systemk
2014-05-16 21:19 - 2014-05-16 21:19 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-16 21:18 - 2014-05-16 21:18 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\WildTangent
2014-05-16 01:01 - 2014-05-16 01:01 - 00000000 ____D () C:\5a79d5eb9d2d0944646633
2014-05-15 19:43 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\Windows\system32\mrt_map.dll
2014-05-15 19:43 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\Windows\system32\mrt100.dll
2014-05-15 19:43 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt_map.dll
2014-05-15 19:43 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt100.dll
2014-05-15 19:43 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-15 19:43 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-05-15 19:43 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-15 19:43 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-05-15 19:43 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-05-15 18:38 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-05-15 18:38 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-05-15 18:38 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2014-05-15 18:38 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-05-15 18:38 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-05-15 18:38 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-05-15 18:38 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-05-15 18:38 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-05-15 18:38 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-05-15 18:38 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-05-15 18:38 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 18:38 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-05-15 18:38 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 18:38 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-05-15 18:38 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-05-15 18:38 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-05-15 18:38 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-05-15 18:38 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-05-15 18:38 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-05-15 18:38 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-05-15 18:38 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-05-15 18:38 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-05-15 18:38 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-05-15 18:38 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-05-15 18:38 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-15 18:38 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-05-15 18:38 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-15 18:37 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 18:37 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 18:37 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 18:37 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 18:37 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 18:37 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-10 18:43 - 2014-05-11 19:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 16:24 - 2014-05-10 18:48 - 00001310 _____ () C:\Users\Public\Desktop\WildStar.lnk
2014-05-10 16:24 - 2014-05-10 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2014-05-10 16:24 - 2014-05-10 16:24 - 00000000 ____D () C:\Program Files (x86)\NCSOFT
2014-05-10 16:22 - 2014-05-10 16:22 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\NCSOFT
2014-05-10 16:22 - 2014-05-10 16:22 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\NCSOFT
2014-05-10 16:11 - 2014-05-10 16:11 - 10527224 _____ (NCSOFT) C:\Users\Fuchs\Downloads\Wildstar(2).exe
2014-05-10 16:07 - 2014-05-10 16:07 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-05-04 00:23 - 2014-05-04 00:23 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-05-02 15:10 - 2014-05-02 15:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 15:10 - 2014-05-02 15:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-01 13:53 - 2014-05-01 13:53 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Introversion
2014-04-28 18:58 - 2014-05-14 20:15 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-04-28 03:08 - 2014-04-28 03:08 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\CrashDumps
2014-04-28 01:08 - 2014-04-28 01:08 - 00262192 _____ () C:\Windows\Minidump\042814-46328-01.dmp
2014-04-28 01:06 - 2013-12-17 09:36 - 29339936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 22104352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 15930288 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 15699056 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 13656024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 12947384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 11311392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-04-28 01:06 - 2013-12-17 09:36 - 09281544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 07721112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 07598080 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 06330064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 02971424 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 02789664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 02367776 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 02007840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432762.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432762.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00458528 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00388384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00032544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-04-28 01:03 - 2014-04-28 01:03 - 00003132 _____ () C:\Windows\System32\Tasks\USER_ESRV_SVC
2014-04-28 01:03 - 2014-04-28 01:03 - 00002060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care (Desktop).lnk
2014-04-28 01:03 - 2014-04-28 01:03 - 00001992 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Manual.lnk
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Schach\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Schach
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\rahel_000\AppData\Roaming\iolo
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Gast
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Administrator
2014-04-25 17:46 - 2014-04-25 17:46 - 00295656 _____ () C:\Windows\Minidump\042514-35578-01.dmp
2014-04-25 17:43 - 2014-04-25 17:43 - 02143832 _____ () C:\Users\rahel_000\Downloads\instsf449.exe
2014-04-25 17:36 - 2014-04-25 17:37 - 00292104 _____ () C:\Windows\Minidump\042514-36828-01.dmp
2014-04-25 17:35 - 2014-04-25 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-04-25 17:35 - 2014-04-25 17:44 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-04-24 13:04 - 2014-04-24 13:51 - 00000000 ____D () C:\Users\Fuchs\Documents\Matur
2014-04-23 17:48 - 2014-04-23 17:48 - 00000000 ____D () C:\Users\rahel_000\Documents\Games for Windows - LIVE Demos
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-04-23 17:44 - 2014-04-23 17:44 - 00642712 _____ (Microsoft Corporation) C:\Users\rahel_000\Downloads\gfwlivesetup.exe
2014-04-23 17:43 - 2014-04-23 17:43 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\Macromedia
2014-04-23 17:41 - 2014-04-28 01:37 - 00000000 ____D () C:\Update
2014-04-23 17:38 - 2014-04-23 17:38 - 00000000 __SHD () C:\Users\rahel_000\AppData\Local\EmieUserList
2014-04-23 17:38 - 2014-04-23 17:38 - 00000000 __SHD () C:\Users\rahel_000\AppData\Local\EmieSiteList
2014-04-22 22:45 - 2014-04-22 22:45 - 00000000 ____D () C:\Users\dub_cm_auto
2014-04-22 11:51 - 2014-04-22 12:21 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\.minecraft
==================== One Month Modified Files and Folders =======
2014-05-21 22:27 - 2014-05-21 22:26 - 00027907 _____ () C:\Users\rahel_000\Downloads\FRST.txt
2014-05-21 22:26 - 2014-05-21 22:03 - 00000000 ____D () C:\FRST
2014-05-21 22:25 - 2014-05-21 22:25 - 02067456 _____ (Farbar) C:\Users\rahel_000\Downloads\FRST64.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00380416 _____ () C:\Users\rahel_000\Downloads\Gmer-19357.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00050477 _____ () C:\Users\rahel_000\Downloads\Defogger.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00000474 _____ () C:\Users\rahel_000\Downloads\defogger_disable.log
2014-05-21 22:22 - 2014-05-21 19:04 - 00000000 ____D () C:\ProgramData\systemk
2014-05-21 22:22 - 2014-03-31 22:19 - 00000000 ____D () C:\Users\rahel_000\AppData\Roaming\ClassicShell
2014-05-21 22:22 - 2014-03-30 01:44 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\ClassicShell
2014-05-21 22:22 - 2014-03-29 22:01 - 00000000 ___RD () C:\Users\rahel_000\SkyDrive
2014-05-21 22:22 - 2014-03-29 21:57 - 00000000 ___RD () C:\Users\rahel_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-21 22:22 - 2014-03-29 21:57 - 00000000 ___RD () C:\Users\rahel_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-21 22:15 - 2014-05-21 21:17 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\NPE
2014-05-21 22:15 - 2014-03-30 01:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-21 22:14 - 2014-05-21 22:14 - 00009214 _____ () C:\Users\rahel_000\Desktop\gmer.txt
2014-05-21 22:13 - 2014-03-30 00:58 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6EB015A1-94C7-4988-A780-46552CF01F96}
2014-05-21 22:10 - 2014-03-30 01:50 - 00154112 ___SH () C:\Users\Fuchs\Downloads\Thumbs.db
2014-05-21 22:06 - 2014-05-21 22:06 - 00380416 _____ () C:\Users\Fuchs\Downloads\Gmer-19357.exe
2014-05-21 22:04 - 2014-05-21 22:04 - 00048595 _____ () C:\Users\Fuchs\Desktop\FRST.txt
2014-05-21 22:04 - 2014-05-21 22:04 - 00031958 _____ () C:\Users\Fuchs\Desktop\Addition.txt
2014-05-21 22:02 - 2014-05-21 22:02 - 02067456 _____ (Farbar) C:\Users\Fuchs\Downloads\FRST64(1).exe
2014-05-21 22:00 - 2014-05-21 22:00 - 00576495 _____ () C:\Users\Fuchs\Downloads\FRST64.exe
2014-05-21 22:00 - 2014-05-21 22:00 - 00000474 _____ () C:\Users\Fuchs\Desktop\defogger_disable.log
2014-05-21 22:00 - 2014-05-21 22:00 - 00000000 _____ () C:\Users\rahel_000\defogger_reenable
2014-05-21 22:00 - 2014-03-29 21:55 - 00000000 ____D () C:\Users\rahel_000
2014-05-21 22:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-05-21 21:59 - 2014-05-21 21:59 - 00050477 _____ () C:\Users\Fuchs\Downloads\Defogger.exe
2014-05-21 21:46 - 2014-01-26 01:52 - 01774435 _____ () C:\Windows\WindowsUpdate.log
2014-05-21 21:18 - 2014-05-21 21:18 - 00096856 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR410.SYS
2014-05-21 21:18 - 2014-05-21 21:18 - 00000020 _____ () C:\Windows\system32\Drivers\SMR410.dat
2014-05-21 21:18 - 2014-03-29 23:16 - 00000000 ____D () C:\ProgramData\Norton
2014-05-21 21:17 - 2014-05-21 21:17 - 03077584 ____N (Symantec Corporation) C:\Users\Fuchs\Downloads\NPE.exe
2014-05-21 19:07 - 2014-03-30 00:56 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Adobe
2014-05-21 19:07 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-21 19:04 - 2014-03-30 00:56 - 00000000 ____D () C:\Users\Fuchs
2014-05-21 19:04 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-18 21:12 - 2014-03-29 23:18 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-17 00:55 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-05-16 23:32 - 2013-08-22 16:46 - 00019789 _____ () C:\Windows\setupact.log
2014-05-16 23:12 - 2014-03-30 10:31 - 00000000 ____D () C:\ProgramData\Origin
2014-05-16 23:12 - 2014-03-30 10:31 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-16 21:19 - 2014-05-16 21:19 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-16 21:19 - 2014-01-26 02:25 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-05-16 21:18 - 2014-05-16 21:18 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\WildTangent
2014-05-16 21:18 - 2014-01-26 02:25 - 00000000 ____D () C:\ProgramData\WildTangent
2014-05-16 20:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-16 16:49 - 2014-03-30 00:56 - 00000000 ___RD () C:\Users\Fuchs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 16:49 - 2014-03-30 00:56 - 00000000 ___RD () C:\Users\Fuchs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 01:01 - 2014-05-16 01:01 - 00000000 ____D () C:\5a79d5eb9d2d0944646633
2014-05-16 01:01 - 2014-03-30 00:06 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 19:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-05-14 23:15 - 2014-03-30 01:01 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1446757697-2309439942-254719417-1005
2014-05-14 22:24 - 2014-03-30 03:04 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\Apple Computer
2014-05-14 20:15 - 2014-04-28 18:58 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-14 20:15 - 2014-03-30 01:25 - 00003766 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 20:03 - 2014-03-30 00:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-12 00:57 - 2014-03-30 10:28 - 00000000 ____D () C:\Users\Fuchs\Documents\Französisch
2014-05-11 19:54 - 2014-05-10 18:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-11 14:39 - 2014-03-30 00:56 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Packages
2014-05-10 18:48 - 2014-05-10 16:24 - 00001310 _____ () C:\Users\Public\Desktop\WildStar.lnk
2014-05-10 16:24 - 2014-05-10 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2014-05-10 16:24 - 2014-05-10 16:24 - 00000000 ____D () C:\Program Files (x86)\NCSOFT
2014-05-10 16:22 - 2014-05-10 16:22 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\NCSOFT
2014-05-10 16:22 - 2014-05-10 16:22 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\NCSOFT
2014-05-10 16:11 - 2014-05-10 16:11 - 10527224 _____ (NCSOFT) C:\Users\Fuchs\Downloads\Wildstar(2).exe
2014-05-10 16:07 - 2014-05-10 16:07 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-05-10 16:07 - 2014-03-30 10:38 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\Origin
2014-05-10 16:07 - 2014-03-30 10:37 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Origin
2014-05-07 21:41 - 2014-03-30 01:55 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-07 00:12 - 2014-04-10 21:11 - 00000000 ____D () C:\ProgramData\CyberLink
2014-05-06 18:22 - 2014-03-30 13:46 - 00080997 _____ () C:\Windows\DirectX.log
2014-05-06 18:06 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-06 06:40 - 2014-05-15 18:37 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:25 - 2014-05-15 18:37 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:00 - 2014-05-15 18:37 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 18:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 00:49 - 2013-09-13 23:00 - 00005070 _____ () C:\Windows\PFRO.log
2014-05-04 00:23 - 2014-05-04 00:23 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-05-02 15:10 - 2014-05-02 15:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 15:10 - 2014-05-02 15:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-01 22:30 - 2013-08-22 17:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 22:30 - 2013-08-22 17:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-01 13:53 - 2014-05-01 13:53 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Introversion
2014-04-28 16:18 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-04-28 03:08 - 2014-04-28 03:08 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\CrashDumps
2014-04-28 01:37 - 2014-04-23 17:41 - 00000000 ____D () C:\Update
2014-04-28 01:37 - 2014-01-26 02:01 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2014-04-28 01:34 - 2014-03-29 22:04 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1446757697-2309439942-254719417-1002
2014-04-28 01:28 - 2014-01-26 02:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home
2014-04-28 01:18 - 2014-01-26 01:58 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-04-28 01:08 - 2014-04-28 01:08 - 00262192 _____ () C:\Windows\Minidump\042814-46328-01.dmp
2014-04-28 01:08 - 2014-04-02 17:52 - 774908773 _____ () C:\Windows\MEMORY.DMP
2014-04-28 01:08 - 2014-04-02 17:52 - 00000000 ____D () C:\Windows\Minidump
2014-04-28 01:08 - 2014-01-26 01:52 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-04-28 01:08 - 2014-01-26 01:52 - 00000000 ____D () C:\Windows\system32\NV
2014-04-28 01:08 - 2014-01-26 01:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-28 01:03 - 2014-04-28 01:03 - 00003132 _____ () C:\Windows\System32\Tasks\USER_ESRV_SVC
2014-04-28 01:03 - 2014-04-28 01:03 - 00002060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care (Desktop).lnk
2014-04-28 01:03 - 2014-04-28 01:03 - 00001992 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Manual.lnk
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Schach\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Schach
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\rahel_000\AppData\Roaming\iolo
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Gast
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Administrator
2014-04-28 01:03 - 2014-01-26 01:58 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-04-28 01:03 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-04-28 01:02 - 2014-01-26 09:30 - 00000000 ____D () C:\Program Files\Sony
2014-04-28 01:01 - 2014-01-26 02:35 - 00013792 _____ () C:\Windows\system32\Drivers\semav6thermal64ro.sys
2014-04-27 00:47 - 2014-03-30 01:52 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\Skype
2014-04-25 17:52 - 2014-04-25 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-04-25 17:46 - 2014-04-25 17:46 - 00295656 _____ () C:\Windows\Minidump\042514-35578-01.dmp
2014-04-25 17:44 - 2014-04-25 17:35 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-04-25 17:43 - 2014-04-25 17:43 - 02143832 _____ () C:\Users\rahel_000\Downloads\instsf449.exe
2014-04-25 17:37 - 2014-04-25 17:36 - 00292104 _____ () C:\Windows\Minidump\042514-36828-01.dmp
2014-04-24 13:51 - 2014-04-24 13:04 - 00000000 ____D () C:\Users\Fuchs\Documents\Matur
2014-04-23 17:48 - 2014-04-23 17:48 - 00000000 ____D () C:\Users\rahel_000\Documents\Games for Windows - LIVE Demos
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-04-23 17:44 - 2014-04-23 17:44 - 00642712 _____ (Microsoft Corporation) C:\Users\rahel_000\Downloads\gfwlivesetup.exe
2014-04-23 17:43 - 2014-04-23 17:43 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\Macromedia
2014-04-23 17:38 - 2014-04-23 17:38 - 00000000 __SHD () C:\Users\rahel_000\AppData\Local\EmieUserList
2014-04-23 17:38 - 2014-04-23 17:38 - 00000000 __SHD () C:\Users\rahel_000\AppData\Local\EmieSiteList
2014-04-22 22:45 - 2014-04-22 22:45 - 00000000 ____D () C:\Users\dub_cm_auto
2014-04-22 13:50 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-04-22 12:21 - 2014-04-22 11:51 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\.minecraft
2014-04-21 16:08 - 2014-01-26 09:20 - 00801394 _____ () C:\Windows\system32\perfh00C.dat
2014-04-21 16:08 - 2014-01-26 09:20 - 00158846 _____ () C:\Windows\system32\perfc00C.dat
2014-04-21 16:08 - 2014-01-26 09:10 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-04-21 16:08 - 2014-01-26 09:10 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-04-21 16:08 - 2013-09-13 23:06 - 02737336 _____ () C:\Windows\system32\PerfStringBackup.INI
Some content of TEMP:
====================
C:\Users\Fuchs\AppData\Local\Temp\COMAP.EXE
C:\Users\Fuchs\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\rahel_000\AppData\Local\Temp\ClassicShellSetup_4_0_4.exe
C:\Users\rahel_000\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\rahel_000\AppData\Local\Temp\readSTILog.dll
C:\Users\rahel_000\AppData\Local\Temp\sdanircmdc.exe
C:\Users\rahel_000\AppData\Local\Temp\sdapskill.exe
C:\Users\rahel_000\AppData\Local\Temp\sdaspwn.exe
C:\Users\rahel_000\AppData\Local\Temp\sfamcc00001.dll
C:\Users\rahel_000\AppData\Local\Temp\sfareca00001.dll
C:\Users\rahel_000\AppData\Local\Temp\sfextra.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-21 19:34
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2014
Ran by Schach at 2014-05-21 22:35:30
Running from C:\Users\rahel_000\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 Content (HKLM-x32\...\Adobe Premiere Elements 10 Content) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 Content (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 Content 1 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 Content 2 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 Content 3 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 HD Content 1 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 HD Content 2 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 HD Content 3 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Antichamber (HKLM-x32\...\Steam App 219890) (Version: - Alexander Bruce)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.181 - Broadcom Corporation)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version: - )
Canon MP640 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series) (Version: - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.13.10.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.13.10.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.13.10.0 - Canon Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.3202 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.3202 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5804.52 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.5804.52 - CyberLink Corp.) Hidden
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version: - FromSoftware)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - Klei Entertainment)
Elements 10 Organizer (x32 Version: 10.0 - Ihr Firmenname) Hidden
Enchanted Cavern 2 (x32 Version: 2.2.0.110 - WildTangent) Hidden
ESDL (x32 Version: 1.0.0 - Sony Corporation) Hidden
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North)
HP LaserJet 200 color MFP M276 (HKLM-x32\...\{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}) (Version: 5.0.12201.1116 - Hewlett-Packard)
HP LaserJet 200 color MFP M276 Fax (x32 Version: 29.0.84.0 - Hewlett-Packard Co.) Hidden
HP LaserJet 200 color MFP M276 HP Device Toolbox (x32 Version: 29.0.84.0 - Hewlett-Packard Co.) Hidden
HP LJ200 M276 HP Scan (x32 Version: 1.0.302.0 - Hewlett-Packard Co.) Hidden
HP Product FWUpdater (x32 Version: 4.0.0.7242 - Hewlett-Packard Company) Hidden
HP Unified IO (Version: 2.0.0.404 - HP) Hidden
HP Unified IO (x32 Version: 2.0.0.404 - HP) Hidden
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM276DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
HPDXP (x32 Version: 3.0.26.8 - HP) Hidden
HPLaserJet200color-MFPM276_HelpLearnCenter_SI (HKLM-x32\...\{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden
HPLJUTCore (x32 Version: 004.005.0001 - HP) Hidden
HPLJUTM276 (x32 Version: 3.00.0003 - HP) Hidden
hppFaxDrvM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM276LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
hppSendFaxM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM276 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.2.1000 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Linkey (HKCU\...\Linkey) (Version: 0.0.0.431 - Aztec Media Inc) <==== ATTENTION
LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden
Luxor HD (x32 Version: 2.2.0.110 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Media Go (HKLM-x32\...\{B55B7EAE-C58C-496E-A383-3A6ABDD83A62}) (Version: 2.5.290 - Sony)
MergeModule_x64 (Version: 8.0.00 - Sony Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4569.1508 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
My Game Long Name (HKLM\...\UDK-2e58f89b-4447-4111-94b2-a2343153024d) (Version: - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-3a56167a-3ca4-4f13-bae3-02685a1f8720) (Version: - Epic Games, Inc.)
My Kingdom for the Princess 3 (x32 Version: 2.2.0.110 - WildTangent) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.2.0.38 - Symantec Corporation)
NVIDIA Control Panel 327.39 (Version: 327.39 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 327.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.39 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
NXPProximityInstaller (HKLM-x32\...\NXPProximityInstaller) (Version: 6.5.9.0 - NXP Semiconductors)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4454.1510 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
PlayMemories Home (HKLM-x32\...\{4C93E894-BE17-463B-A789-4CAB706987A0}) (Version: 8.0.21.11211 - Sony Corporation)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.16.2.15545 - Sony Computer Entertainment Inc.)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7054 - Realtek Semiconductor Corp.)
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
RonyaSoft CD DVD Label Maker 1.03 (HKLM-x32\...\RonyaSoft CD DVD Label Maker) (Version: 1.03 - RonyaSoft)
Settings Manager (HKLM-x32\...\Settings Manager) (Version: 5.0.0.12302 - Aztec Media Inc) <==== ATTENTION
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Premiere Elements 10 x64 Plugin (HKLM\...\{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (x32 Version: 5.7.1 - SmartSound Software Inc.) Hidden
SOHLib for PlayMemories Home (Version: 1.0.1.11110 - Sony Corporation) Hidden
Spelunky (HKLM-x32\...\Steam App 239350) (Version: - )
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version: - Team Meat)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.10 - Synaptics Incorporated)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
The Swapper (HKLM-x32\...\Steam App 231160) (Version: - Olli Harjola, Otto Hantula, Tom Jubert, Carlo Castellano)
Thinking with Time Machine (HKLM-x32\...\Steam App 286080) (Version: - Stridemann)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.3.0.05310 - Sony Corporation)
VAIO BIOS Data Transfer Utility (x32 Version: 1.1.0.09260 - Sony Corporation) Hidden
VAIO Care (HKLM\...\{92907606-B2FC-4193-B0CE-A21159DA3ABB}) (Version: 8.4.0.14286 - Sony Corporation)
VAIO Care Hardware Diagnostics Plugin (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.11.0.09260 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{31A52292-831E-45E0-8333-7D35BCD130B8}) (Version: 1.0.3.09050 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.4.1.13060 - Sony Corporation)
VAIO CPU Fan Diagnostic (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.2.0.03050 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.12.0.07300 - Sony Corporation)
VAIO Easy Connect (x32 Version: 8.2.0.14170 - Sony Corporation) Hidden
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.5.0.09250 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.5.0.09250 - Sony Corporation) Hidden
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.3.00.10220 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.3.00.10220 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 3.0.0.08080 - Sony Corporation)
VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.2.0.10110 - Sony Corporation)
VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.3.00.10240 - Sony Corporation)
VAIO Movie Creator (x32 Version: 4.3.00.10240 - Sony Corporation) Hidden
VAIO Sample Music (HKLM-x32\...\{E54A5A2B-E06C-41A6-A0DE-04C5AA4B415C}) (Version: 1.0.1.10240 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.3.1.10120 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
VI3.0x64 (Version: 1.0.0 - Sony Corporation) Hidden
VI3.0x86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32 - WildTangent) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VUx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.8030 - Broadcom Corporation)
WildStar (HKLM-x32\...\WildStar) (Version: - NCSOFT)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.25 - WildTangent) Hidden
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
==================== Restore Points =========================
06-05-2014 16:10:56 Windows Update
15-05-2014 17:47:27 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {06908362-4A01-4958-8851-56051A9C2B59} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2013-07-05] (Sony Corporation)
Task: {0901A7F4-2A16-440F-8478-3218F2084F23} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2013-11-07] (Sony Corporation)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0FDDA7B6-6900-46B3-AB9C-A8F0F888E3F3} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {12DD77AE-FC3A-43BD-8DA8-673CAC56A9A1} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {13000560-C7AA-4B47-BCEA-153837CC0F55} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\WSCStub.exe [2014-03-12] (Symantec Corporation)
Task: {1A603CD3-6EFA-44EF-A69F-A1CB6D7E14BF} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {1AD691B7-46F8-4EAD-B58E-C0F307BDAB6A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {1EF351E3-2B87-4613-8B5C-BC4316B41633} - System32\Tasks\Sony Corporation\VAIO Improvement\v3\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\v3\Sony.VAIO.VAIOImprovement.Uploader.exe [2013-08-09] (Sony Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {25310D83-8472-41A1-AE47-D83A8A882EB0} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-09-24] (Sony Corporation)
Task: {288D6658-EB27-4929-8190-9E9CEA7E2C4A} - System32\Tasks\Sony Corporation\VAIO Improvement\v3\VAIOImprovementUploaderUserDisconected => C:\Program Files\Sony\VAIO Improvement\v3\Sony.VAIO.VAIOImprovement.Uploader.exe [2013-08-09] (Sony Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {31DD3361-4A8D-4B9A-BDC3-6C0357E464F0} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {388C3D2E-EF07-4336-9E80-8653BC3D41FA} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3C0FF926-EEA0-43CC-BEE8-048804B0FD54} - System32\Tasks\Sony Corporation\VAIO Care\DeployVAIOManual => %ProgramData%\Sony Corporation\VAIO Care\VAIOUserGuideUpdate.exe
Task: {40E7E6CE-91EE-4CF9-B5DF-9258380B3733} - System32\Tasks\Sony Corporation\VAIO Care\UpdateContacts => %ProgramData%\Sony Corporation\VAIO Care\UpdateContacts.exe
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {49B12BFC-6BDA-420A-B251-833E5BEBF9D7} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-08-14] (Sony Corporation)
Task: {4BE49BA9-F7A7-45B6-901F-B54E158ECCEF} - System32\Tasks\AdobeAAMUpdater-1.0-Sokrates-Fuchs => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {4C9F7F2A-9C43-4670-80A0-492DA202C881} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-05-16] (Microsoft Corporation)
Task: {5A2869E0-ABA5-466E-899B-A960F1F29EFB} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2012-06-15] (Hewlett Packard)
Task: {5D6FD31A-80B1-48CE-846C-82A9C30B5FD1} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {603F2271-9EF0-4668-9D6F-3F2F1BA797C2} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-09-24] (Sony Corporation)
Task: {60F3F8B2-35D9-4D44-818C-6CDEB05F9F72} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIO Capture\VAIO Clip => C:\Program Files (x86)\Sony\VAIO Control Center\VAIO Clip.exe [2013-08-14] (Sony Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6EFAD63B-E31B-44E7-9498-A61F8D9003B6} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-04-25] (CyberLink Corp.)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {777AC6D0-6983-48CE-BB67-94BFA0C2CFE6} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-08-14] (Sony Corporation)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {81B83905-DC1C-45D1-885B-A078F333F6AE} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {880E78D2-8886-4DAE-99CF-2C982883F67C} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {899368AE-1C11-4643-A078-A08D9A9DDD06} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {8A973F96-158B-4869-AB57-0E0C08FC992C} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {8B4164FA-C9FD-44F1-8288-B741BC6AA5F1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {99C6BDFE-FDE7-4823-B5AD-9E690FA57473} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-02-27] (Sony Corporation)
Task: {9FE0334F-FBEB-4E1D-AB11-1566ABE560B4} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2014-03-01] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A5713AAF-6C8A-4857-A994-C5730BA20BF2} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2013-09-27] (Sony Corporation)
Task: {A962FC3B-89BE-4948-A585-F117400D31E9} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2013-06-01] (Sony Corporation)
Task: {B249FBFC-4FE4-4B46-A2EF-EADA65351BED} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-10-28] (Synaptics Incorporated)
Task: {BC70C071-B74F-44A6-9D4B-8FE6AB2AF252} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {BE0026D1-5328-4F7A-BAB9-F22BF2924CBD} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1446757697-2309439942-254719417-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {BF1075D7-0809-431D-B11C-1D3FE220C521} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {C0870AB0-5712-466D-B986-EAE1AC75F00D} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C3A70705-8E32-42DB-9D2C-34028A9647C1} - System32\Tasks\PDVDServ Task => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.EXE [2013-03-19] (CyberLink Corp.)
Task: {C6080CE6-568C-4120-8330-F56CE77489D5} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {CF1ACA55-470E-4207-825E-EC8A641D1D00} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DD751CA9-C14A-43A7-88CF-ADC0B9DD78CA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)
Task: {E040298F-5BBB-4147-B393-95C08C199D46} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {E07CF3FF-E164-44BD-9FC9-562AC23D3D0E} - System32\Tasks\Sony Corporation\VAIO Improvement\v3\VAIOImprovementUploaderUserConected => C:\Program Files\Sony\VAIO Improvement\v3\Sony.VAIO.VAIOImprovement.Uploader.exe [2013-08-09] (Sony Corporation)
Task: {E0EC6C88-7C01-4807-8ADA-B24833BC52A5} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E8237AFB-EB50-4833-BB26-55E9474E212C} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {E8757698-C215-4C22-A830-0B93E1EF55DA} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1446757697-2309439942-254719417-1005
Task: {F271E6D3-247A-4A25-843C-F75067AE0728} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2013-09-19] (Sony Corporation)
Task: {FEA7F518-59A3-47C3-925B-9A06503C8DEC} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-04-12 19:34 - 2014-05-18 11:50 - 00664592 _____ () C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll
2013-09-25 16:20 - 2013-09-25 16:20 - 00049368 _____ () c:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2014-03-30 00:33 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-03-30 00:28 - 2014-01-02 19:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-01-26 01:52 - 2013-12-17 09:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-08-30 13:46 - 2013-10-03 10:42 - 00069120 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-12 19:34 - 2014-05-18 11:50 - 00490000 _____ () C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll
2014-04-12 19:34 - 2014-05-18 11:50 - 00020496 _____ () C:\Program Files (x86)\Settings Manager\systemk\syskldr.dll
2014-01-26 01:47 - 2013-09-18 04:32 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2012-08-30 13:39 - 2013-10-03 10:42 - 00112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
2014-05-10 18:43 - 2014-05-11 19:54 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\rahel_000\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: NXP NearFieldProximity Provider
Description: NXP NearFieldProximity Provider
Class Guid: {5630831c-06c9-4856-b327-f5d32586e060}
Manufacturer: NXP Semiconductors(Proximity)
Service: WUDFRd
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/21/2014 07:54:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2ec
Startzeit: 01cf751cf2501cec
Endzeit: 4294967295
Anwendungspfad: C:\Windows\system32\wwahost.exe
Berichts-ID: e622eff0-e110-11e3-8288-342387967e48
Vollständiger Name des fehlerhaften Pakets: BD9B8345.VAIOMessageCenter_2.1.1.2210_x64__05bme2bjq6sag
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SonyCorporation.VAIOMessageCenter
Error: (05/19/2014 06:52:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 29.0.1.5239 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1f18
Startzeit: 01cf72ddc6337fdd
Endzeit: 15
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: f48b0d71-df75-11e3-8287-342387967e48
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (05/18/2014 09:39:46 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (05/18/2014 02:54:41 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (05/16/2014 00:39:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sokrates)
Description: Bei der Aktivierung der App „BD9B8345.VAIOMessageCenter_05bme2bjq6sag!SonyCorporation.VAIOMessageCenter“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (05/16/2014 00:09:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sokrates)
Description: Bei der Aktivierung der App „BD9B8345.VAIOMessageCenter_05bme2bjq6sag!SonyCorporation.VAIOMessageCenter“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (05/15/2014 11:39:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sokrates)
Description: Bei der Aktivierung der App „BD9B8345.VAIOMessageCenter_05bme2bjq6sag!SonyCorporation.VAIOMessageCenter“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (05/15/2014 10:54:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sokrates)
Description: Bei der Aktivierung der App „BD9B8345.VAIOMessageCenter_05bme2bjq6sag!SonyCorporation.VAIOMessageCenter“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (05/15/2014 10:39:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sokrates)
Description: Bei der Aktivierung der App „BD9B8345.VAIOMessageCenter_05bme2bjq6sag!SonyCorporation.VAIOMessageCenter“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (05/15/2014 10:24:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sokrates)
Description: Bei der Aktivierung der App „BD9B8345.TVSideView_05bme2bjq6sag!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
System errors:
=============
Error: (05/21/2014 10:28:13 PM) (Source: DCOM) (EventID: 10010) (User: Sokrates)
Description: {9F070738-F6EA-408A-A6BD-AED405E67A13}
Error: (05/21/2014 10:28:08 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (05/21/2014 10:23:27 PM) (Source: DCOM) (EventID: 10010) (User: Sokrates)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (05/21/2014 07:35:34 PM) (Source: DCOM) (EventID: 10010) (User: Sokrates)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (05/21/2014 07:35:04 PM) (Source: DCOM) (EventID: 10010) (User: Sokrates)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (05/21/2014 07:06:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Energy Server Service" wurde mit folgendem Fehler beendet:
%%268439612
Error: (05/21/2014 07:05:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "F06DEFF2-5B9C-490D-910F-35D3A9119622" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/21/2014 07:05:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Systemk Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/21/2014 07:04:02 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 20.05.2014 um 05:53:31 unerwartet heruntergefahren.
Error: (05/19/2014 10:35:59 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst nvsvc erreicht.
Microsoft Office Sessions:
=========================
Error: (05/21/2014 07:54:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.170312ec01cf751cf2501cec4294967295C:\Windows\system32\wwahost.exee622eff0-e110-11e3-8288-342387967e48BD9B8345.VAIOMessageCenter_2.1.1.2210_x64__05bme2bjq6sagSonyCorporation.VAIOMessageCenter
Error: (05/19/2014 06:52:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe29.0.1.52391f1801cf72ddc6337fdd15C:\Program Files (x86)\Mozilla Firefox\firefox.exef48b0d71-df75-11e3-8287-342387967e48
Error: (05/18/2014 09:39:46 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (05/18/2014 02:54:41 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (05/16/2014 00:39:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sokrates)
Description: BD9B8345.VAIOMessageCenter_05bme2bjq6sag!SonyCorporation.VAIOMessageCenter-2144927141
Error: (05/16/2014 00:09:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sokrates)
Description: BD9B8345.VAIOMessageCenter_05bme2bjq6sag!SonyCorporation.VAIOMessageCenter-2144927141
Error: (05/15/2014 11:39:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sokrates)
Description: BD9B8345.VAIOMessageCenter_05bme2bjq6sag!SonyCorporation.VAIOMessageCenter-2144927141
Error: (05/15/2014 10:54:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sokrates)
Description: BD9B8345.VAIOMessageCenter_05bme2bjq6sag!SonyCorporation.VAIOMessageCenter-2144927141
Error: (05/15/2014 10:39:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sokrates)
Description: BD9B8345.VAIOMessageCenter_05bme2bjq6sag!SonyCorporation.VAIOMessageCenter-2144927141
Error: (05/15/2014 10:24:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sokrates)
Description: BD9B8345.TVSideView_05bme2bjq6sag!App-2144927141
CodeIntegrity Errors:
===================================
Date: 2014-05-21 22:34:28.455
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-05-21 19:03:59.760
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-05-21 19:03:59.666
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-05-18 02:43:18.329
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-05-18 02:43:18.235
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-05-16 23:17:12.201
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-05-16 23:17:12.108
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-05-16 16:44:11.686
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-05-16 16:44:11.592
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-05-14 22:46:16.908
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
Percentage of memory in use: 34%
Total physical RAM: 8087.8 MB
Available physical RAM: 5273.04 MB
Total Pagefile: 16279.8 MB
Available Pagefile: 13745.1 MB
Total Virtual: 131072 MB
Available Virtual: 131071.86 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:902.76 GB) (Free:544.19 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: E2384E5C)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-21 22:31:22
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002b WDC_WD10JPVX-55JC3T3 rev.01.01A01 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\RAHEL_~1\AppData\Local\Temp\ugdyypob.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\System32\spoolsv.exe[1408] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff8bfe2169a 4 bytes [E2, BF, F8, 7F]
.text C:\Windows\System32\spoolsv.exe[1408] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff8bfe216a2 4 bytes [E2, BF, F8, 7F]
.text C:\Windows\System32\spoolsv.exe[1408] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff8bfe2181a 4 bytes [E2, BF, F8, 7F]
.text C:\Windows\System32\spoolsv.exe[1408] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff8bfe21832 4 bytes [E2, BF, F8, 7F]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1752] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff8bfe2169a 4 bytes [E2, BF, F8, 7F]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1752] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff8bfe216a2 4 bytes [E2, BF, F8, 7F]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1752] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff8bfe2181a 4 bytes [E2, BF, F8, 7F]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1752] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff8bfe21832 4 bytes [E2, BF, F8, 7F]
.text C:\Windows\System32\svchost.exe[1140] c:\windows\system32\WSOCK32.dll!setsockopt + 194 00007ff8b5ca1f6a 4 bytes [CA, B5, F8, 7F]
.text C:\Windows\System32\svchost.exe[1140] c:\windows\system32\WSOCK32.dll!setsockopt + 218 00007ff8b5ca1f82 4 bytes [CA, B5, F8, 7F]
.text C:\Windows\System32\svchost.exe[2140] c:\windows\system32\WSOCK32.dll!setsockopt + 194 00007ff8b5ca1f6a 4 bytes [CA, B5, F8, 7F]
.text C:\Windows\System32\svchost.exe[2140] c:\windows\system32\WSOCK32.dll!setsockopt + 218 00007ff8b5ca1f82 4 bytes [CA, B5, F8, 7F]
.text C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff8be3728c0 7 bytes JMP 00007ff9bdd302d0
.text C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ff8be3743d8 7 bytes JMP 00007ff9bdd30308
.text C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ff8be421f20 7 bytes JMP 00007ff9bdd30378
.text C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ff8be4240b4 7 bytes JMP 00007ff9bdd303b0
.text C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ff8be424510 7 bytes JMP 00007ff9bdd30340
.text C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ff8be424af0 7 bytes JMP 00007ff9bdd30260
.text C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff8be44cea0 7 bytes JMP 00007ff9bdd30228
.text C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff8be44cf10 7 bytes JMP 00007ff9bdd30298
.text C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8bdd42300 7 bytes JMP 00007ff9bdd300d8
.text C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ff8bdd45770 5 bytes JMP 00007ff9bdd30180
.text C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8bdd45860 5 bytes JMP 00007ff9bdd30148
.text C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8bdd45a30 5 bytes JMP 00007ff9bdd30110
.text C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ff8be53b6f4 10 bytes JMP 00007ff9bdd30490
.text C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ff8be5445d8 5 bytes JMP 00007ff9bdd30458
.text C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff8be544750 9 bytes JMP 00007ff9bdd303e8
.text C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ff8be554fc0 5 bytes JMP 00007ff9bdd30420
.text C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff8be181500 8 bytes JMP 00007ff9bdd301b8
.text C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff8be181750 8 bytes JMP 00007ff9bdd301f0
.text C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 00007ff8bb887c28 5 bytes JMP 00007ff9bb6b0110
.text C:\Windows\system32\dwm.exe[1488] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 00007ff8bb894b84 5 bytes JMP 00007ff9bb6b00d8
.text C:\Windows\system32\nvvsvc.exe[7888] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff8bfe2169a 4 bytes [E2, BF, F8, 7F]
.text C:\Windows\system32\nvvsvc.exe[7888] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff8bfe216a2 4 bytes [E2, BF, F8, 7F]
.text C:\Windows\system32\nvvsvc.exe[7888] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff8bfe2181a 4 bytes [E2, BF, F8, 7F]
.text C:\Windows\system32\nvvsvc.exe[7888] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff8bfe21832 4 bytes [E2, BF, F8, 7F]
.text C:\Windows\Explorer.EXE[6640] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff8bfe2169a 4 bytes [E2, BF, F8, 7F]
.text C:\Windows\Explorer.EXE[6640] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff8bfe216a2 4 bytes [E2, BF, F8, 7F]
.text C:\Windows\Explorer.EXE[6640] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff8bfe2181a 4 bytes [E2, BF, F8, 7F]
.text C:\Windows\Explorer.EXE[6640] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff8bfe21832 4 bytes [E2, BF, F8, 7F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5260] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff8bfe2169a 4 bytes [E2, BF, F8, 7F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5260] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff8bfe216a2 4 bytes [E2, BF, F8, 7F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5260] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff8bfe2181a 4 bytes [E2, BF, F8, 7F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5260] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff8bfe21832 4 bytes [E2, BF, F8, 7F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5260] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ff8b5ca1f6a 4 bytes [CA, B5, F8, 7F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5260] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ff8b5ca1f82 4 bytes [CA, B5, F8, 7F]
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4048] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ff8b5ca1f6a 4 bytes [CA, B5, F8, 7F]
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4048] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ff8b5ca1f82 4 bytes [CA, B5, F8, 7F]
---- Threads - GMER 2.1 ----
Thread C:\Windows\SYSTEM32\ntdll.dll [1844:1848] 0000000000f9975e
Thread C:\Windows\system32\csrss.exe [6648:7340] fffff96000983b90
Thread C:\Windows\SYSTEM32\ntdll.dll [4820:3552] 00000000011aa794
Thread C:\Windows\SYSTEM32\ntdll.dll [4820:5576] 00000000011a4980
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. C:\Users\rahel_000\ntuser.dat: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Hier noch die Angaben von Norton Internet Security: Code:
ATTFilter Dateiname: sysapcrt.dll
Bedrohungsname: Trojan.ADH.2
Vollständiger Pfad: c:\program files (x86)\settings manager\systemk\sysapcrt.dll
____________________________
Details
Sehr wenige Benutzer, Sehr neu, Risiko Hoch
Ursprung
Heruntergeladen von
Unbekannt
Aktivität
Ausgeführte Aktionen: 3
____________________________
Auf Computern ab
21.05.2014 um 19:09:43
Zuletzt verwendet
21.05.2014 um 20:21:07
Start-Element
Nein
Gestartet
Nein
____________________________
Sehr wenige Benutzer
Weniger als 5 Benutzer in der Norton Community haben diese Datei verwendet.
Sehr neu
Diese Datei wurde vor weniger als 1 Woche veröffentlicht.
Hoch
Das Risiko dieser Datei ist hoch.
Art der Bedrohung: Virus. Programme, die andere Programme, Dateien oder Computerbereiche infizieren, indem sie sich einfügen oder anhängen.
____________________________
Quelle: externe Medien
Quelldatei:
sysapcrt.dll
____________________________
Dateiaktionen
Infizierte Datei: c:\program files (x86)\settings manager\systemk\ sysapcrt.dll Zugriff verweigert
____________________________
Registrierungsaktionen
Registrierungsänderung: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\ AppCertDlls->x86, Registrierungsstruktur: 32 bit Reparatur nicht versucht
Registrierungsänderung: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\ AppCertDlls->x86, Registrierungsstruktur: 64 bit Reparatur nicht versucht
____________________________
Dateiabdruck - SHA:
a53271758302959148a6030318dda385f7fe73892aa8516db73ea51db2de8c5c
Dateiabdruck - MD5:
Nicht verfügbar
Ich hoffe, dass mir jemand helfen kann. Liebe Grüsse Rahel |
|
22.05.2014, 05:45
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen hi,
__________________Adware & Co. deinstallieren
Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter: Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
22.05.2014, 07:58
| #3 |
| | Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen Hallo,
__________________Erstmal danke für die schnelle Antwort! Hier sind die gewünschten Logs: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 22.05.2014 Suchlauf-Zeit: 08:15:42 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.05.22.01 Rootkit Datenbank: v2014.05.21.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Schach Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 365548 Verstrichene Zeit: 10 Min, 42 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 8 PUP.Optional.Linkey.A, HKU\S-1-5-21-1446757697-2309439942-254719417-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, In Quarantäne, [aebb1143aecdce68f826ff2ca55d5fa1], PUP.Optional.Linkey.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, In Quarantäne, [aebb1143aecdce68f826ff2ca55d5fa1], PUP.Optional.Linkey.A, HKU\S-1-5-21-1446757697-2309439942-254719417-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, In Quarantäne, [aebb1143aecdce68f826ff2ca55d5fa1], PUP.Optional.Linkey.A, HKU\S-1-5-21-1446757697-2309439942-254719417-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, In Quarantäne, [aebb1143aecdce68f826ff2ca55d5fa1], PUP.Optional.Linkey.A, HKU\S-1-5-21-1446757697-2309439942-254719417-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, In Quarantäne, [aebb1143aecdce68f826ff2ca55d5fa1], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SYSTEMK\General, In Quarantäne, [7fea5ff5d9a271c5dc204f4554ae6898], PUP.Optional.Softonic.A, HKU\S-1-5-21-1446757697-2309439942-254719417-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [6207c0944e2d05311ee7e4ad4cb6ab55], PUP.Optional.Softonic.A, HKU\S-1-5-21-1446757697-2309439942-254719417-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [aebb5bf981fad561ec19454c8c768779], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 9 PUP.Optional.AztecMedia.A, C:\Users\Fuchs\AppData\Local\Temp\nsc441D.tmp\Helper.dll, In Quarantäne, [18515cf81f5cd264f74156f1838133cd], PUP.Optional.AztecMedia.A, C:\Users\Fuchs\AppData\Local\Temp\nsc441D.tmp\Starter.exe, In Quarantäne, [baaf381ccface94d82a71e2927dde719], PUP.Optional.AztecMedia.A, C:\Users\Fuchs\AppData\Local\Temp\nse1E65.tmp\Helper.dll, In Quarantäne, [0f5aa4b03a415cda84b4d176679d669a], PUP.Optional.AztecMedia.A, C:\Users\Fuchs\AppData\Local\Temp\nse1E65.tmp\Starter.exe, In Quarantäne, [e1886fe514670c2a07224bfcda2aab55], PUP.Optional.DefaultSearch.A, C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\searchplugins\default-search.xml, In Quarantäne, [3e2bfc581d5e280e1cd7dcb87290cf31], PUP.Optional.DefaultSearch.A, C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\searchplugins\default-search.xml, In Quarantäne, [5019054f25560531e60dcacaef1331cf], PUP.Optional.DefaultSearch.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml, In Quarantäne, [2d3caca8ea91e4525f95207456acc937], PUP.Optional.DefaultSearch.A, C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=476&aid=146&itype=a&ver=12692&tm=315&src=ds&p=");), Ersetzt,[bcadee66a9d22016870bbec113f12dd3] PUP.Optional.DefaultSearch.A, C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=476&aid=146&itype=n&ver=12302&tm=315&src=ds&p=");), Ersetzt,[3b2e490b6d0e53e30989730c50b4cb35] Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.210 - Bericht erstellt am 22/05/2014 um 08:35:18
# Aktualisiert 19/05/2014 von Xplode
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : Schach - SOKRATES
# Gestartet von : C:\Users\rahel_000\Desktop\adwcleaner_3.210.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\rahel_000\AppData\LocalLow\DataMngr
Datei Gelöscht : C:\Users\rahel_000\Desktop\eBay.lnk
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\SystemK
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17037
-\\ Mozilla Firefox v29.0.1 (de)
[ Datei : C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.order.1", "default-search.net");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=476&aid=146&itype=n&ver=12302&tm=315&src=ds&p=");
[ Datei : C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js ]
[ Datei : C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js ]
[ Datei : C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js ]
[ Datei : C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js ]
[ Datei : C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js ]
[ Datei : C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js ]
[ Datei : C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js ]
[ Datei : C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js ]
[ Datei : C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js ]
[ Datei : C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js ]
[ Datei : C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js ]
[ Datei : C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js ]
[ Datei : C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [9208 octets] - [22/05/2014 08:34:32]
AdwCleaner[S0].txt - [5727 octets] - [22/05/2014 08:35:18]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5787 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Schach on 22.05.2014 at 8:42:09,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\rahel_000\AppData\Roaming\mozilla\firefox\profiles\u0ghnwd0.default\minidumps [3 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.05.2014 at 8:48:06,25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
Ran by Schach (administrator) on SOKRATES on 22-05-2014 08:50:24
Running from C:\Users\rahel_000\Downloads
Platform: Windows 8.1 (Update 1) (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VAIO Clip.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-10-28] (Realtek Semiconductor)
HKLM\...\Run: [Bluetooth] => c:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [534232 2013-09-25] (Broadcom Corporation.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM\...\Run: [HP LaserJet 200 color MFP M276 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2011-10-10] (Hewlett-Packard Company)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2362392 2013-11-21] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1446757697-2309439942-254719417-1002\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-1446757697-2309439942-254719417-1002\...\MountPoints2: {a8772377-8618-11e3-824f-806e6f6e6963} - "D:\SETUP.EXE"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.2.0.38
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://vaioportal.sony.eu
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.2.0.38
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchURL = hxxp://home.microsoft.com/access/autosearch.asp?p=%s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {01EEB4B6-0C7E-4EFA-836B-74AC56DE4CFC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=SEJB
SearchScopes: HKCU - {CECE89A5-3192-4691-BDE0-BBAD40157163} URL = hxxp://rover.ebay.com/rover/1/5222-42442-16445-29/4?mpre=hxxp://shop.ebay.ch/?oemInLn=ieSrch-&_nkw={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default
FF Homepage: https://www.google.ch/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Popular Website Buddy - C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\Extensions\jid1-l6V8exwLVv1lBw@jetpack [2014-03-30]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF [2014-03-29]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn\ []
==================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-10-28] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-16] (WildTangent)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company)
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-18] (Intel Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-27] (Sony Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2013-11-21] (Sony Corporation)
R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; c:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7488176 2014-01-26] (Broadcom Corporation)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-03-29] (Symantec Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140521.001\IDSvia64.sys [525016 2014-03-28] (Symantec Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-20] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140521.001\ENG64.SYS [126040 2014-03-29] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140521.001\EX64.SYS [2099288 2014-03-29] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2013-10-09] (Realsil Semiconductor Corporation)
S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-04-28] ()
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-28] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1502000.026\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-03-29] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 xusb22; C:\Windows\system32\DRIVERS\xusb22.sys [87040 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-22 08:48 - 2014-05-22 08:48 - 00000750 _____ () C:\Users\rahel_000\Desktop\JRT.txt
2014-05-22 08:42 - 2014-05-22 08:42 - 00000000 ____D () C:\Windows\ERUNT
2014-05-22 08:39 - 2014-05-22 08:39 - 01016261 _____ (Thisisu) C:\Users\rahel_000\Downloads\JRT.exe
2014-05-22 08:39 - 2014-05-22 08:39 - 00005871 _____ () C:\Users\rahel_000\Desktop\AdwCleaner[S0].txt
2014-05-22 08:32 - 2014-05-22 08:35 - 00000000 ____D () C:\AdwCleaner
2014-05-22 08:31 - 2014-05-22 08:32 - 01326389 _____ () C:\Users\rahel_000\Desktop\adwcleaner_3.210.exe
2014-05-22 08:31 - 2014-05-22 08:31 - 00004566 _____ () C:\Users\rahel_000\Desktop\mbam.txt
2014-05-22 08:14 - 2014-05-22 08:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-22 08:13 - 2014-05-22 08:13 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-22 08:13 - 2014-05-22 08:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-22 08:13 - 2014-05-22 08:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-22 08:13 - 2014-05-22 08:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-22 08:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-22 08:13 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-22 08:13 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-22 08:11 - 2014-05-22 08:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\rahel_000\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-22 07:53 - 2014-05-22 07:53 - 00001280 _____ () C:\Users\rahel_000\Desktop\Revo Uninstaller.lnk
2014-05-22 07:53 - 2014-05-22 07:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-22 07:52 - 2014-05-22 07:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\rahel_000\Downloads\revosetup95.exe
2014-05-21 23:04 - 2014-05-21 23:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-21 23:04 - 2014-05-21 23:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-21 23:04 - 2014-05-21 23:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-21 23:04 - 2014-05-21 23:04 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-21 23:04 - 2014-05-21 23:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-21 23:04 - 2014-05-21 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-21 23:04 - 2014-05-21 23:04 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-21 23:03 - 2014-05-21 23:03 - 00921512 _____ (Oracle Corporation) C:\Users\rahel_000\Downloads\jxpiinstall.exe
2014-05-21 23:02 - 2014-05-21 23:02 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-05-21 22:56 - 2014-05-21 22:56 - 00980106 _____ () C:\Users\rahel_000\Desktop\Info20140521225334.xml
2014-05-21 22:53 - 2014-05-21 23:09 - 00000000 ____D () C:\NPE
2014-05-21 22:51 - 2014-05-21 22:51 - 03077584 ____N (Symantec Corporation) C:\Users\rahel_000\Downloads\NPE.exe
2014-05-21 22:35 - 2014-05-21 22:35 - 00045387 _____ () C:\Users\rahel_000\Desktop\Addition.txt
2014-05-21 22:34 - 2014-05-22 08:50 - 00023955 _____ () C:\Users\rahel_000\Downloads\FRST.txt
2014-05-21 22:26 - 2014-05-21 22:27 - 00058247 _____ () C:\Users\rahel_000\Desktop\FRST.txt
2014-05-21 22:25 - 2014-05-21 22:25 - 02067456 _____ (Farbar) C:\Users\rahel_000\Downloads\FRST64.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00380416 _____ () C:\Users\rahel_000\Downloads\Gmer-19357.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00050477 _____ () C:\Users\rahel_000\Downloads\Defogger.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00000474 _____ () C:\Users\rahel_000\Desktop\defogger_disable.log
2014-05-21 22:14 - 2014-05-21 23:28 - 00009961 _____ () C:\Users\rahel_000\Desktop\gmer.txt
2014-05-21 22:06 - 2014-05-21 22:06 - 00380416 _____ () C:\Users\Fuchs\Downloads\Gmer-19357.exe
2014-05-21 22:04 - 2014-05-21 22:04 - 00048595 _____ () C:\Users\Fuchs\Desktop\FRST.txt
2014-05-21 22:04 - 2014-05-21 22:04 - 00031958 _____ () C:\Users\Fuchs\Desktop\Addition.txt
2014-05-21 22:03 - 2014-05-22 08:50 - 00000000 ____D () C:\FRST
2014-05-21 22:02 - 2014-05-21 22:02 - 02067456 _____ (Farbar) C:\Users\Fuchs\Downloads\FRST64(1).exe
2014-05-21 22:00 - 2014-05-21 22:00 - 00576495 _____ () C:\Users\Fuchs\Downloads\FRST64.exe
2014-05-21 22:00 - 2014-05-21 22:00 - 00000474 _____ () C:\Users\Fuchs\Desktop\defogger_disable.log
2014-05-21 22:00 - 2014-05-21 22:00 - 00000000 _____ () C:\Users\rahel_000\defogger_reenable
2014-05-21 21:59 - 2014-05-21 21:59 - 00050477 _____ () C:\Users\Fuchs\Downloads\Defogger.exe
2014-05-21 21:17 - 2014-05-21 23:27 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\NPE
2014-05-21 21:17 - 2014-05-21 21:17 - 03077584 ____N (Symantec Corporation) C:\Users\Fuchs\Downloads\NPE.exe
2014-05-16 21:19 - 2014-05-16 21:19 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-16 21:18 - 2014-05-16 21:18 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\WildTangent
2014-05-16 01:01 - 2014-05-16 01:01 - 00000000 ____D () C:\5a79d5eb9d2d0944646633
2014-05-15 19:43 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\Windows\system32\mrt_map.dll
2014-05-15 19:43 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\Windows\system32\mrt100.dll
2014-05-15 19:43 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt_map.dll
2014-05-15 19:43 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt100.dll
2014-05-15 19:43 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-15 19:43 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-05-15 19:43 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-15 19:43 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-05-15 19:43 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-05-15 18:38 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-05-15 18:38 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-05-15 18:38 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2014-05-15 18:38 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-05-15 18:38 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-05-15 18:38 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-05-15 18:38 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-05-15 18:38 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-05-15 18:38 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-05-15 18:38 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-05-15 18:38 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 18:38 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-05-15 18:38 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 18:38 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-05-15 18:38 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-05-15 18:38 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-05-15 18:38 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-05-15 18:38 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-05-15 18:38 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-05-15 18:38 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-05-15 18:38 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-05-15 18:38 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-05-15 18:38 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-05-15 18:38 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-05-15 18:38 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-15 18:38 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-05-15 18:38 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-15 18:37 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 18:37 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 18:37 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 18:37 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 18:37 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 18:37 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-10 18:43 - 2014-05-11 19:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 16:24 - 2014-05-10 18:48 - 00001310 _____ () C:\Users\Public\Desktop\WildStar.lnk
2014-05-10 16:24 - 2014-05-10 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2014-05-10 16:24 - 2014-05-10 16:24 - 00000000 ____D () C:\Program Files (x86)\NCSOFT
2014-05-10 16:22 - 2014-05-10 16:22 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\NCSOFT
2014-05-10 16:22 - 2014-05-10 16:22 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\NCSOFT
2014-05-10 16:11 - 2014-05-10 16:11 - 10527224 _____ (NCSOFT) C:\Users\Fuchs\Downloads\Wildstar(2).exe
2014-05-10 16:07 - 2014-05-10 16:07 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-05-04 00:23 - 2014-05-04 00:23 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-05-02 15:10 - 2014-05-02 15:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 15:10 - 2014-05-02 15:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-01 13:53 - 2014-05-01 13:53 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Introversion
2014-04-28 18:58 - 2014-05-14 20:15 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-04-28 03:08 - 2014-04-28 03:08 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\CrashDumps
2014-04-28 01:08 - 2014-04-28 01:08 - 00262192 _____ () C:\Windows\Minidump\042814-46328-01.dmp
2014-04-28 01:06 - 2013-12-17 09:36 - 29339936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 22104352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 15930288 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 15699056 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 13656024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 12947384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 11311392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-04-28 01:06 - 2013-12-17 09:36 - 09281544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 07721112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 07598080 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 06330064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 02971424 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 02789664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 02367776 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 02007840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432762.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432762.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00458528 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00388384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00032544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-04-28 01:03 - 2014-04-28 01:03 - 00003132 _____ () C:\Windows\System32\Tasks\USER_ESRV_SVC
2014-04-28 01:03 - 2014-04-28 01:03 - 00002060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care (Desktop).lnk
2014-04-28 01:03 - 2014-04-28 01:03 - 00001992 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Manual.lnk
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Schach\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Schach
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\rahel_000\AppData\Roaming\iolo
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Gast
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Administrator
2014-04-25 17:46 - 2014-04-25 17:46 - 00295656 _____ () C:\Windows\Minidump\042514-35578-01.dmp
2014-04-25 17:43 - 2014-04-25 17:43 - 02143832 _____ () C:\Users\rahel_000\Downloads\instsf449.exe
2014-04-25 17:36 - 2014-04-25 17:37 - 00292104 _____ () C:\Windows\Minidump\042514-36828-01.dmp
2014-04-25 17:35 - 2014-04-25 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-04-25 17:35 - 2014-04-25 17:44 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-04-24 13:04 - 2014-04-24 13:51 - 00000000 ____D () C:\Users\Fuchs\Documents\Matur
2014-04-23 17:48 - 2014-04-23 17:48 - 00000000 ____D () C:\Users\rahel_000\Documents\Games for Windows - LIVE Demos
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-04-23 17:44 - 2014-04-23 17:44 - 00642712 _____ (Microsoft Corporation) C:\Users\rahel_000\Downloads\gfwlivesetup.exe
2014-04-23 17:43 - 2014-04-23 17:43 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\Macromedia
2014-04-23 17:41 - 2014-05-21 23:16 - 00000000 ____D () C:\Update
2014-04-23 17:38 - 2014-04-23 17:38 - 00000000 __SHD () C:\Users\rahel_000\AppData\Local\EmieUserList
2014-04-23 17:38 - 2014-04-23 17:38 - 00000000 __SHD () C:\Users\rahel_000\AppData\Local\EmieSiteList
2014-04-22 22:45 - 2014-04-22 22:45 - 00000000 ____D () C:\Users\dub_cm_auto
2014-04-22 11:51 - 2014-04-22 12:21 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\.minecraft
==================== One Month Modified Files and Folders =======
2014-05-22 08:50 - 2014-05-21 22:34 - 00023955 _____ () C:\Users\rahel_000\Downloads\FRST.txt
2014-05-22 08:50 - 2014-05-21 22:03 - 00000000 ____D () C:\FRST
2014-05-22 08:49 - 2014-03-29 22:04 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1446757697-2309439942-254719417-1002
2014-05-22 08:48 - 2014-05-22 08:48 - 00000750 _____ () C:\Users\rahel_000\Desktop\JRT.txt
2014-05-22 08:42 - 2014-05-22 08:42 - 00000000 ____D () C:\Windows\ERUNT
2014-05-22 08:41 - 2014-03-31 22:19 - 00000000 ____D () C:\Users\rahel_000\AppData\Roaming\ClassicShell
2014-05-22 08:39 - 2014-05-22 08:39 - 01016261 _____ (Thisisu) C:\Users\rahel_000\Downloads\JRT.exe
2014-05-22 08:39 - 2014-05-22 08:39 - 00005871 _____ () C:\Users\rahel_000\Desktop\AdwCleaner[S0].txt
2014-05-22 08:38 - 2014-01-26 01:52 - 02007892 _____ () C:\Windows\WindowsUpdate.log
2014-05-22 08:36 - 2013-09-13 23:00 - 00010174 _____ () C:\Windows\PFRO.log
2014-05-22 08:36 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-22 08:35 - 2014-05-22 08:32 - 00000000 ____D () C:\AdwCleaner
2014-05-22 08:32 - 2014-05-22 08:31 - 01326389 _____ () C:\Users\rahel_000\Desktop\adwcleaner_3.210.exe
2014-05-22 08:31 - 2014-05-22 08:31 - 00004566 _____ () C:\Users\rahel_000\Desktop\mbam.txt
2014-05-22 08:29 - 2014-05-22 08:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-22 08:15 - 2014-03-30 01:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-22 08:13 - 2014-05-22 08:13 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-22 08:13 - 2014-05-22 08:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-22 08:13 - 2014-05-22 08:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-22 08:13 - 2014-05-22 08:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-22 08:11 - 2014-05-22 08:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\rahel_000\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-22 08:07 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-05-22 08:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-05-22 07:53 - 2014-05-22 07:53 - 00001280 _____ () C:\Users\rahel_000\Desktop\Revo Uninstaller.lnk
2014-05-22 07:53 - 2014-05-22 07:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-22 07:52 - 2014-05-22 07:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\rahel_000\Downloads\revosetup95.exe
2014-05-22 01:21 - 2014-03-30 01:55 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-22 01:21 - 2014-03-30 01:44 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\ClassicShell
2014-05-22 01:07 - 2014-03-30 01:01 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1446757697-2309439942-254719417-1005
2014-05-22 00:30 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-05-21 23:28 - 2014-05-21 22:14 - 00009961 _____ () C:\Users\rahel_000\Desktop\gmer.txt
2014-05-21 23:27 - 2014-05-21 21:17 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\NPE
2014-05-21 23:16 - 2014-04-23 17:41 - 00000000 ____D () C:\Update
2014-05-21 23:09 - 2014-05-21 22:53 - 00000000 ____D () C:\NPE
2014-05-21 23:06 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-05-21 23:04 - 2014-05-21 23:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-21 23:04 - 2014-05-21 23:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-21 23:04 - 2014-05-21 23:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-21 23:04 - 2014-05-21 23:04 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-21 23:04 - 2014-05-21 23:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-21 23:04 - 2014-05-21 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-21 23:04 - 2014-05-21 23:04 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-21 23:03 - 2014-05-21 23:03 - 00921512 _____ (Oracle Corporation) C:\Users\rahel_000\Downloads\jxpiinstall.exe
2014-05-21 23:02 - 2014-05-21 23:02 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-05-21 23:02 - 2014-01-26 02:01 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2014-05-21 23:02 - 2014-01-26 01:58 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-05-21 23:01 - 2014-01-26 09:30 - 00000000 ____D () C:\Program Files\Sony
2014-05-21 23:01 - 2014-01-26 01:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-21 22:56 - 2014-05-21 22:56 - 00980106 _____ () C:\Users\rahel_000\Desktop\Info20140521225334.xml
2014-05-21 22:51 - 2014-05-21 22:51 - 03077584 ____N (Symantec Corporation) C:\Users\rahel_000\Downloads\NPE.exe
2014-05-21 22:35 - 2014-05-21 22:35 - 00045387 _____ () C:\Users\rahel_000\Desktop\Addition.txt
2014-05-21 22:34 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-05-21 22:28 - 2014-03-30 02:05 - 00000000 ____D () C:\Users\rahel_000\AppData\Roaming\HpUpdate
2014-05-21 22:27 - 2014-05-21 22:26 - 00058247 _____ () C:\Users\rahel_000\Desktop\FRST.txt
2014-05-21 22:25 - 2014-05-21 22:25 - 02067456 _____ (Farbar) C:\Users\rahel_000\Downloads\FRST64.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00380416 _____ () C:\Users\rahel_000\Downloads\Gmer-19357.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00050477 _____ () C:\Users\rahel_000\Downloads\Defogger.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00000474 _____ () C:\Users\rahel_000\Desktop\defogger_disable.log
2014-05-21 22:22 - 2014-03-29 22:01 - 00000000 ___RD () C:\Users\rahel_000\SkyDrive
2014-05-21 22:22 - 2014-03-29 21:57 - 00000000 ___RD () C:\Users\rahel_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-21 22:22 - 2014-03-29 21:57 - 00000000 ___RD () C:\Users\rahel_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-21 22:13 - 2014-03-30 00:58 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6EB015A1-94C7-4988-A780-46552CF01F96}
2014-05-21 22:10 - 2014-03-30 01:50 - 00154112 ___SH () C:\Users\Fuchs\Downloads\Thumbs.db
2014-05-21 22:06 - 2014-05-21 22:06 - 00380416 _____ () C:\Users\Fuchs\Downloads\Gmer-19357.exe
2014-05-21 22:04 - 2014-05-21 22:04 - 00048595 _____ () C:\Users\Fuchs\Desktop\FRST.txt
2014-05-21 22:04 - 2014-05-21 22:04 - 00031958 _____ () C:\Users\Fuchs\Desktop\Addition.txt
2014-05-21 22:02 - 2014-05-21 22:02 - 02067456 _____ (Farbar) C:\Users\Fuchs\Downloads\FRST64(1).exe
2014-05-21 22:00 - 2014-05-21 22:00 - 00576495 _____ () C:\Users\Fuchs\Downloads\FRST64.exe
2014-05-21 22:00 - 2014-05-21 22:00 - 00000474 _____ () C:\Users\Fuchs\Desktop\defogger_disable.log
2014-05-21 22:00 - 2014-05-21 22:00 - 00000000 _____ () C:\Users\rahel_000\defogger_reenable
2014-05-21 22:00 - 2014-03-29 21:55 - 00000000 ____D () C:\Users\rahel_000
2014-05-21 21:59 - 2014-05-21 21:59 - 00050477 _____ () C:\Users\Fuchs\Downloads\Defogger.exe
2014-05-21 21:18 - 2014-03-29 23:16 - 00000000 ____D () C:\ProgramData\Norton
2014-05-21 21:17 - 2014-05-21 21:17 - 03077584 ____N (Symantec Corporation) C:\Users\Fuchs\Downloads\NPE.exe
2014-05-21 19:07 - 2014-03-30 00:56 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Adobe
2014-05-21 19:07 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-21 19:04 - 2014-03-30 00:56 - 00000000 ____D () C:\Users\Fuchs
2014-05-18 21:12 - 2014-03-29 23:18 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-16 23:32 - 2013-08-22 16:46 - 00019789 _____ () C:\Windows\setupact.log
2014-05-16 23:12 - 2014-03-30 10:31 - 00000000 ____D () C:\ProgramData\Origin
2014-05-16 23:12 - 2014-03-30 10:31 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-16 21:19 - 2014-05-16 21:19 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-16 21:19 - 2014-01-26 02:25 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-05-16 21:18 - 2014-05-16 21:18 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\WildTangent
2014-05-16 21:18 - 2014-01-26 02:25 - 00000000 ____D () C:\ProgramData\WildTangent
2014-05-16 20:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-16 16:49 - 2014-03-30 00:56 - 00000000 ___RD () C:\Users\Fuchs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 16:49 - 2014-03-30 00:56 - 00000000 ___RD () C:\Users\Fuchs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 01:01 - 2014-05-16 01:01 - 00000000 ____D () C:\5a79d5eb9d2d0944646633
2014-05-16 01:01 - 2014-03-30 00:06 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 22:24 - 2014-03-30 03:04 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\Apple Computer
2014-05-14 20:15 - 2014-04-28 18:58 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-14 20:15 - 2014-03-30 01:25 - 00003766 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 20:03 - 2014-03-30 00:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-12 07:26 - 2014-05-22 08:13 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-22 08:13 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-22 08:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-12 00:57 - 2014-03-30 10:28 - 00000000 ____D () C:\Users\Fuchs\Documents\Französisch
2014-05-11 19:54 - 2014-05-10 18:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-11 14:39 - 2014-03-30 00:56 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Packages
2014-05-10 18:48 - 2014-05-10 16:24 - 00001310 _____ () C:\Users\Public\Desktop\WildStar.lnk
2014-05-10 16:24 - 2014-05-10 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2014-05-10 16:24 - 2014-05-10 16:24 - 00000000 ____D () C:\Program Files (x86)\NCSOFT
2014-05-10 16:22 - 2014-05-10 16:22 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\NCSOFT
2014-05-10 16:22 - 2014-05-10 16:22 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\NCSOFT
2014-05-10 16:11 - 2014-05-10 16:11 - 10527224 _____ (NCSOFT) C:\Users\Fuchs\Downloads\Wildstar(2).exe
2014-05-10 16:07 - 2014-05-10 16:07 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-05-10 16:07 - 2014-03-30 10:38 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\Origin
2014-05-10 16:07 - 2014-03-30 10:37 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Origin
2014-05-07 00:12 - 2014-04-10 21:11 - 00000000 ____D () C:\ProgramData\CyberLink
2014-05-06 18:22 - 2014-03-30 13:46 - 00080997 _____ () C:\Windows\DirectX.log
2014-05-06 18:06 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-06 06:40 - 2014-05-15 18:37 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:25 - 2014-05-15 18:37 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:00 - 2014-05-15 18:37 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 18:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 00:23 - 2014-05-04 00:23 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-05-02 15:10 - 2014-05-02 15:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 15:10 - 2014-05-02 15:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-01 22:30 - 2013-08-22 17:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 22:30 - 2013-08-22 17:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-01 13:53 - 2014-05-01 13:53 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Introversion
2014-04-28 03:08 - 2014-04-28 03:08 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\CrashDumps
2014-04-28 01:28 - 2014-01-26 02:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home
2014-04-28 01:08 - 2014-04-28 01:08 - 00262192 _____ () C:\Windows\Minidump\042814-46328-01.dmp
2014-04-28 01:08 - 2014-04-02 17:52 - 774908773 _____ () C:\Windows\MEMORY.DMP
2014-04-28 01:08 - 2014-04-02 17:52 - 00000000 ____D () C:\Windows\Minidump
2014-04-28 01:08 - 2014-01-26 01:52 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-04-28 01:08 - 2014-01-26 01:52 - 00000000 ____D () C:\Windows\system32\NV
2014-04-28 01:08 - 2014-01-26 01:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-28 01:03 - 2014-04-28 01:03 - 00003132 _____ () C:\Windows\System32\Tasks\USER_ESRV_SVC
2014-04-28 01:03 - 2014-04-28 01:03 - 00002060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care (Desktop).lnk
2014-04-28 01:03 - 2014-04-28 01:03 - 00001992 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Manual.lnk
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Schach\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Schach
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\rahel_000\AppData\Roaming\iolo
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Gast
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Administrator
2014-04-28 01:03 - 2014-01-26 01:58 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-04-28 01:03 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-04-28 01:01 - 2014-01-26 02:35 - 00013792 _____ () C:\Windows\system32\Drivers\semav6thermal64ro.sys
2014-04-27 00:47 - 2014-03-30 01:52 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\Skype
2014-04-25 17:52 - 2014-04-25 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-04-25 17:46 - 2014-04-25 17:46 - 00295656 _____ () C:\Windows\Minidump\042514-35578-01.dmp
2014-04-25 17:44 - 2014-04-25 17:35 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-04-25 17:43 - 2014-04-25 17:43 - 02143832 _____ () C:\Users\rahel_000\Downloads\instsf449.exe
2014-04-25 17:37 - 2014-04-25 17:36 - 00292104 _____ () C:\Windows\Minidump\042514-36828-01.dmp
2014-04-24 13:51 - 2014-04-24 13:04 - 00000000 ____D () C:\Users\Fuchs\Documents\Matur
2014-04-23 17:48 - 2014-04-23 17:48 - 00000000 ____D () C:\Users\rahel_000\Documents\Games for Windows - LIVE Demos
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-04-23 17:44 - 2014-04-23 17:44 - 00642712 _____ (Microsoft Corporation) C:\Users\rahel_000\Downloads\gfwlivesetup.exe
2014-04-23 17:43 - 2014-04-23 17:43 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\Macromedia
2014-04-23 17:38 - 2014-04-23 17:38 - 00000000 __SHD () C:\Users\rahel_000\AppData\Local\EmieUserList
2014-04-23 17:38 - 2014-04-23 17:38 - 00000000 __SHD () C:\Users\rahel_000\AppData\Local\EmieSiteList
2014-04-22 22:45 - 2014-04-22 22:45 - 00000000 ____D () C:\Users\dub_cm_auto
2014-04-22 12:21 - 2014-04-22 11:51 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\.minecraft
Some content of TEMP:
====================
C:\Users\Fuchs\AppData\Local\Temp\COMAP.EXE
C:\Users\Fuchs\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\rahel_000\AppData\Local\Temp\ClassicShellSetup_4_0_4.exe
C:\Users\rahel_000\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\rahel_000\AppData\Local\Temp\Quarantine.exe
C:\Users\rahel_000\AppData\Local\Temp\readSTILog.dll
C:\Users\rahel_000\AppData\Local\Temp\sdanircmdc.exe
C:\Users\rahel_000\AppData\Local\Temp\sdapskill.exe
C:\Users\rahel_000\AppData\Local\Temp\sdaspwn.exe
C:\Users\rahel_000\AppData\Local\Temp\sfamcc00001.dll
C:\Users\rahel_000\AppData\Local\Temp\sfareca00001.dll
C:\Users\rahel_000\AppData\Local\Temp\sfextra.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-21 19:34
==================== End Of Log ============================
--- --- --- |
|
23.05.2014, 10:47
| #4 |
| /// the machine /// TB-Ausbilder | Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.05.2014, 08:06
| #5 |
| | Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen Hallo, Ich selber würde jetzt keine Probleme mehr sehen, da der Internet Security Scan nichts mehr findet. Aber anscheinend gibts es ja doch noch Probleme, wenn der ESET Scanner etwas findet. Dass ich, wenn ich Firefox starte, auf einer anderen Seite als meiner gewünschten Startseite lande, konnte ja auch entfernt werden und das war auch das, was ich hauptsächtlich bemerkte. Liebe Grüsse Rahel ESET-Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6e843fbb032f4744bc9766f3a3925ae6
# engine=18390
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-24 02:07:57
# local_time=2014-05-24 04:07:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode=3591 16777213 100 88 1739755 163493862 0 0
# compatibility_mode=5893 16776574 100 94 0 25778570 0 0
# scanned=614272
# found=32
# cleaned=0
# scan_time=13407
sh=6736252706F89DFC6899FEE6C360D8BFBF401BEC ft=1 fh=374276c930bcde15 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF10.dll"
sh=7909DF2339D78F00C24092FFF9491317AB954316 ft=1 fh=2ff184a74c05a271 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF11.dll"
sh=E5FCE2519122FAF40529BA6294CB3F0844E0C738 ft=1 fh=f13e05a62680f109 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF12.dll"
sh=EFC055DC03DD7698ABBFB92718A7777E2973F079 ft=1 fh=6ef019d475ea6325 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF13.dll"
sh=D2859A7F5E059C24ED68665DA69EDF33A7352D55 ft=1 fh=357742a168447bbd vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF14.dll"
sh=5F46910AFA74FD8EE8574E183A04B8E781F1A249 ft=1 fh=9887df60e379ba2f vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF15.dll"
sh=D755D4C9CC3700F4869589360F53F61B6CC2CC72 ft=1 fh=ce2f72d226aff2b4 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF16.dll"
sh=D5224E3374B861B523BC618B725D88774D077E39 ft=1 fh=c6333adf6866c44f vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF17.dll"
sh=B538DC950FD59AA3F4D1349FE0BD2E2B92603612 ft=1 fh=21900040b5af4e8e vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF18.dll"
sh=B785203A7E1C00F93B888EB494B33EA5D108571E ft=1 fh=fe3406bdfbae635e vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF19.dll"
sh=11A9C493387FFF75D1DDEDBB8F4449CD06DF8C93 ft=1 fh=005351c573d9875e vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF2.dll"
sh=7AE7378589350EA7FF89791FB017E371E653A5B7 ft=1 fh=f8ea411c78bbb34f vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF20.dll"
sh=DFEDDDF25967D22BBDFC60DAB1911B85FEE88D01 ft=1 fh=dc927e8494037489 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF21.dll"
sh=693DE5FECAD1B00542B339DD2F9A529B4A06A5E2 ft=1 fh=e35a43df301ed0c6 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF22.dll"
sh=4ED4F94AF4D97B67412714D0747B45CF0FD6B2DA ft=1 fh=0444909e9111ddc6 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF23.dll"
sh=1AFC1DF188673069ACE2163F696052C1ECB08144 ft=1 fh=9a5377a5e8bddacd vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF24.dll"
sh=75E809C271D5E5ADE512E408C9EA5ADE196DE89C ft=1 fh=7061a52b9960f21b vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF25.dll"
sh=C400C8D7DA9B44EF26D343A43D7079E4A87AF733 ft=1 fh=dbd9550bceae1ea9 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF26.dll"
sh=4E650F2C07952D0925C8D71B2B0D36B410D27C51 ft=1 fh=e213dfeb1eda7c6b vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF27.dll"
sh=BD6032EF269C1FFAB0931168C6B5CBFE0D8AAF72 ft=1 fh=076f8ebd13e4e9b1 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF28.dll"
sh=764939C29CA79FC7F2802ABCE2CD20C6244BA0BF ft=1 fh=3561307f0699aa6f vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF29.dll"
sh=7670B37DBB5192661C56908529F0C994E45A6954 ft=1 fh=36b8f310622c76d5 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF4.dll"
sh=FDD7DD7F09B21EB50AAC74FC235F05A594DAC4DC ft=1 fh=4edf44d6b267a41c vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF5.dll"
sh=BD07028D4DA0F02790633480206025807B0F78E2 ft=1 fh=473dff4246a7fd2a vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF6.dll"
sh=42E09CB7ADCA9A141089F3F2D45F746B1C236F98 ft=1 fh=ffd8dd6bffaac829 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF7.dll"
sh=53B8D8514A3C23F2B745FBD5C03E09BB24BF331D ft=1 fh=07e550a04c82e3f3 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF8.dll"
sh=6539535AAB146A3C27DB949B4376C7895C3731B6 ft=1 fh=e1ba3d53c2ef126c vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Fuchs\AppData\Roaming\Mozilla\Firefox\Profiles\53114po3.default\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF9.dll"
sh=E0C5E31B4A4DAA88C64BB4CA1E304C4D70481F1F ft=1 fh=626d7421e12db363 vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="E:\Datentransfer_zu_Sony_Vaio\Downloads\cbsidlm-cbsi145-JoyToKey-ORG-75220348.exe"
sh=A7BD555A46FD823EEF3798E79FA191A7E2C22031 ft=1 fh=53ec8d2c3f3ac30a vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="E:\Datentransfer_zu_Sony_Vaio\Downloads\gimp-2.8.8-setup - CHIP-Downloader.exe"
sh=1F103692D20FB119B64F951B27CFE9E5AB2DE301 ft=1 fh=8edf59d8455c51dd vn="Variante von Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="E:\Datentransfer_zu_Sony_Vaio\Downloads\HC2Setup.exe"
sh=4AF149084322DBB9BA0198F3A0BF4EAF1437EA38 ft=1 fh=c2f4d7b67b427a0a vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="E:\Datentransfer_zu_Sony_Vaio\Downloads\openfreely_1296.exe"
sh=79274AFC84B8E582B917235D331C935FECC422FD ft=1 fh=6ec544a0c04266dd vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="E:\Datentransfer_zu_Sony_Vaio\Downloads\Recuva - CHIP-Downloader.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.83
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 55
Adobe Flash Player 13.0.0.214
Adobe Reader XI
Mozilla Firefox (29.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
Ran by Schach (administrator) on SOKRATES on 24-05-2014 08:52:33
Running from C:\Users\rahel_000\Desktop
Platform: Windows 8.1 (Update 1) (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VAIO Clip.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-10-28] (Realtek Semiconductor)
HKLM\...\Run: [Bluetooth] => c:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [534232 2013-09-25] (Broadcom Corporation.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM\...\Run: [HP LaserJet 200 color MFP M276 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2011-10-10] (Hewlett-Packard Company)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2362392 2013-11-21] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1446757697-2309439942-254719417-1002\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-1446757697-2309439942-254719417-1002\...\MountPoints2: {a8772377-8618-11e3-824f-806e6f6e6963} - "D:\SETUP.EXE"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.2.0.38
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://vaioportal.sony.eu
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.2.0.38
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchURL = hxxp://home.microsoft.com/access/autosearch.asp?p=%s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {01EEB4B6-0C7E-4EFA-836B-74AC56DE4CFC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=SEJB
SearchScopes: HKCU - {CECE89A5-3192-4691-BDE0-BBAD40157163} URL = hxxp://rover.ebay.com/rover/1/5222-42442-16445-29/4?mpre=hxxp://shop.ebay.ch/?oemInLn=ieSrch-&_nkw={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default
FF Homepage: https://www.google.ch/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Popular Website Buddy - C:\Users\rahel_000\AppData\Roaming\Mozilla\Firefox\Profiles\u0ghnwd0.default\Extensions\jid1-l6V8exwLVv1lBw@jetpack [2014-03-30]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF [2014-03-29]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn\ []
==================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-10-28] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-16] (WildTangent)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company)
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-18] (Intel Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-27] (Sony Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2013-11-21] (Sony Corporation)
R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; c:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7488176 2014-01-26] (Broadcom Corporation)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-03-29] (Symantec Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140523.001\IDSvia64.sys [525016 2014-03-28] (Symantec Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-20] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140523.017\ENG64.SYS [126040 2014-03-29] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140523.017\EX64.SYS [2099288 2014-03-29] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2013-10-09] (Realsil Semiconductor Corporation)
S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-04-28] ()
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-28] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1503000.00C\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1503000.00C\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-03-29] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R3 SymNetS; C:\Windows\system32\drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 xusb22; C:\Windows\system32\DRIVERS\xusb22.sys [87040 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-24 08:48 - 2014-05-24 08:48 - 00854367 _____ () C:\Users\rahel_000\Desktop\SecurityCheck.exe
2014-05-24 00:19 - 2014-05-24 00:20 - 02347384 _____ (ESET) C:\Users\rahel_000\Downloads\esetsmartinstaller_deu.exe
2014-05-22 22:26 - 2014-05-22 22:26 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Daedalic Entertainment GmbH
2014-05-22 22:26 - 2014-05-22 22:26 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-22 08:48 - 2014-05-22 08:48 - 00000750 _____ () C:\Users\rahel_000\Desktop\JRT.txt
2014-05-22 08:42 - 2014-05-22 08:42 - 00000000 ____D () C:\Windows\ERUNT
2014-05-22 08:39 - 2014-05-22 08:39 - 01016261 _____ (Thisisu) C:\Users\rahel_000\Downloads\JRT.exe
2014-05-22 08:39 - 2014-05-22 08:39 - 00005871 _____ () C:\Users\rahel_000\Desktop\AdwCleaner[S0].txt
2014-05-22 08:32 - 2014-05-22 08:35 - 00000000 ____D () C:\AdwCleaner
2014-05-22 08:31 - 2014-05-22 08:32 - 01326389 _____ () C:\Users\rahel_000\Desktop\adwcleaner_3.210.exe
2014-05-22 08:31 - 2014-05-22 08:31 - 00004566 _____ () C:\Users\rahel_000\Desktop\mbam.txt
2014-05-22 08:14 - 2014-05-22 08:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-22 08:13 - 2014-05-22 08:13 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-22 08:13 - 2014-05-22 08:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-22 08:13 - 2014-05-22 08:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-22 08:13 - 2014-05-22 08:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-22 08:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-22 08:13 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-22 08:13 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-22 08:11 - 2014-05-22 08:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\rahel_000\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-22 07:53 - 2014-05-22 07:53 - 00001280 _____ () C:\Users\rahel_000\Desktop\Revo Uninstaller.lnk
2014-05-22 07:53 - 2014-05-22 07:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-22 07:52 - 2014-05-22 07:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\rahel_000\Downloads\revosetup95.exe
2014-05-21 23:04 - 2014-05-21 23:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-21 23:04 - 2014-05-21 23:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-21 23:04 - 2014-05-21 23:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-21 23:04 - 2014-05-21 23:04 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-21 23:04 - 2014-05-21 23:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-21 23:04 - 2014-05-21 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-21 23:04 - 2014-05-21 23:04 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-21 23:03 - 2014-05-21 23:03 - 00921512 _____ (Oracle Corporation) C:\Users\rahel_000\Downloads\jxpiinstall.exe
2014-05-21 23:02 - 2014-05-21 23:02 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-05-21 22:56 - 2014-05-21 22:56 - 00980106 _____ () C:\Users\rahel_000\Desktop\Info20140521225334.xml
2014-05-21 22:53 - 2014-05-21 23:09 - 00000000 ____D () C:\NPE
2014-05-21 22:51 - 2014-05-21 22:51 - 03077584 ____N (Symantec Corporation) C:\Users\rahel_000\Downloads\NPE.exe
2014-05-21 22:35 - 2014-05-21 22:35 - 00045387 _____ () C:\Users\rahel_000\Desktop\Addition.txt
2014-05-21 22:34 - 2014-05-22 08:50 - 00060443 _____ () C:\Users\rahel_000\Downloads\FRST.txt
2014-05-21 22:26 - 2014-05-24 08:52 - 00023997 _____ () C:\Users\rahel_000\Desktop\FRST.txt
2014-05-21 22:25 - 2014-05-21 22:25 - 02067456 _____ (Farbar) C:\Users\rahel_000\Desktop\FRST64.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00380416 _____ () C:\Users\rahel_000\Downloads\Gmer-19357.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00050477 _____ () C:\Users\rahel_000\Downloads\Defogger.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00000474 _____ () C:\Users\rahel_000\Desktop\defogger_disable.log
2014-05-21 22:14 - 2014-05-21 23:28 - 00009961 _____ () C:\Users\rahel_000\Desktop\gmer.txt
2014-05-21 22:06 - 2014-05-21 22:06 - 00380416 _____ () C:\Users\Fuchs\Downloads\Gmer-19357.exe
2014-05-21 22:03 - 2014-05-24 08:52 - 00000000 ____D () C:\FRST
2014-05-21 22:02 - 2014-05-21 22:02 - 02067456 _____ (Farbar) C:\Users\Fuchs\Downloads\FRST64(1).exe
2014-05-21 22:00 - 2014-05-21 22:00 - 00576495 _____ () C:\Users\Fuchs\Downloads\FRST64.exe
2014-05-21 22:00 - 2014-05-21 22:00 - 00000000 _____ () C:\Users\rahel_000\defogger_reenable
2014-05-21 21:59 - 2014-05-21 21:59 - 00050477 _____ () C:\Users\Fuchs\Downloads\Defogger.exe
2014-05-21 21:17 - 2014-05-21 23:27 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\NPE
2014-05-21 21:17 - 2014-05-21 21:17 - 03077584 ____N (Symantec Corporation) C:\Users\Fuchs\Downloads\NPE.exe
2014-05-16 21:19 - 2014-05-16 21:19 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-16 21:18 - 2014-05-16 21:18 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\WildTangent
2014-05-16 01:01 - 2014-05-16 01:01 - 00000000 ____D () C:\5a79d5eb9d2d0944646633
2014-05-15 19:43 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\Windows\system32\mrt_map.dll
2014-05-15 19:43 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\Windows\system32\mrt100.dll
2014-05-15 19:43 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt_map.dll
2014-05-15 19:43 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt100.dll
2014-05-15 19:43 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-15 19:43 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-05-15 19:43 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-15 19:43 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-05-15 19:43 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-05-15 18:38 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-05-15 18:38 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-05-15 18:38 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2014-05-15 18:38 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-05-15 18:38 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-05-15 18:38 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-05-15 18:38 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-05-15 18:38 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-05-15 18:38 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-05-15 18:38 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-05-15 18:38 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 18:38 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-05-15 18:38 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 18:38 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-05-15 18:38 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-05-15 18:38 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-05-15 18:38 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-05-15 18:38 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-05-15 18:38 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-05-15 18:38 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-05-15 18:38 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-05-15 18:38 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-05-15 18:38 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-05-15 18:38 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-05-15 18:38 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-15 18:38 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-05-15 18:38 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-15 18:37 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 18:37 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 18:37 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 18:37 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 18:37 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 18:37 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-10 18:43 - 2014-05-11 19:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 16:24 - 2014-05-10 18:48 - 00001310 _____ () C:\Users\Public\Desktop\WildStar.lnk
2014-05-10 16:24 - 2014-05-10 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2014-05-10 16:24 - 2014-05-10 16:24 - 00000000 ____D () C:\Program Files (x86)\NCSOFT
2014-05-10 16:22 - 2014-05-10 16:22 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\NCSOFT
2014-05-10 16:22 - 2014-05-10 16:22 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\NCSOFT
2014-05-10 16:11 - 2014-05-10 16:11 - 10527224 _____ (NCSOFT) C:\Users\Fuchs\Downloads\Wildstar(2).exe
2014-05-10 16:07 - 2014-05-10 16:07 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-05-04 00:23 - 2014-05-04 00:23 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-05-02 15:10 - 2014-05-02 15:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 15:10 - 2014-05-02 15:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-01 13:53 - 2014-05-01 13:53 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Introversion
2014-04-28 18:58 - 2014-05-14 20:15 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-04-28 03:08 - 2014-04-28 03:08 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\CrashDumps
2014-04-28 01:08 - 2014-04-28 01:08 - 00262192 _____ () C:\Windows\Minidump\042814-46328-01.dmp
2014-04-28 01:06 - 2013-12-17 09:36 - 29339936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 22104352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 15930288 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 15699056 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 13656024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 12947384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 11311392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-04-28 01:06 - 2013-12-17 09:36 - 09281544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 07721112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 07598080 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 06330064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 02971424 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 02789664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 02367776 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 02007840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432762.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432762.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00458528 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00388384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-04-28 01:06 - 2013-12-17 09:36 - 00032544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-04-28 01:03 - 2014-04-28 01:03 - 00003132 _____ () C:\Windows\System32\Tasks\USER_ESRV_SVC
2014-04-28 01:03 - 2014-04-28 01:03 - 00002060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care (Desktop).lnk
2014-04-28 01:03 - 2014-04-28 01:03 - 00001992 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Manual.lnk
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Schach\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Schach
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\rahel_000\AppData\Roaming\iolo
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Gast
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Administrator
2014-04-25 17:46 - 2014-04-25 17:46 - 00295656 _____ () C:\Windows\Minidump\042514-35578-01.dmp
2014-04-25 17:43 - 2014-04-25 17:43 - 02143832 _____ () C:\Users\rahel_000\Downloads\instsf449.exe
2014-04-25 17:36 - 2014-04-25 17:37 - 00292104 _____ () C:\Windows\Minidump\042514-36828-01.dmp
2014-04-25 17:35 - 2014-04-25 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-04-25 17:35 - 2014-04-25 17:44 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-04-24 13:04 - 2014-04-24 13:51 - 00000000 ____D () C:\Users\Fuchs\Documents\Matur
==================== One Month Modified Files and Folders =======
2014-05-24 08:52 - 2014-05-21 22:26 - 00023997 _____ () C:\Users\rahel_000\Desktop\FRST.txt
2014-05-24 08:52 - 2014-05-21 22:03 - 00000000 ____D () C:\FRST
2014-05-24 08:51 - 2014-03-31 22:19 - 00000000 ____D () C:\Users\rahel_000\AppData\Roaming\ClassicShell
2014-05-24 08:48 - 2014-05-24 08:48 - 00854367 _____ () C:\Users\rahel_000\Desktop\SecurityCheck.exe
2014-05-24 08:15 - 2014-03-30 01:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-24 08:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-05-24 04:14 - 2014-03-29 22:04 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1446757697-2309439942-254719417-1002
2014-05-24 04:10 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-05-24 00:22 - 2014-01-26 09:20 - 00801394 _____ () C:\Windows\system32\perfh00C.dat
2014-05-24 00:22 - 2014-01-26 09:20 - 00158846 _____ () C:\Windows\system32\perfc00C.dat
2014-05-24 00:22 - 2014-01-26 09:10 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-05-24 00:22 - 2014-01-26 09:10 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-05-24 00:22 - 2013-09-13 23:06 - 02737336 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-24 00:20 - 2014-05-24 00:19 - 02347384 _____ (ESET) C:\Users\rahel_000\Downloads\esetsmartinstaller_deu.exe
2014-05-24 00:19 - 2013-08-22 16:46 - 00020584 _____ () C:\Windows\setupact.log
2014-05-24 00:11 - 2014-03-30 01:44 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\ClassicShell
2014-05-24 00:10 - 2014-03-30 00:56 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Adobe
2014-05-22 23:24 - 2014-03-30 01:55 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-22 23:18 - 2014-01-26 01:52 - 01213945 _____ () C:\Windows\WindowsUpdate.log
2014-05-22 23:16 - 2014-03-30 01:01 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1446757697-2309439942-254719417-1005
2014-05-22 23:15 - 2014-03-30 00:58 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6EB015A1-94C7-4988-A780-46552CF01F96}
2014-05-22 22:26 - 2014-05-22 22:26 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Daedalic Entertainment GmbH
2014-05-22 22:26 - 2014-05-22 22:26 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-22 08:50 - 2014-05-21 22:34 - 00060443 _____ () C:\Users\rahel_000\Downloads\FRST.txt
2014-05-22 08:48 - 2014-05-22 08:48 - 00000750 _____ () C:\Users\rahel_000\Desktop\JRT.txt
2014-05-22 08:42 - 2014-05-22 08:42 - 00000000 ____D () C:\Windows\ERUNT
2014-05-22 08:39 - 2014-05-22 08:39 - 01016261 _____ (Thisisu) C:\Users\rahel_000\Downloads\JRT.exe
2014-05-22 08:39 - 2014-05-22 08:39 - 00005871 _____ () C:\Users\rahel_000\Desktop\AdwCleaner[S0].txt
2014-05-22 08:36 - 2013-09-13 23:00 - 00010174 _____ () C:\Windows\PFRO.log
2014-05-22 08:36 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-22 08:35 - 2014-05-22 08:32 - 00000000 ____D () C:\AdwCleaner
2014-05-22 08:32 - 2014-05-22 08:31 - 01326389 _____ () C:\Users\rahel_000\Desktop\adwcleaner_3.210.exe
2014-05-22 08:31 - 2014-05-22 08:31 - 00004566 _____ () C:\Users\rahel_000\Desktop\mbam.txt
2014-05-22 08:29 - 2014-05-22 08:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-22 08:13 - 2014-05-22 08:13 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-22 08:13 - 2014-05-22 08:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-22 08:13 - 2014-05-22 08:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-22 08:13 - 2014-05-22 08:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-22 08:11 - 2014-05-22 08:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\rahel_000\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-22 08:07 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-05-22 07:53 - 2014-05-22 07:53 - 00001280 _____ () C:\Users\rahel_000\Desktop\Revo Uninstaller.lnk
2014-05-22 07:53 - 2014-05-22 07:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-22 07:52 - 2014-05-22 07:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\rahel_000\Downloads\revosetup95.exe
2014-05-22 00:30 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-05-21 23:28 - 2014-05-21 22:14 - 00009961 _____ () C:\Users\rahel_000\Desktop\gmer.txt
2014-05-21 23:27 - 2014-05-21 21:17 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\NPE
2014-05-21 23:16 - 2014-04-23 17:41 - 00000000 ____D () C:\Update
2014-05-21 23:09 - 2014-05-21 22:53 - 00000000 ____D () C:\NPE
2014-05-21 23:06 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-05-21 23:04 - 2014-05-21 23:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-21 23:04 - 2014-05-21 23:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-21 23:04 - 2014-05-21 23:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-21 23:04 - 2014-05-21 23:04 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-21 23:04 - 2014-05-21 23:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-21 23:04 - 2014-05-21 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-21 23:04 - 2014-05-21 23:04 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-21 23:03 - 2014-05-21 23:03 - 00921512 _____ (Oracle Corporation) C:\Users\rahel_000\Downloads\jxpiinstall.exe
2014-05-21 23:02 - 2014-05-21 23:02 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-05-21 23:02 - 2014-01-26 02:01 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2014-05-21 23:02 - 2014-01-26 01:58 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-05-21 23:01 - 2014-01-26 09:30 - 00000000 ____D () C:\Program Files\Sony
2014-05-21 23:01 - 2014-01-26 01:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-21 22:56 - 2014-05-21 22:56 - 00980106 _____ () C:\Users\rahel_000\Desktop\Info20140521225334.xml
2014-05-21 22:51 - 2014-05-21 22:51 - 03077584 ____N (Symantec Corporation) C:\Users\rahel_000\Downloads\NPE.exe
2014-05-21 22:35 - 2014-05-21 22:35 - 00045387 _____ () C:\Users\rahel_000\Desktop\Addition.txt
2014-05-21 22:28 - 2014-03-30 02:05 - 00000000 ____D () C:\Users\rahel_000\AppData\Roaming\HpUpdate
2014-05-21 22:25 - 2014-05-21 22:25 - 02067456 _____ (Farbar) C:\Users\rahel_000\Desktop\FRST64.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00380416 _____ () C:\Users\rahel_000\Downloads\Gmer-19357.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00050477 _____ () C:\Users\rahel_000\Downloads\Defogger.exe
2014-05-21 22:25 - 2014-05-21 22:25 - 00000474 _____ () C:\Users\rahel_000\Desktop\defogger_disable.log
2014-05-21 22:22 - 2014-03-29 22:01 - 00000000 ___RD () C:\Users\rahel_000\SkyDrive
2014-05-21 22:22 - 2014-03-29 21:57 - 00000000 ___RD () C:\Users\rahel_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-21 22:22 - 2014-03-29 21:57 - 00000000 ___RD () C:\Users\rahel_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-21 22:10 - 2014-03-30 01:50 - 00154112 ___SH () C:\Users\Fuchs\Downloads\Thumbs.db
2014-05-21 22:06 - 2014-05-21 22:06 - 00380416 _____ () C:\Users\Fuchs\Downloads\Gmer-19357.exe
2014-05-21 22:02 - 2014-05-21 22:02 - 02067456 _____ (Farbar) C:\Users\Fuchs\Downloads\FRST64(1).exe
2014-05-21 22:00 - 2014-05-21 22:00 - 00576495 _____ () C:\Users\Fuchs\Downloads\FRST64.exe
2014-05-21 22:00 - 2014-05-21 22:00 - 00000000 _____ () C:\Users\rahel_000\defogger_reenable
2014-05-21 22:00 - 2014-03-29 21:55 - 00000000 ____D () C:\Users\rahel_000
2014-05-21 21:59 - 2014-05-21 21:59 - 00050477 _____ () C:\Users\Fuchs\Downloads\Defogger.exe
2014-05-21 21:18 - 2014-03-29 23:16 - 00000000 ____D () C:\ProgramData\Norton
2014-05-21 21:17 - 2014-05-21 21:17 - 03077584 ____N (Symantec Corporation) C:\Users\Fuchs\Downloads\NPE.exe
2014-05-21 19:07 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-21 19:04 - 2014-03-30 00:56 - 00000000 ____D () C:\Users\Fuchs
2014-05-18 21:12 - 2014-03-29 23:18 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-18 02:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-16 23:12 - 2014-03-30 10:31 - 00000000 ____D () C:\ProgramData\Origin
2014-05-16 23:12 - 2014-03-30 10:31 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-16 21:19 - 2014-05-16 21:19 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-16 21:19 - 2014-01-26 02:25 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-05-16 21:18 - 2014-05-16 21:18 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\WildTangent
2014-05-16 21:18 - 2014-01-26 02:25 - 00000000 ____D () C:\ProgramData\WildTangent
2014-05-16 20:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-16 16:49 - 2014-03-30 00:56 - 00000000 ___RD () C:\Users\Fuchs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 16:49 - 2014-03-30 00:56 - 00000000 ___RD () C:\Users\Fuchs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 01:01 - 2014-05-16 01:01 - 00000000 ____D () C:\5a79d5eb9d2d0944646633
2014-05-16 01:01 - 2014-03-30 00:06 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 22:24 - 2014-03-30 03:04 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\Apple Computer
2014-05-14 20:15 - 2014-04-28 18:58 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-14 20:15 - 2014-03-30 01:25 - 00003766 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 20:03 - 2014-03-30 00:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-12 07:26 - 2014-05-22 08:13 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-22 08:13 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-22 08:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-12 00:57 - 2014-03-30 10:28 - 00000000 ____D () C:\Users\Fuchs\Documents\Französisch
2014-05-11 19:54 - 2014-05-10 18:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-11 14:39 - 2014-03-30 00:56 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Packages
2014-05-10 18:48 - 2014-05-10 16:24 - 00001310 _____ () C:\Users\Public\Desktop\WildStar.lnk
2014-05-10 16:24 - 2014-05-10 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2014-05-10 16:24 - 2014-05-10 16:24 - 00000000 ____D () C:\Program Files (x86)\NCSOFT
2014-05-10 16:22 - 2014-05-10 16:22 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\NCSOFT
2014-05-10 16:22 - 2014-05-10 16:22 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\NCSOFT
2014-05-10 16:11 - 2014-05-10 16:11 - 10527224 _____ (NCSOFT) C:\Users\Fuchs\Downloads\Wildstar(2).exe
2014-05-10 16:07 - 2014-05-10 16:07 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-05-10 16:07 - 2014-03-30 10:38 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\Origin
2014-05-10 16:07 - 2014-03-30 10:37 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Origin
2014-05-07 00:12 - 2014-04-10 21:11 - 00000000 ____D () C:\ProgramData\CyberLink
2014-05-06 18:22 - 2014-03-30 13:46 - 00080997 _____ () C:\Windows\DirectX.log
2014-05-06 18:06 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-06 06:40 - 2014-05-15 18:37 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:25 - 2014-05-15 18:37 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:00 - 2014-05-15 18:37 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 18:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 00:23 - 2014-05-04 00:23 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-05-02 15:10 - 2014-05-02 15:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 15:10 - 2014-05-02 15:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-01 22:30 - 2013-08-22 17:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 22:30 - 2013-08-22 17:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-01 13:53 - 2014-05-01 13:53 - 00000000 ____D () C:\Users\Fuchs\AppData\Local\Introversion
2014-04-28 03:08 - 2014-04-28 03:08 - 00000000 ____D () C:\Users\rahel_000\AppData\Local\CrashDumps
2014-04-28 01:28 - 2014-01-26 02:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home
2014-04-28 01:08 - 2014-04-28 01:08 - 00262192 _____ () C:\Windows\Minidump\042814-46328-01.dmp
2014-04-28 01:08 - 2014-04-02 17:52 - 774908773 _____ () C:\Windows\MEMORY.DMP
2014-04-28 01:08 - 2014-04-02 17:52 - 00000000 ____D () C:\Windows\Minidump
2014-04-28 01:08 - 2014-01-26 01:52 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-04-28 01:08 - 2014-01-26 01:52 - 00000000 ____D () C:\Windows\system32\NV
2014-04-28 01:08 - 2014-01-26 01:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-28 01:03 - 2014-04-28 01:03 - 00003132 _____ () C:\Windows\System32\Tasks\USER_ESRV_SVC
2014-04-28 01:03 - 2014-04-28 01:03 - 00002060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care (Desktop).lnk
2014-04-28 01:03 - 2014-04-28 01:03 - 00001992 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Manual.lnk
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Schach\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Schach
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\rahel_000\AppData\Roaming\iolo
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Gast
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-04-28 01:03 - 2014-04-28 01:03 - 00000000 ____D () C:\Users\Administrator
2014-04-28 01:03 - 2014-01-26 01:58 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-04-28 01:03 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-04-28 01:01 - 2014-01-26 02:35 - 00013792 _____ () C:\Windows\system32\Drivers\semav6thermal64ro.sys
2014-04-27 00:47 - 2014-03-30 01:52 - 00000000 ____D () C:\Users\Fuchs\AppData\Roaming\Skype
2014-04-25 17:52 - 2014-04-25 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-04-25 17:46 - 2014-04-25 17:46 - 00295656 _____ () C:\Windows\Minidump\042514-35578-01.dmp
2014-04-25 17:44 - 2014-04-25 17:35 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-04-25 17:43 - 2014-04-25 17:43 - 02143832 _____ () C:\Users\rahel_000\Downloads\instsf449.exe
2014-04-25 17:37 - 2014-04-25 17:36 - 00292104 _____ () C:\Windows\Minidump\042514-36828-01.dmp
2014-04-24 13:51 - 2014-04-24 13:04 - 00000000 ____D () C:\Users\Fuchs\Documents\Matur
Some content of TEMP:
====================
C:\Users\Fuchs\AppData\Local\Temp\COMAP.EXE
C:\Users\Fuchs\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\rahel_000\AppData\Local\Temp\ClassicShellSetup_4_0_4.exe
C:\Users\rahel_000\AppData\Local\Temp\COMAP.EXE
C:\Users\rahel_000\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\rahel_000\AppData\Local\Temp\Quarantine.exe
C:\Users\rahel_000\AppData\Local\Temp\readSTILog.dll
C:\Users\rahel_000\AppData\Local\Temp\sdanircmdc.exe
C:\Users\rahel_000\AppData\Local\Temp\sdapskill.exe
C:\Users\rahel_000\AppData\Local\Temp\sdaspwn.exe
C:\Users\rahel_000\AppData\Local\Temp\sfamcc00001.dll
C:\Users\rahel_000\AppData\Local\Temp\sfareca00001.dll
C:\Users\rahel_000\AppData\Local\Temp\sfextra.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-21 19:34
==================== End Of Log ============================
--- --- --- |
|
25.05.2014, 06:17
| #6 |
| /// the machine /// TB-Ausbilder | Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen |
|
25.05.2014, 06:17
| #7 |
| /// the machine /// TB-Ausbilder | Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.05.2014, 21:24
| #8 |
| | Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen Vielen Dank für die tolle Hilfe! Alles ist erledigt und funktioniert wunderbar. Der Thread kann gerne aus deinen Abos gelöscht werden. |
|
26.05.2014, 19:44
| #9 |
| /// the machine /// TB-Ausbilder | Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 8.1: Trojan.ADH.2 lässt sich nicht entfernen |
| association, bingbar, canon, device driver, norton power eraser, onedrive, pup.optional.aztecmedia.a, pup.optional.defaultsearch.a, pup.optional.linkey.a, pup.optional.settingsmanager.a, pup.optional.softonic.a, schach, services.exe, svchost.exe, trojan.adh.2, vonteera, win32/cnetinstaller.b, win32/downloadsponsor.a, win32/installiq.a, win32/somoto.a, win32/toolbar.searchsuite.q, windows 8.1, wscript.exe, xperia |
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
Linear-Darstellung
