Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Fake Telekom Rechnung leider downgeloadet und geöffnet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.11.2014, 18:34   #1
Lions
 
Fake Telekom Rechnung leider downgeloadet und geöffnet - Standard

Fake Telekom Rechnung leider downgeloadet und geöffnet



Hallo ihr lieben guten Leute vom Trojaner-Board,

wir haben aus Versehen eine gefakte Rechnung von der Telekom geöffnet und den Anhang runtergeladen. War ein ZIP-Archiv.
Beim Öffnen des ZIP-Archivs wurde das Öffnen abgelehnt mit dem Hinweis, daß die Datei nicht aus einer Vertrauenswürdigen Quelle kommt. (zum Glück)

Jetzt bin ich aber trotzdem unsicher, ob nicht doch schon irgendetwas auf dem Rechner passiert ist.

Könnt Ihr mir bitte helfen ?

1000 Dank! Lions

Alt 26.11.2014, 18:50   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Fake Telekom Rechnung leider downgeloadet und geöffnet - Standard

Fake Telekom Rechnung leider downgeloadet und geöffnet



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 26.11.2014, 19:08   #3
Lions
 
Fake Telekom Rechnung leider downgeloadet und geöffnet - Standard

Fake Telekom Rechnung leider downgeloadet und geöffnet



#
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by Caterina (administrator) on CATERINARAINER on 26-11-2014 19:58:30
Running from C:\Users\Caterina\Desktop
Loaded Profiles: UpdatusUser & Caterina &  (Available profiles: UpdatusUser & Caterina & Internet)
Platform: Windows 8 (X64) OS Language: German (Germany)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(McAfee, Inc.) C:\Program Files\McAfeeEx\MOCP\core\OcpTray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [10590208 2013-03-14] (Broadcom Corporation)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-11] (Realtek Semiconductor)
HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [526704 2012-12-14] (Broadcom Corporation.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3039984 2013-03-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740376 2013-02-06] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-02-19] (Intel Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe [644656 2013-08-17] (McAfee, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [148888 2014-09-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1112274420-4084008991-2802509019-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784904 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1112274420-4084008991-2802509019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784904 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1112274420-4084008991-2802509019-1002\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784904 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1112274420-4084008991-2802509019-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784904 2014-10-14] (Sandboxie Holdings, LLC)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-05-03] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-05-03] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Parental Controls.lnk
ShortcutTarget: McAfee Parental Controls.lnk -> C:\Program Files\McAfeeEx\MOCP\core\OcpTray.exe (McAfee, Inc.)
Startup: C:\Users\Caterina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 4500 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1112274420-4084008991-2802509019-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://sony13.msn.com
HKU\S-1-5-21-1112274420-4084008991-2802509019-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com
HKU\S-1-5-21-1112274420-4084008991-2802509019-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-1112274420-4084008991-2802509019-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-1112274420-4084008991-2802509019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://sony13.msn.com
HKU\S-1-5-21-1112274420-4084008991-2802509019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com
HKU\S-1-5-21-1112274420-4084008991-2802509019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-1112274420-4084008991-2802509019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-1112274420-4084008991-2802509019-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://sony13.msn.com
HKU\S-1-5-21-1112274420-4084008991-2802509019-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com
HKU\S-1-5-21-1112274420-4084008991-2802509019-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-1112274420-4084008991-2802509019-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-1112274420-4084008991-2802509019-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://sony13.msn.com
HKU\S-1-5-21-1112274420-4084008991-2802509019-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com
HKU\S-1-5-21-1112274420-4084008991-2802509019-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-1112274420-4084008991-2802509019-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1112274420-4084008991-2802509019-1001 -> DefaultScope {69EFC273-27EE-4A94-8E1E-55E8E5A2F60A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS
SearchScopes: HKU\S-1-5-21-1112274420-4084008991-2802509019-1001 -> {69EFC273-27EE-4A94-8E1E-55E8E5A2F60A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS
SearchScopes: HKU\S-1-5-21-1112274420-4084008991-2802509019-1001 -> {6DF86BCA-261F-4365-837E-52CEC9139C85} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1112274420-4084008991-2802509019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {69EFC273-27EE-4A94-8E1E-55E8E5A2F60A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS
SearchScopes: HKU\S-1-5-21-1112274420-4084008991-2802509019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {69EFC273-27EE-4A94-8E1E-55E8E5A2F60A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS
SearchScopes: HKU\S-1-5-21-1112274420-4084008991-2802509019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6DF86BCA-261F-4365-837E-52CEC9139C85} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1112274420-4084008991-2802509019-1002 -> DefaultScope {69EFC273-27EE-4A94-8E1E-55E8E5A2F60A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS
SearchScopes: HKU\S-1-5-21-1112274420-4084008991-2802509019-1002 -> {69EFC273-27EE-4A94-8E1E-55E8E5A2F60A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS
SearchScopes: HKU\S-1-5-21-1112274420-4084008991-2802509019-1002 -> {6DF86BCA-261F-4365-837E-52CEC9139C85} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1112274420-4084008991-2802509019-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {69EFC273-27EE-4A94-8E1E-55E8E5A2F60A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS
SearchScopes: HKU\S-1-5-21-1112274420-4084008991-2802509019-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {69EFC273-27EE-4A94-8E1E-55E8E5A2F60A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS
SearchScopes: HKU\S-1-5-21-1112274420-4084008991-2802509019-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6DF86BCA-261F-4365-837E-52CEC9139C85} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Caterina\AppData\Roaming\Mozilla\Firefox\Profiles\1z1vcxdc.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1112274420-4084008991-2802509019-1002: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF Plugin HKU\S-1-5-21-1112274420-4084008991-2802509019-1002: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
FF Plugin HKU\S-1-5-21-1112274420-4084008991-2802509019-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF Plugin HKU\S-1-5-21-1112274420-4084008991-2802509019-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [995064 2014-11-18] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2227992 2013-01-23] (Broadcom Corporation.)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-10-07] (WildTangent)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129824 2013-01-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166688 2013-01-23] (Intel Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McSchedulerSvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-15] (McAfee, Inc.)
S3 mfeicfcoreocp; C:\Program Files\McAfeeEx\MOCP\core\mfeicfcore.exe [2782392 2013-12-31] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-11-15] (McAfee, Inc.)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-02-06] (Sony Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [6070272 2013-03-14] (Broadcom Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43064 2014-10-15] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [169240 2013-01-23] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8469680 2014-03-12] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-15] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-15] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-15] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782360 2013-11-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-15] (McAfee, Inc.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-14] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-26 19:58 - 2014-11-26 19:59 - 00022480 _____ () C:\Users\Caterina\Desktop\FRST.txt
2014-11-26 19:58 - 2014-11-26 19:58 - 00000000 ____D () C:\FRST
2014-11-26 19:56 - 2014-11-26 19:56 - 02117632 _____ (Farbar) C:\Users\Caterina\Desktop\FRST64.exe
2014-11-25 20:23 - 2014-11-19 08:29 - 00582552 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
2014-11-25 20:23 - 2014-11-19 08:29 - 00462760 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-11-24 03:10 - 2014-11-24 03:10 - 00000000 ___RD () C:\Users\Caterina\Documents\HP Photo Creations
2014-11-24 03:10 - 2014-11-24 03:10 - 00000000 ____D () C:\Users\Caterina\AppData\Roaming\Visan
2014-11-24 03:09 - 2014-11-26 19:38 - 00000374 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-11-24 03:09 - 2014-11-24 03:10 - 00003362 _____ () C:\Windows\System32\Tasks\HP Photo Creations Communicator
2014-11-24 03:09 - 2014-11-24 03:10 - 00001995 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-11-24 03:01 - 2014-11-24 03:03 - 43243600 _____ (HP) C:\Users\Caterina\Downloads\hppc-ics.12992.exe
2014-11-18 19:48 - 2014-11-08 12:22 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 19:48 - 2014-11-08 12:21 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 19:48 - 2014-11-08 07:57 - 00187904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 19:48 - 2014-11-08 07:56 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 03:01 - 2014-11-18 03:02 - 44011875 _____ () C:\Users\Caterina\Downloads\catalogo
2014-11-18 01:23 - 2014-11-18 01:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-14 18:50 - 2014-11-23 22:31 - 00026696 _____ () C:\Users\Caterina\Desktop\10_1 Thermodynamik GG.ods
2014-11-13 18:07 - 2014-11-13 18:23 - 00011991 _____ () C:\Users\Caterina\Desktop\barklays.odt
2014-11-12 22:52 - 2014-11-12 22:52 - 00041289 _____ () C:\Users\Caterina\Downloads\rep08temperatur
2014-11-12 16:39 - 2014-09-25 00:29 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 16:39 - 2014-09-25 00:29 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-11-12 16:39 - 2014-09-25 00:01 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 16:39 - 2014-09-25 00:01 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-11-12 16:39 - 2014-09-13 07:24 - 02233152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-12 16:39 - 2014-09-06 01:46 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-11-12 16:39 - 2014-09-03 03:48 - 00457728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-11-12 16:39 - 2014-09-03 03:48 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2014-11-12 16:39 - 2014-09-03 03:22 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2014-11-12 16:39 - 2014-09-03 03:21 - 00623104 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-11-12 16:39 - 2014-09-03 03:21 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-11-12 16:39 - 2014-08-29 05:17 - 02043392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-11-12 16:39 - 2014-08-29 05:17 - 00227328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-11-12 16:39 - 2014-08-29 05:04 - 02837504 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-11-12 16:39 - 2014-08-29 05:04 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-11-12 16:39 - 2014-08-28 07:04 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSCOMEX.dll
2014-11-12 16:39 - 2014-08-28 07:04 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-11-12 16:39 - 2014-08-28 06:59 - 00616448 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-11-12 16:39 - 2014-08-28 06:59 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-11-12 16:39 - 2014-08-28 06:59 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\FXSTIFF.dll
2014-11-12 16:39 - 2014-08-28 06:59 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\FXST30.dll
2014-11-12 16:39 - 2014-08-22 00:56 - 01418752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 16:39 - 2014-08-22 00:27 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 16:39 - 2014-07-24 14:12 - 00328512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-11-12 16:38 - 2014-10-23 13:47 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 16:38 - 2014-10-23 12:04 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 16:38 - 2014-10-18 09:44 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 16:38 - 2014-10-18 08:05 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 16:38 - 2014-10-11 09:35 - 00171840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 16:38 - 2014-10-11 08:45 - 10115072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-11-12 16:38 - 2014-10-11 08:44 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-12 16:38 - 2014-10-11 08:44 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 16:38 - 2014-10-11 08:44 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-11-12 16:38 - 2014-10-11 08:44 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-12 16:38 - 2014-10-11 08:43 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-12 16:38 - 2014-10-11 08:43 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 16:38 - 2014-10-11 06:58 - 08858624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-11-12 16:38 - 2014-10-11 06:57 - 02416640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 16:38 - 2014-10-11 06:57 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-11-12 16:38 - 2014-10-11 06:57 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-12 16:38 - 2014-10-11 06:56 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-12 16:38 - 2014-10-11 06:41 - 00713728 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 16:38 - 2014-10-11 06:41 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 16:38 - 2014-10-11 06:05 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 16:38 - 2014-10-11 06:04 - 00713728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 16:38 - 2014-10-03 02:21 - 00522728 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 16:38 - 2014-10-02 23:29 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 16:38 - 2014-10-02 23:29 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 16:38 - 2014-10-02 23:29 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-11-12 16:38 - 2014-10-02 00:05 - 04068864 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 16:37 - 2014-10-26 02:56 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 16:37 - 2014-10-26 02:56 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 16:37 - 2014-10-26 02:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-11-12 16:37 - 2014-10-26 02:56 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-11-12 16:37 - 2014-10-26 02:56 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 16:37 - 2014-10-26 02:55 - 19284480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 16:37 - 2014-10-26 02:55 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 16:37 - 2014-10-26 02:55 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 16:37 - 2014-10-26 02:55 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 16:37 - 2014-10-26 02:54 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 16:37 - 2014-10-26 02:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 16:37 - 2014-10-26 02:54 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 16:37 - 2014-10-26 02:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 16:37 - 2014-10-26 02:54 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 16:37 - 2014-10-26 02:54 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 16:37 - 2014-10-26 02:54 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 16:37 - 2014-10-26 02:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-12 16:37 - 2014-10-26 02:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 16:37 - 2014-10-26 02:54 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 16:37 - 2014-10-26 02:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 16:37 - 2014-10-26 02:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 16:37 - 2014-10-26 01:36 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 16:37 - 2014-10-26 01:35 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 16:37 - 2014-10-26 01:35 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 16:37 - 2014-10-26 01:35 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 16:37 - 2014-10-26 01:35 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 16:37 - 2014-10-26 01:35 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 16:37 - 2014-10-26 01:35 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-11-12 16:37 - 2014-10-26 01:34 - 13758464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 16:37 - 2014-10-26 01:34 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 16:37 - 2014-10-26 01:34 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 16:37 - 2014-10-26 01:34 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 16:37 - 2014-10-26 01:34 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-12 16:37 - 2014-10-26 01:34 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 16:37 - 2014-10-26 01:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 16:37 - 2014-10-26 01:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 16:37 - 2014-10-26 01:34 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-12 16:37 - 2014-10-26 01:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 16:37 - 2014-10-26 01:34 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 16:37 - 2014-09-22 06:53 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-11-12 16:37 - 2014-08-26 23:08 - 00270024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-11-12 16:36 - 2014-10-26 01:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 16:36 - 2014-10-26 01:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 16:36 - 2014-10-26 01:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 16:36 - 2014-10-25 22:48 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-11-11 18:34 - 2014-11-11 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-11-09 18:53 - 2014-11-09 18:53 - 00012318 _____ () C:\Users\Caterina\Desktop\must_initiate.xlsx
2014-11-05 23:09 - 2014-11-05 23:09 - 01125200 _____ () C:\Users\Caterina\Downloads\PDF24 Creator - CHIP-Installer.exe
2014-11-02 03:03 - 2014-11-03 02:22 - 00000000 ____D () C:\Windows\system32\AutoUpdateLicense
2014-10-30 21:19 - 2014-10-22 04:34 - 00010777 _____ () C:\Windows\system32\AutoconfigV2.cab
2014-10-30 21:19 - 2014-10-22 02:08 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-10-30 21:19 - 2014-10-22 02:08 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-30 21:19 - 2014-10-22 02:01 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-10-30 21:19 - 2014-10-22 02:01 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-10-30 21:19 - 2014-10-22 02:01 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-30 21:19 - 2014-10-22 02:00 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-26 19:56 - 2013-08-16 04:53 - 00000000 ____D () C:\ProgramData\MOCP
2014-11-26 19:02 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-11-26 18:42 - 2014-08-18 22:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-26 17:49 - 2014-08-18 22:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-26 17:49 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-26 17:14 - 2014-08-18 22:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-26 17:14 - 2013-11-30 18:26 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-25 20:30 - 2013-08-16 03:38 - 01265680 _____ () C:\Windows\WindowsUpdate.log
2014-11-25 20:30 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-24 17:56 - 2013-08-16 04:27 - 00757416 _____ () C:\Windows\system32\perfh007.dat
2014-11-24 17:56 - 2013-08-16 04:27 - 00159916 _____ () C:\Windows\system32\perfc007.dat
2014-11-24 17:56 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-24 03:10 - 2014-01-13 22:27 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-11-24 03:09 - 2014-01-13 22:27 - 00000000 ____D () C:\ProgramData\Visan
2014-11-24 00:16 - 2014-07-19 20:42 - 00000000 ____D () C:\Users\Caterina\Desktop\Laura
2014-11-23 22:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-23 17:42 - 2014-02-06 11:43 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-11-23 17:42 - 2014-02-06 11:43 - 00001090 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-11-23 09:29 - 2012-07-26 06:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-11-21 21:57 - 2014-01-12 15:20 - 00002068 _____ () C:\Windows\Sandboxie.ini
2014-11-20 21:56 - 2014-10-18 22:07 - 00713672 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-20 21:56 - 2014-10-18 22:07 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-20 20:54 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-11-20 20:25 - 2013-10-11 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-20 20:25 - 2012-08-03 03:22 - 00219914 _____ () C:\Windows\PFRO.log
2014-11-18 23:55 - 2014-08-18 22:53 - 00000000 ____D () C:\Users\Caterina\AppData\Local\Adobe
2014-11-18 14:40 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-11-17 17:32 - 2013-10-11 18:10 - 00000000 ____D () C:\Users\Caterina\AppData\Roaming\Skype
2014-11-13 19:08 - 2014-10-24 15:33 - 00355384 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 19:05 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2014-11-13 19:05 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-13 19:05 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-13 19:05 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-13 19:05 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-12 17:21 - 2013-11-11 22:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 17:19 - 2013-11-11 22:54 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-10 11:48 - 2014-10-18 22:09 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-10 11:48 - 2013-11-11 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-10 11:48 - 2013-11-11 21:59 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-10 11:48 - 2013-08-16 04:16 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-06 17:38 - 2014-02-16 10:21 - 00000000 ____D () C:\Users\Caterina\Desktop\TUM
2014-11-03 19:52 - 2014-05-26 17:00 - 00000000 ____D () C:\Users\Caterina\Desktop\Mausl
2014-11-02 03:03 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-10-27 17:34 - 2013-10-11 17:51 - 00000000 ____D () C:\Update

Some content of TEMP:
====================
C:\Users\Caterina\AppData\Local\Temp\avgnt.exe
C:\Users\Caterina\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Caterina\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Caterina\AppData\Local\Temp\SandboxieInstall.exe
C:\Users\Caterina\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Caterina\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Internet\AppData\Local\Temp\avgnt.exe
C:\Users\TEMP\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 14:26

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


#FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
Ran by Caterina at 2014-11-26 19:59:34
Running from C:\Users\Caterina\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABET II (HKLM-x32\...\InstallShield_{173F186E-4D57-4A31-A9DD-093714B8DDD4}) (Version: 2.14.3833 - Lafayette Instrument Company)
ABET II (x32 Version: 2.14.3833 - Lafayette Instrument Company) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Avogadro (HKLM-x32\...\Avogadro) (Version: 1.1.1 - Humanity)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Behind The Reflection 2: Witch's Revenge (x32 Version: 3.0.2.32 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.181 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.59.125 - Broadcom Corporation)
Build-a-lot: On Vacation (x32 Version: 2.2.0.110 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2529 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.6201.52 - CyberLink Corp.)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
Einstellungen für VAIO Media Server (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.1.0.02220 - Sony Corporation)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
Enchanted Cavern 2 (x32 Version: 2.2.0.110 - WildTangent) Hidden
ESDL (x32 Version: 1.0.0 - Sony Corporation) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
FOTOParadies (HKLM-x32\...\{FD838798-E2CB-45FA-AF79-6011519031E2}}_is1) (Version: 3.5.7.5 - Foto Online Service GmbH)
Heroes of Hellas 3: Athens (x32 Version: 3.0.2.32 - WildTangent) Hidden
HP ENVY 4500 series Basic Device Software (HKLM\...\{2369F346-79DE-4D08-8999-AACFF6F41A6F}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.16432 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41800) (Version: 3.8.0.41800.66 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation)
Intel(R) PROSet/Wireless NFC-Software (HKLM\...\Intel(R) PROSet/Wireless NFC-Software) (Version: 1.0.1.003 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java(TM) 6 Update 12 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216012FF}) (Version: 6.0.120 - Sun Microsystems, Inc.)
KODAK Create@Home Software (für dm) (HKLM-x32\...\{43B8BDF6-13EC-44BE-9EDA-F284C4CA19A6}) (Version: 7.8.1392 - Eastman Kodak Company)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LibreOffice 4.1.2.3 (HKLM-x32\...\{DD3CB916-F91A-41B9-B276-CAC090E91021}) (Version: 4.1.2.3 - The Document Foundation)
Luxor HD (x32 Version: 2.2.0.110 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Parental Controls (HKLM-x32\...\MOCP) (Version: 3.2.226.1 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
My Kingdom for the Princess 3 (x32 Version: 2.2.0.110 - WildTangent) Hidden
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Networkx64 (Version: 1.0.0 - Sony Corporation) Hidden
No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
NVIDIA Grafiktreiber 311.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.46 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayMemories Home (HKLM-x32\...\{1E5C7043-09C5-4974-A69F-A5271FD82BBC}) (Version: 7.0.02.14060 - Sony Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Product Improvement Study for HP ENVY 4500 series (HKLM\...\{7D5D56E5-5869-4D0F-8D6C-6291004F9DF2}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7177 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.28135 - Realtek Semiconductor Corp.)
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
Rossmann Fotowelt Software 4.13 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.4.0.1 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.3.2.07020 - Sony Corporation)
VAIO BIOS Data Transfer Utility (x32 Version: 1.0.0.02050 - Sony Corporation) Hidden
VAIO Care (HKLM\...\{92907606-B2FC-4193-B0CE-A21159DA3ABB}) (Version: 8.4.0.14286 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{15B9204E-BA09-485E-8F2C-094AC0077664}) (Version: 1.1.2.13230 - Sony Corporation)
VAIO Care-Hardwarediagnose-Plugin (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.8.0.13250 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.2.0.03070 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.11.0.13250 - Sony Corporation)
VAIO Easy Connect (x32 Version: 8.2.0.14170 - Sony Corporation) Hidden
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.2.0.01230 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.2.0.01230 - Sony Corporation) Hidden
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.2.00.07040 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.1.00.14260 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.2.0.01240 - Sony Corporation)
VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.2.00.07040 - Sony Corporation)
VAIO Movie Creator (x32 Version: 4.1.01.15140 - Sony Corporation) Hidden
VAIO Sample Music (HKLM-x32\...\{FBEE3D44-0933-4B84-BB6A-49957F89187F}) (Version: 1.0.0.03051 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VAIO*CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.2.0.03050 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.9.0.11060 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32 - WildTangent) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.4900 - Broadcom Corporation)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1112274420-4084008991-2802509019-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1112274420-4084008991-2802509019-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1112274420-4084008991-2802509019-1002\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1112274420-4084008991-2802509019-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1112274420-4084008991-2802509019-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-1112274420-4084008991-2802509019-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)

==================== Restore Points  =========================

09-11-2014 16:21:01 Geplanter Prüfpunkt
18-11-2014 15:26:08 Geplanter Prüfpunkt
25-11-2014 19:28:59 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {063788AE-D929-4BD7-BE78-56BA40F64535} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {15609E0C-26F3-4E81-B7B2-4449A9FB9461} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {177499DC-E1BC-40F8-B163-F37B3D52433E} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2013-01-24] (Sony Corporation)
Task: {1D40FD7D-4F82-42F8-B7AC-68202664BDA6} - System32\Tasks\Sony Corporation\VAIO Care\UpdateContacts => %ProgramData%\Sony Corporation\VAIO Care\UpdateContacts.exe
Task: {1F1AF8A4-5CD1-4465-9BF8-56A67B0ABB4A} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {30E625A3-AE40-4DC7-8F71-22A856B39221} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-02-02] (Sony Corporation)
Task: {4318BFF9-B6FE-4033-90E2-1EA584B57890} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-03-08] (Sony Corporation)
Task: {683762F0-85E8-4CA9-89B8-E85E8AF9D540} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {73225BB3-BEFB-4205-95C8-26CCD8EC3218} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {75A5450A-E3A6-44CD-9321-AB0E49820866} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {7782AED5-74E8-45BA-92E8-B6A27FCD72CD} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {78123431-80EF-4211-B3C7-48D8D63FCBFE} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {8509FE27-2D5B-481A-81F4-396B5CD0EDEF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-11-12] (Microsoft Corporation)
Task: {865CDB9B-7CA6-4AE4-95DE-EB1FE581F29D} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-02-27] (Sony Corporation)
Task: {908AA828-04DE-4726-B44A-5E6F06656BF5} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2014-07-03] (Sony Corporation)
Task: {9754E879-81F3-4DA6-89A5-24990619957C} - System32\Tasks\Sony Corporation\VAIO Hardware Diagnostics\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2013-01-25] (Sony Corporation)
Task: {9C71AC3D-225E-42E7-A227-8BCF720E0FD3} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {9CA1062B-993F-4F12-A251-EC052DEDA7C3} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-11-24] ()
Task: {A12947B0-C517-4E96-A4B6-B931D07E5647} - System32\Tasks\{EB91CE94-8941-4AAD-82BD-AADABCA3B5E2} => Firefox.exe hxxp://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {A7FCA21B-F914-4338-9420-88D36056BEC5} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {B4484E40-0BE4-45E8-B340-3DE8A83C373D} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {B4ACBEAB-67F1-4BD9-868B-A5884A4EF8D3} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-02-02] (Sony Corporation)
Task: {C65B0356-31D6-404F-B2D1-1482DE77675F} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-03-08] (Sony Corporation)
Task: {C7109A5B-25FF-4A1C-BA11-82691E13F776} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2013-01-23] (Sony Corporation)
Task: {D2D4FCF1-7396-4B90-8200-7A91341B0AFA} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {E0D40F25-D709-465F-82DC-EBFA8E451711} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {E6473AFF-1914-4F79-BA4B-B6F19B611FF3} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {F215FC13-1C61-4740-BBBE-1DB571B87375} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {F989DE92-900B-4A9B-AD7F-EA9ADD5BDE09} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe

==================== Loaded Modules (whitelisted) =============

2012-12-14 13:27 - 2012-12-14 13:27 - 00049520 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2013-03-14 20:21 - 2013-03-14 04:31 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-08-16 04:17 - 2013-01-23 10:26 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-11-18 01:23 - 2014-11-18 01:23 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1112274420-4084008991-2802509019-500 - Administrator - Disabled)
Caterina (S-1-5-21-1112274420-4084008991-2802509019-1002 - Administrator - Enabled) => C:\Users\Caterina
Gast (S-1-5-21-1112274420-4084008991-2802509019-501 - Limited - Disabled)
Internet (S-1-5-21-1112274420-4084008991-2802509019-1003 - Limited - Enabled) => C:\Users\Internet
UpdatusUser (S-1-5-21-1112274420-4084008991-2802509019-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/26/2014 05:49:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Faulting module name: MCTASK~1.DLL, version: 1.8.115.0, time stamp: 0x52b87993
Exception code: 0x40000015
Fault offset: 0x000000000003d011
Faulting process ID: 0x80c
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report ID: McSvHost.exe3
Faulting package full name: McSvHost.exe4
Faulting package-relative application ID: McSvHost.exe5

Error: (11/23/2014 10:32:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: soffice.bin, version: 4.1.2.3, time stamp: 0x52491c38
Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000005
Fault offset: 0x00023e30
Faulting process ID: 0x14fc
Faulting application start time: 0xsoffice.bin0
Faulting application path: soffice.bin1
Faulting module path: soffice.bin2
Report ID: soffice.bin3
Faulting package full name: soffice.bin4
Faulting package-relative application ID: soffice.bin5

Error: (11/23/2014 10:12:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: soffice.bin, version: 4.1.2.3, time stamp: 0x52491c38
Faulting module name: svllo.dll, version: 4.1.2.3, time stamp: 0x52490b8d
Exception code: 0xc0000005
Fault offset: 0x00015e1b
Faulting process ID: 0x6ac
Faulting application start time: 0xsoffice.bin0
Faulting application path: soffice.bin1
Faulting module path: soffice.bin2
Report ID: soffice.bin3
Faulting package full name: soffice.bin4
Faulting package-relative application ID: soffice.bin5

Error: (11/20/2014 08:56:18 PM) (Source: Intel(R) PROSet/Wireless NFC Software) (EventID: 260) (User: )
Description: HECI-MEI communication failure.

Error: (11/13/2014 10:31:17 PM) (Source: Intel(R) PROSet/Wireless NFC Software) (EventID: 260) (User: )
Description: HECI-MEI communication failure.

Error: (11/10/2014 11:52:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: soffice.bin, version: 4.1.2.3, time stamp: 0x52491c38
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process ID: 0x9fc
Faulting application start time: 0xsoffice.bin0
Faulting application path: soffice.bin1
Faulting module path: soffice.bin2
Report ID: soffice.bin3
Faulting package full name: soffice.bin4
Faulting package-relative application ID: soffice.bin5

Error: (11/08/2014 11:47:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program soffice.bin version 4.1.2.3 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2edc

Start Time: 01cffb542536e3c1

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\LibreOffice 4\program\soffice.bin

Report Id: 39184ecd-6799-11e4-bf3e-0c84dced9272

Faulting package full name: 

Faulting package-relative application ID:

Error: (11/05/2014 00:21:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: soffice.bin, version: 4.1.2.3, time stamp: 0x52491c38
Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000005
Fault offset: 0x00023e30
Faulting process ID: 0x1af0
Faulting application start time: 0xsoffice.bin0
Faulting application path: soffice.bin1
Faulting module path: soffice.bin2
Report ID: soffice.bin3
Faulting package full name: soffice.bin4
Faulting package-relative application ID: soffice.bin5

Error: (11/02/2014 10:42:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: soffice.bin, version: 4.1.2.3, time stamp: 0x52491c38
Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000005
Fault offset: 0x00023e30
Faulting process ID: 0x1724
Faulting application start time: 0xsoffice.bin0
Faulting application path: soffice.bin1
Faulting module path: soffice.bin2
Report ID: soffice.bin3
Faulting package full name: soffice.bin4
Faulting package-relative application ID: soffice.bin5

Error: (10/29/2014 01:16:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BtStackServer.exe, version: 12.0.0.4900, time stamp: 0x50cba3ed
Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b4864c
Exception code: 0xc0000374
Fault offset: 0x00000000000e9e99
Faulting process ID: 0x1030
Faulting application start time: 0xBtStackServer.exe0
Faulting application path: BtStackServer.exe1
Faulting module path: BtStackServer.exe2
Report ID: BtStackServer.exe3
Faulting package full name: BtStackServer.exe4
Faulting package-relative application ID: BtStackServer.exe5


System errors:
=============
Error: (11/26/2014 05:52:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Energy Server Service service terminated with the following error: 
%%268439612

Error: (11/26/2014 05:50:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee PC Task Scheduler Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Neustart des Diensts.

Error: (11/26/2014 05:50:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect.

Error: (11/26/2014 05:49:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 17:21:17 on ‎26/‎11/‎2014 was unexpected.

Error: (11/23/2014 09:32:12 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Energy Server Service service terminated with the following error: 
%%268439612

Error: (11/23/2014 09:29:01 AM) (Source: SbieDrv) (EventID: 1412) (User: )
Description: SBIE1412 In text: [DefaultBox] \??\%SystemDrive%\Sandbox\%USER%\%SANDBOX%

Error: (11/23/2014 09:29:01 AM) (Source: SbieDrv) (EventID: 1406) (User: )
Description: SBIE1406 Missing or invalid expansion for SystemDrive:  [C0000189]

Error: (11/20/2014 08:28:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Energy Server Service service terminated with the following error: 
%%268439612

Error: (11/20/2014 08:24:44 PM) (Source: SbieDrv) (EventID: 1412) (User: )
Description: SBIE1412 In text: [DefaultBox] \??\%SystemDrive%\Sandbox\%USER%\%SANDBOX%

Error: (11/20/2014 08:24:44 PM) (Source: SbieDrv) (EventID: 1406) (User: )
Description: SBIE1406 Missing or invalid expansion for SystemDrive:  [C0000189]


Microsoft Office Sessions:
=========================
Error: (11/26/2014 05:49:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.051f7deaeMCTASK~1.DLL1.8.115.052b8799340000015000000000003d01180c01d00998f6db07faC:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exec:\PROGRA~1\mcafeeex\TASKSC~1\MCTASK~1.DLL3f01ece8-758c-11e4-bf46-0c84dced9272

Error: (11/23/2014 10:32:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: soffice.bin4.1.2.352491c38ntdll.dll6.2.9200.1704653b485c4c000000500023e3014fc01d006ff21477b85C:\Program Files (x86)\LibreOffice 4\program\soffice.binC:\Windows\SYSTEM32\ntdll.dll3d220663-7358-11e4-bf45-0c84dced9272

Error: (11/23/2014 10:12:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: soffice.bin4.1.2.352491c38svllo.dll4.1.2.352490b8dc000000500015e1b6ac01d006fafe0aa1afC:\Program Files (x86)\LibreOffice 4\program\soffice.binC:\Program Files (x86)\LibreOffice 4\program\svllo.dlle17283c9-72f0-11e4-bf45-0c84dced9272

Error: (11/20/2014 08:56:18 PM) (Source: Intel(R) PROSet/Wireless NFC Software) (EventID: 260) (User: )
Description: 

Error: (11/13/2014 10:31:17 PM) (Source: Intel(R) PROSet/Wireless NFC Software) (EventID: 260) (User: )
Description: 

Error: (11/10/2014 11:52:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: soffice.bin4.1.2.352491c38MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd9fc01cffd36ef7865feC:\Program Files (x86)\LibreOffice 4\program\soffice.binC:\Windows\SYSTEM32\MSVCR100.dll4ab31aab-692c-11e4-bf40-0c84dced9272

Error: (11/08/2014 11:47:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: soffice.bin4.1.2.32edc01cffb542536e3c14294967295C:\Program Files (x86)\LibreOffice 4\program\soffice.bin39184ecd-6799-11e4-bf3e-0c84dced9272

Error: (11/05/2014 00:21:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: soffice.bin4.1.2.352491c38ntdll.dll6.2.9200.1704653b485c4c000000500023e301af001cff85493552623C:\Program Files (x86)\LibreOffice 4\program\soffice.binC:\Windows\SYSTEM32\ntdll.dll3d604e7a-6479-11e4-bf3e-0c84dced9272

Error: (11/02/2014 10:42:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: soffice.bin4.1.2.352491c38ntdll.dll6.2.9200.1704653b485c4c000000500023e30172401cff69ecb76b0c3C:\Program Files (x86)\LibreOffice 4\program\soffice.binC:\Windows\SYSTEM32\ntdll.dll2bdc808c-62d9-11e4-bf3e-0c84dced9272

Error: (10/29/2014 01:16:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BtStackServer.exe12.0.0.490050cba3edntdll.dll6.2.9200.1704653b4864cc000037400000000000e9e99103001cff203ccc77648C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exeC:\Windows\SYSTEM32\ntdll.dll782b0ba8-5f65-11e4-bf3b-0c84dced9272


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU 2117U @ 1.80GHz
Percentage of memory in use: 40%
Total physical RAM: 3974.8 MB
Available physical RAM: 2356.75 MB
Total Pagefile: 5574.8 MB
Available Pagefile: 3584.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:438.04 GB) (Free:378.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 640B1719)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
--- --- ---

Danke Schrauber, daß du Dich meiner annimmst.
Sind das die richtigen zwei files ?
__________________

Alt 27.11.2014, 18:26   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Fake Telekom Rechnung leider downgeloadet und geöffnet - Standard

Fake Telekom Rechnung leider downgeloadet und geöffnet



sieht gut aus
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.11.2014, 18:53   #5
Lions
 
Fake Telekom Rechnung leider downgeloadet und geöffnet - Standard

Fake Telekom Rechnung leider downgeloadet und geöffnet



Danke Schrauber !

Heißt das, ich muß mir keine Sorgen machen ?
Und ich hab mir doch nichts eingefangen mit dem Öffnen dieser Email ?
Ist alles sauber ?


Alt 28.11.2014, 17:08   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Fake Telekom Rechnung leider downgeloadet und geöffnet - Standard

Fake Telekom Rechnung leider downgeloadet und geöffnet



genau, du musst die ZIP schon entpacken und den Inhalt mit Absicht ausführen damit was passiert
__________________
--> Fake Telekom Rechnung leider downgeloadet und geöffnet

Antwort

Themen zu Fake Telekom Rechnung leider downgeloadet und geöffnet
anhang, datei, fake, fehlercode 0x40000015, fehlercode 0xc0000005, fehlercode 0xc0000374, guten, hinweis, irgendetwas, leute, liebe, lieben, quelle, rechner, rechnung, telekom, telekom rechnung, troja, trojaner-board, unsicher, vertrauenswürdige



Ähnliche Themen: Fake Telekom Rechnung leider downgeloadet und geöffnet


  1. Telekom Deutschland - Fake Rechnung 13.11.2014
    Plagegeister aller Art und deren Bekämpfung - 01.12.2014 (21)
  2. Fake Telekom Rechnung geöffnet
    Log-Analyse und Auswertung - 01.12.2014 (29)
  3. Telekom Rechnung geöffnet..
    Plagegeister aller Art und deren Bekämpfung - 24.11.2014 (5)
  4. Telekom Rechnung auf Firmen-PC geöffnet
    Plagegeister aller Art und deren Bekämpfung - 24.11.2014 (1)
  5. Telekom Fake-Rechnung: Anhang geöffnet
    Log-Analyse und Auswertung - 17.11.2014 (7)
  6. Telekom Fake Rechnung geöffnet!
    Log-Analyse und Auswertung - 27.07.2014 (19)
  7. Windows 7: Anhang in Fake Telekom-Mail (Rechnung) geöffnet - Trojaner TR/Kryptik.vnyz gefunden
    Log-Analyse und Auswertung - 06.07.2014 (9)
  8. Trojaner durch Telekom-Rechnung-Fake eingefangen?
    Log-Analyse und Auswertung - 29.06.2014 (12)
  9. eventuell vodafone fake rechnung geöffnet
    Plagegeister aller Art und deren Bekämpfung - 19.06.2014 (13)
  10. Nach fake Telekom Rechnung, Onlinebanking gesperrt!
    Log-Analyse und Auswertung - 10.06.2014 (7)
  11. Email von Telekom mit Rechnung.pdf.exe geöffnet
    Plagegeister aller Art und deren Bekämpfung - 09.06.2014 (4)
  12. Fake Vodafone-Rechnung Link geöffnet
    Plagegeister aller Art und deren Bekämpfung - 21.01.2014 (3)
  13. Win 7: Anhang von Fake Telekom-Rechnung geöffnet. Trojanerinfektion
    Log-Analyse und Auswertung - 19.01.2014 (9)
  14. Anhang von Fake-Rechnung geöffnet
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (2)
  15. Anhang von Fake-Rechnung.zip geöffnet - Trojaner und Worms
    Log-Analyse und Auswertung - 15.03.2013 (15)
  16. Fake Vodafone Rechnung PDF geöffnet. Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 20.11.2012 (3)
  17. 1&1 Telekom PDF leider geöffnet
    Log-Analyse und Auswertung - 29.10.2012 (7)

Zum Thema Fake Telekom Rechnung leider downgeloadet und geöffnet - Hallo ihr lieben guten Leute vom Trojaner-Board, wir haben aus Versehen eine gefakte Rechnung von der Telekom geöffnet und den Anhang runtergeladen. War ein ZIP-Archiv. Beim Öffnen des ZIP-Archivs wurde - Fake Telekom Rechnung leider downgeloadet und geöffnet...
Archiv
Du betrachtest: Fake Telekom Rechnung leider downgeloadet und geöffnet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.