Hallo,

Ich schlage mich wirklich schon sehr lange mit dem problem herum, eigendlich bin ich ein sehr ''Forum-scheuer'' Mensch, aber da ich diesen Download Protector loswerden will, weil ich mich nicht traue wenn er da ist Überweisungen zu tätigen und ich hätte ihn doch gerne auch einfach so weg.

Ich hab schon CCleaner und adwcleaner ausprobiert jedoch leider kleine Found logs mehr.

L.G.

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Hallo,

FRST.txt :

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-06-2014
Ran by Heidi (administrator) on HEIDI-VAIO on 10-06-2014 20:28:00
Running from C:\Users\Heidi\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
( ) C:\Windows\System32\lxeccoms.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
() C:\Windows\System32\apj-ms-win-core-threadpool-l1-1-0.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
() C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
() C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\Admload.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-29] (Conexant Systems, Inc.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [790176 2011-03-31] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657056 2011-03-31] (Atheros Commnucations)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226672 2011-02-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [lxecmon.exe] => C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe [770728 2010-05-17] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe [148280 2010-05-17] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-926935795-3690016459-2939710526-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-03-16] ()
HKU\S-1-5-21-926935795-3690016459-2939710526-1000\...\MountPoints2: E - E:\MMMTest.EXE
HKU\S-1-5-21-926935795-3690016459-2939710526-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-926935795-3690016459-2939710526-1000\...\MountPoints2: {253f8f82-8b16-11e2-81da-78843ce0f9a6} - E:\AutoRun.exe
HKU\S-1-5-21-926935795-3690016459-2939710526-1000\...\MountPoints2: {253f8f96-8b16-11e2-81da-78843ce0f9a6} - E:\AutoRun.exe
HKU\S-1-5-21-926935795-3690016459-2939710526-1000\...\MountPoints2: {253f8faa-8b16-11e2-81da-78843ce0f9a6} - E:\AutoRun.exe
HKU\S-1-5-21-926935795-3690016459-2939710526-1000\...\MountPoints2: {253f8fb1-8b16-11e2-81da-78843ce0f9a6} - E:\AutoRun.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ncr
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sony.eu/vaioportal
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/
URLSearchHook: HKCU - (No Name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - No File
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {28BA7757-8D17-4408-9582-9F0000017ED2} URL = hxxp://rover.ebay.com/rover/1/5221-29898-16445-25/4?satitle={searchTerms}
SearchScopes: HKCU - {69ACE9E3-9C20-425B-BBCE-94538B13CB86} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKCU - {731DAB18-8BC1-4C5A-8569-6D53985113BE} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Lexmark  - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKCU - No Name - {51A86BB3-6602-4C85-92A5-130EE4864F13} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1	api.crashtastic.com 
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\sbvdaeyk.default
FF NewTab: www.google.at
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{E517FE61-18F7-44B3-B2B8-1952CA70625B}] - C:\Windows\Installer\{2C895DE0-80D5-4169-9A73-51BC916A86FD}\{E517FE61-18F7-44B3-B2B8-1952CA70625B}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{2C895DE0-80D5-4169-9A73-51BC916A86FD}\{E517FE61-18F7-44B3-B2B8-1952CA70625B}.xpi [2014-06-10]

Chrome: 
=======
CHR HomePage: hxxp://search.babylon.com/?affID=113480&tt=010712_2&babsrc=HP_ss&mntrId=88c34e400000000000000024213b4a32
CHR StartupUrls: "hxxp://www.youtube.com/", "https://www.google.at/"
CHR DefaultSearchURL: hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de
CHR DefaultNewTabURL: hxxp://www.google.de/?hl=de&gl=de
CHR Extension: (Battlefield Heroes) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2014-05-28]
CHR Extension: (AdBlock) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-22]
CHR Extension: (Download Protect) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\giikjkhipielbmkkihhfidicgpbibona [2014-06-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-03-31] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [75936 2011-03-31] (Atheros Commnucations) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2361344 2011-03-29] (Realsil Microelectronics Inc.) [File not signed]
S2 lxecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxec_device; C:\Windows\system32\lxeccoms.exe [1052328 2010-04-14] ( )
R2 lxec_device; C:\Windows\SysWOW64\lxeccoms.exe [598696 2010-04-14] ( )
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-28] ()
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
R2 sfc64; C:\Windows\system32\apj-ms-win-core-threadpool-l1-1-0.exe [106496 2012-07-23] () [File not signed]
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1021112 2011-03-30] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [158024 2013-12-26] (MCCI Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-10 20:28 - 2014-06-10 20:28 - 00017697 _____ () C:\Users\Heidi\Downloads\FRST.txt
2014-06-10 20:20 - 2014-06-10 20:20 - 02080768 _____ (Farbar) C:\Users\Heidi\Downloads\FRST64.exe
2014-06-10 12:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-10 12:41 - 2014-06-10 12:41 - 00961360 _____ (Chip Digital GmbH) C:\Users\Heidi\Downloads\AdwCleaner - CHIP-Installer.exe
2014-06-10 12:24 - 2014-06-10 13:09 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\JAM Software
2014-06-10 12:24 - 2014-06-10 12:24 - 05126408 _____ (JAM Software ) C:\Users\Heidi\Downloads\UltraSearch-x64-Setup.exe
2014-06-05 20:19 - 2014-06-05 20:19 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-05 20:19 - 2014-06-05 20:19 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-02 21:28 - 2014-06-02 21:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-02 21:25 - 2014-06-02 21:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-02 21:25 - 2014-06-02 21:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-02 21:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-02 21:25 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-02 21:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-28 23:02 - 2014-05-29 20:28 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-05-28 23:01 - 2014-05-28 23:01 - 00000000 ____D () C:\Users\Heidi\AppData\Local\PunkBuster
2014-05-28 23:00 - 2014-05-29 16:05 - 00000000 ____D () C:\Users\Heidi\Documents\Battlefield Heroes
2014-05-28 20:09 - 2014-05-29 20:28 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-05-28 20:09 - 2014-05-29 18:00 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-05-28 20:09 - 2014-05-28 23:07 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-05-28 20:09 - 2014-05-28 20:09 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games
2014-05-28 19:57 - 2014-05-28 19:57 - 00000000 ____D () C:\Program Files (x86)\EA Games
2014-05-25 13:45 - 2014-05-25 13:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-22 17:48 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-22 17:48 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-22 17:48 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-22 17:48 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-22 17:48 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-22 17:48 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-19 11:35 - 2014-05-19 11:35 - 00000000 ____D () C:\Users\Heidi\AppData\Local\Blizzard
2014-05-19 11:07 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-19 11:07 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-19 11:06 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-19 11:06 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-19 11:04 - 2014-05-29 10:03 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-05-19 11:04 - 2014-05-19 11:04 - 00001157 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-05-19 11:04 - 2014-05-19 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-05-19 11:04 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-19 11:04 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-19 11:04 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-19 11:04 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-19 11:04 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-19 11:04 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-19 11:04 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-19 11:04 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-19 11:04 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-19 11:04 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-19 11:04 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-19 11:04 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-19 11:04 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-19 11:04 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-19 11:04 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-19 11:04 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-19 11:04 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-19 11:04 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-19 11:04 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-19 11:04 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-19 11:04 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-19 11:04 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-19 11:04 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-19 11:04 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-19 11:04 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-19 11:04 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-19 11:04 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-19 11:04 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-19 11:04 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-19 11:04 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-19 11:04 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-19 11:04 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-19 11:04 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-19 11:04 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-19 11:04 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-19 11:04 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-19 11:04 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-19 11:04 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-19 11:04 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-19 11:04 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-19 11:04 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-19 11:03 - 2014-05-19 11:03 - 00000000 ____D () C:\Users\Heidi\AppData\Local\Blizzard Entertainment
2014-05-19 11:02 - 2014-06-08 13:24 - 00000000 ____D () C:\Users\Heidi\AppData\Local\Battle.net
2014-05-19 11:02 - 2014-06-02 16:24 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-05-19 11:02 - 2014-05-19 12:13 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\Battle.net
2014-05-19 11:02 - 2014-05-19 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-05-19 11:02 - 2014-05-19 11:02 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-05-19 11:01 - 2014-05-19 11:01 - 00000000 ____D () C:\ProgramData\Battle.net
2014-05-19 11:00 - 2014-05-19 11:01 - 03099552 _____ (Blizzard Entertainment) C:\Users\Heidi\Downloads\Hearthstone-Setup-deDE.exe

==================== One Month Modified Files and Folders =======

2014-06-10 20:28 - 2014-06-10 20:28 - 00017697 _____ () C:\Users\Heidi\Downloads\FRST.txt
2014-06-10 20:28 - 2014-03-30 00:11 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-10 20:28 - 2014-03-29 23:49 - 00000000 ____D () C:\FRST
2014-06-10 20:28 - 2011-10-14 06:59 - 00000000 ____D () C:\Users\Heidi\AppData\Local\Temp
2014-06-10 20:25 - 2014-02-12 17:02 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\Skype
2014-06-10 20:20 - 2014-06-10 20:20 - 02080768 _____ (Farbar) C:\Users\Heidi\Downloads\FRST64.exe
2014-06-10 20:19 - 2013-07-09 16:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-10 19:05 - 2014-03-30 11:55 - 00000000 ____D () C:\Users\Heidi\Desktop\beni
2014-06-10 15:51 - 2011-10-14 01:24 - 00714910 _____ () C:\Windows\system32\perfh007.dat
2014-06-10 15:51 - 2011-10-14 01:24 - 00154704 _____ () C:\Windows\system32\perfc007.dat
2014-06-10 15:51 - 2009-07-14 07:13 - 01651144 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-10 15:47 - 2011-10-14 00:29 - 01414168 _____ () C:\Windows\WindowsUpdate.log
2014-06-10 13:15 - 2013-03-16 21:06 - 00000000 ____D () C:\Users\Heidi\AppData\Local\PMB Files
2014-06-10 13:09 - 2014-06-10 12:24 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\JAM Software
2014-06-10 12:58 - 2013-02-27 20:08 - 00786944 ___SH () C:\Users\Heidi\Desktop\Thumbs.db
2014-06-10 12:52 - 2009-07-14 06:45 - 00021200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-10 12:52 - 2009-07-14 06:45 - 00021200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-10 12:46 - 2014-03-26 21:04 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-10 12:44 - 2014-03-30 11:42 - 00010842 _____ () C:\Windows\PFRO.log
2014-06-10 12:44 - 2014-03-30 06:22 - 00004452 _____ () C:\Windows\setupact.log
2014-06-10 12:44 - 2014-03-30 00:11 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-10 12:44 - 2011-10-26 12:37 - 00049982 _____ () C:\ProgramData\lxecscan.log
2014-06-10 12:44 - 2011-10-14 07:02 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9E21231D-E68B-45E0-BB93-49A6A54AF769}
2014-06-10 12:44 - 2011-10-14 00:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-10 12:44 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-10 12:43 - 2014-03-29 23:04 - 00000000 ____D () C:\AdwCleaner
2014-06-10 12:43 - 2011-10-14 06:59 - 00000000 ____D () C:\Users\Heidi
2014-06-10 12:41 - 2014-06-10 12:41 - 00961360 _____ (Chip Digital GmbH) C:\Users\Heidi\Downloads\AdwCleaner - CHIP-Installer.exe
2014-06-10 12:24 - 2014-06-10 12:24 - 05126408 _____ (JAM Software ) C:\Users\Heidi\Downloads\UltraSearch-x64-Setup.exe
2014-06-10 12:01 - 2013-03-16 21:06 - 00000000 ____D () C:\ProgramData\PMB Files
2014-06-08 13:24 - 2014-05-19 11:02 - 00000000 ____D () C:\Users\Heidi\AppData\Local\Battle.net
2014-06-07 23:27 - 2012-07-23 14:41 - 00000000 ____D () C:\Users\Heidi\AppData\Local\CrashDumps
2014-06-05 20:19 - 2014-06-05 20:19 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-05 20:19 - 2014-06-05 20:19 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-02 21:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME
2014-06-02 21:29 - 2014-06-02 21:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-02 21:25 - 2014-06-02 21:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-02 21:25 - 2014-06-02 21:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-02 19:00 - 2014-04-28 17:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-02 19:00 - 2011-10-14 01:11 - 00000000 ____D () C:\ProgramData\Skype
2014-06-02 17:38 - 2012-04-05 15:12 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-06-02 16:24 - 2014-05-19 11:02 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-05-29 20:28 - 2014-05-28 23:02 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-05-29 20:28 - 2014-05-28 20:09 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-05-29 18:00 - 2014-05-28 20:09 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-05-29 16:05 - 2014-05-28 23:00 - 00000000 ____D () C:\Users\Heidi\Documents\Battlefield Heroes
2014-05-29 10:03 - 2014-05-19 11:04 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-05-28 23:07 - 2014-05-28 20:09 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-05-28 23:01 - 2014-05-28 23:01 - 00000000 ____D () C:\Users\Heidi\AppData\Local\PunkBuster
2014-05-28 20:09 - 2014-05-28 20:09 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games
2014-05-28 19:57 - 2014-05-28 19:57 - 00000000 ____D () C:\Program Files (x86)\EA Games
2014-05-28 14:06 - 2013-05-08 17:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-25 13:45 - 2014-05-25 13:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-25 13:29 - 2011-10-26 12:42 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-05-24 21:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-24 08:31 - 2014-03-30 00:12 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-23 21:54 - 2011-10-14 07:02 - 00000000 ___RD () C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-23 21:54 - 2011-10-14 07:02 - 00000000 ___RD () C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-23 21:52 - 2014-05-07 20:58 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-22 17:41 - 2013-07-12 13:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-22 17:41 - 2012-08-11 17:30 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-19 12:13 - 2014-05-19 11:02 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\Battle.net
2014-05-19 11:35 - 2014-05-19 11:35 - 00000000 ____D () C:\Users\Heidi\AppData\Local\Blizzard
2014-05-19 11:04 - 2014-05-19 11:04 - 00001157 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-05-19 11:04 - 2014-05-19 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-05-19 11:03 - 2014-05-19 11:03 - 00000000 ____D () C:\Users\Heidi\AppData\Local\Blizzard Entertainment
2014-05-19 11:02 - 2014-05-19 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-05-19 11:02 - 2014-05-19 11:02 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-05-19 11:01 - 2014-05-19 11:01 - 00000000 ____D () C:\ProgramData\Battle.net
2014-05-19 11:01 - 2014-05-19 11:00 - 03099552 _____ (Blizzard Entertainment) C:\Users\Heidi\Downloads\Hearthstone-Setup-deDE.exe
2014-05-14 21:19 - 2013-07-09 16:28 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 21:19 - 2013-07-09 16:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 21:19 - 2013-07-09 16:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-12 07:26 - 2014-06-02 21:25 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-02 21:25 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-02 21:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 09:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports

Files to move or delete:
====================
C:\Users\Heidi\jagex_cl_runescape_LIVE.dat
C:\Users\Heidi\jagex_cl_runescape_LIVE1.dat
C:\Users\Heidi\random.dat


Some content of TEMP:
====================
C:\Users\Heidi\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-10 15:42

==================== End Of Log ============================
         

--- --- ---


addition.txt :

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-06-2014
Ran by Heidi (administrator) on HEIDI-VAIO on 10-06-2014 20:28:00
Running from C:\Users\Heidi\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
( ) C:\Windows\System32\lxeccoms.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
() C:\Windows\System32\apj-ms-win-core-threadpool-l1-1-0.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
() C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
() C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\Admload.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-29] (Conexant Systems, Inc.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [790176 2011-03-31] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657056 2011-03-31] (Atheros Commnucations)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226672 2011-02-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [lxecmon.exe] => C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe [770728 2010-05-17] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe [148280 2010-05-17] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-926935795-3690016459-2939710526-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-03-16] ()
HKU\S-1-5-21-926935795-3690016459-2939710526-1000\...\MountPoints2: E - E:\MMMTest.EXE
HKU\S-1-5-21-926935795-3690016459-2939710526-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-926935795-3690016459-2939710526-1000\...\MountPoints2: {253f8f82-8b16-11e2-81da-78843ce0f9a6} - E:\AutoRun.exe
HKU\S-1-5-21-926935795-3690016459-2939710526-1000\...\MountPoints2: {253f8f96-8b16-11e2-81da-78843ce0f9a6} - E:\AutoRun.exe
HKU\S-1-5-21-926935795-3690016459-2939710526-1000\...\MountPoints2: {253f8faa-8b16-11e2-81da-78843ce0f9a6} - E:\AutoRun.exe
HKU\S-1-5-21-926935795-3690016459-2939710526-1000\...\MountPoints2: {253f8fb1-8b16-11e2-81da-78843ce0f9a6} - E:\AutoRun.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ncr
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sony.eu/vaioportal
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/
URLSearchHook: HKCU - (No Name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - No File
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {28BA7757-8D17-4408-9582-9F0000017ED2} URL = hxxp://rover.ebay.com/rover/1/5221-29898-16445-25/4?satitle={searchTerms}
SearchScopes: HKCU - {69ACE9E3-9C20-425B-BBCE-94538B13CB86} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKCU - {731DAB18-8BC1-4C5A-8569-6D53985113BE} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Lexmark  - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKCU - No Name - {51A86BB3-6602-4C85-92A5-130EE4864F13} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1	api.crashtastic.com 
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\sbvdaeyk.default
FF NewTab: www.google.at
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{E517FE61-18F7-44B3-B2B8-1952CA70625B}] - C:\Windows\Installer\{2C895DE0-80D5-4169-9A73-51BC916A86FD}\{E517FE61-18F7-44B3-B2B8-1952CA70625B}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{2C895DE0-80D5-4169-9A73-51BC916A86FD}\{E517FE61-18F7-44B3-B2B8-1952CA70625B}.xpi [2014-06-10]

Chrome: 
=======
CHR HomePage: hxxp://search.babylon.com/?affID=113480&tt=010712_2&babsrc=HP_ss&mntrId=88c34e400000000000000024213b4a32
CHR StartupUrls: "hxxp://www.youtube.com/", "https://www.google.at/"
CHR DefaultSearchURL: hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de
CHR DefaultNewTabURL: hxxp://www.google.de/?hl=de&gl=de
CHR Extension: (Battlefield Heroes) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2014-05-28]
CHR Extension: (AdBlock) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-22]
CHR Extension: (Download Protect) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\giikjkhipielbmkkihhfidicgpbibona [2014-06-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-03-31] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [75936 2011-03-31] (Atheros Commnucations) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2361344 2011-03-29] (Realsil Microelectronics Inc.) [File not signed]
S2 lxecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxec_device; C:\Windows\system32\lxeccoms.exe [1052328 2010-04-14] ( )
R2 lxec_device; C:\Windows\SysWOW64\lxeccoms.exe [598696 2010-04-14] ( )
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-28] ()
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
R2 sfc64; C:\Windows\system32\apj-ms-win-core-threadpool-l1-1-0.exe [106496 2012-07-23] () [File not signed]
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1021112 2011-03-30] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [158024 2013-12-26] (MCCI Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-10 20:28 - 2014-06-10 20:28 - 00017697 _____ () C:\Users\Heidi\Downloads\FRST.txt
2014-06-10 20:20 - 2014-06-10 20:20 - 02080768 _____ (Farbar) C:\Users\Heidi\Downloads\FRST64.exe
2014-06-10 12:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-10 12:41 - 2014-06-10 12:41 - 00961360 _____ (Chip Digital GmbH) C:\Users\Heidi\Downloads\AdwCleaner - CHIP-Installer.exe
2014-06-10 12:24 - 2014-06-10 13:09 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\JAM Software
2014-06-10 12:24 - 2014-06-10 12:24 - 05126408 _____ (JAM Software ) C:\Users\Heidi\Downloads\UltraSearch-x64-Setup.exe
2014-06-05 20:19 - 2014-06-05 20:19 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-05 20:19 - 2014-06-05 20:19 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-02 21:28 - 2014-06-02 21:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-02 21:25 - 2014-06-02 21:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-02 21:25 - 2014-06-02 21:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-02 21:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-02 21:25 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-02 21:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-28 23:02 - 2014-05-29 20:28 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-05-28 23:01 - 2014-05-28 23:01 - 00000000 ____D () C:\Users\Heidi\AppData\Local\PunkBuster
2014-05-28 23:00 - 2014-05-29 16:05 - 00000000 ____D () C:\Users\Heidi\Documents\Battlefield Heroes
2014-05-28 20:09 - 2014-05-29 20:28 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-05-28 20:09 - 2014-05-29 18:00 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-05-28 20:09 - 2014-05-28 23:07 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-05-28 20:09 - 2014-05-28 20:09 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games
2014-05-28 19:57 - 2014-05-28 19:57 - 00000000 ____D () C:\Program Files (x86)\EA Games
2014-05-25 13:45 - 2014-05-25 13:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-22 17:48 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-22 17:48 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-22 17:48 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-22 17:48 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-22 17:48 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-22 17:48 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-19 11:35 - 2014-05-19 11:35 - 00000000 ____D () C:\Users\Heidi\AppData\Local\Blizzard
2014-05-19 11:07 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-19 11:07 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-19 11:06 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-19 11:06 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-19 11:04 - 2014-05-29 10:03 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-05-19 11:04 - 2014-05-19 11:04 - 00001157 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-05-19 11:04 - 2014-05-19 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-05-19 11:04 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-19 11:04 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-19 11:04 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-19 11:04 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-19 11:04 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-19 11:04 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-19 11:04 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-19 11:04 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-19 11:04 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-19 11:04 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-19 11:04 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-19 11:04 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-19 11:04 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-19 11:04 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-19 11:04 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-19 11:04 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-19 11:04 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-19 11:04 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-19 11:04 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-19 11:04 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-19 11:04 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-19 11:04 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-19 11:04 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-19 11:04 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-19 11:04 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-19 11:04 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-19 11:04 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-19 11:04 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-19 11:04 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-19 11:04 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-19 11:04 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-19 11:04 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-19 11:04 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-19 11:04 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-19 11:04 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-19 11:04 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-19 11:04 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-19 11:04 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-19 11:04 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-19 11:04 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-19 11:04 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-19 11:03 - 2014-05-19 11:03 - 00000000 ____D () C:\Users\Heidi\AppData\Local\Blizzard Entertainment
2014-05-19 11:02 - 2014-06-08 13:24 - 00000000 ____D () C:\Users\Heidi\AppData\Local\Battle.net
2014-05-19 11:02 - 2014-06-02 16:24 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-05-19 11:02 - 2014-05-19 12:13 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\Battle.net
2014-05-19 11:02 - 2014-05-19 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-05-19 11:02 - 2014-05-19 11:02 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-05-19 11:01 - 2014-05-19 11:01 - 00000000 ____D () C:\ProgramData\Battle.net
2014-05-19 11:00 - 2014-05-19 11:01 - 03099552 _____ (Blizzard Entertainment) C:\Users\Heidi\Downloads\Hearthstone-Setup-deDE.exe

==================== One Month Modified Files and Folders =======

2014-06-10 20:28 - 2014-06-10 20:28 - 00017697 _____ () C:\Users\Heidi\Downloads\FRST.txt
2014-06-10 20:28 - 2014-03-30 00:11 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-10 20:28 - 2014-03-29 23:49 - 00000000 ____D () C:\FRST
2014-06-10 20:28 - 2011-10-14 06:59 - 00000000 ____D () C:\Users\Heidi\AppData\Local\Temp
2014-06-10 20:25 - 2014-02-12 17:02 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\Skype
2014-06-10 20:20 - 2014-06-10 20:20 - 02080768 _____ (Farbar) C:\Users\Heidi\Downloads\FRST64.exe
2014-06-10 20:19 - 2013-07-09 16:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-10 19:05 - 2014-03-30 11:55 - 00000000 ____D () C:\Users\Heidi\Desktop\beni
2014-06-10 15:51 - 2011-10-14 01:24 - 00714910 _____ () C:\Windows\system32\perfh007.dat
2014-06-10 15:51 - 2011-10-14 01:24 - 00154704 _____ () C:\Windows\system32\perfc007.dat
2014-06-10 15:51 - 2009-07-14 07:13 - 01651144 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-10 15:47 - 2011-10-14 00:29 - 01414168 _____ () C:\Windows\WindowsUpdate.log
2014-06-10 13:15 - 2013-03-16 21:06 - 00000000 ____D () C:\Users\Heidi\AppData\Local\PMB Files
2014-06-10 13:09 - 2014-06-10 12:24 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\JAM Software
2014-06-10 12:58 - 2013-02-27 20:08 - 00786944 ___SH () C:\Users\Heidi\Desktop\Thumbs.db
2014-06-10 12:52 - 2009-07-14 06:45 - 00021200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-10 12:52 - 2009-07-14 06:45 - 00021200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-10 12:46 - 2014-03-26 21:04 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-10 12:44 - 2014-03-30 11:42 - 00010842 _____ () C:\Windows\PFRO.log
2014-06-10 12:44 - 2014-03-30 06:22 - 00004452 _____ () C:\Windows\setupact.log
2014-06-10 12:44 - 2014-03-30 00:11 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-10 12:44 - 2011-10-26 12:37 - 00049982 _____ () C:\ProgramData\lxecscan.log
2014-06-10 12:44 - 2011-10-14 07:02 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9E21231D-E68B-45E0-BB93-49A6A54AF769}
2014-06-10 12:44 - 2011-10-14 00:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-10 12:44 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-10 12:43 - 2014-03-29 23:04 - 00000000 ____D () C:\AdwCleaner
2014-06-10 12:43 - 2011-10-14 06:59 - 00000000 ____D () C:\Users\Heidi
2014-06-10 12:41 - 2014-06-10 12:41 - 00961360 _____ (Chip Digital GmbH) C:\Users\Heidi\Downloads\AdwCleaner - CHIP-Installer.exe
2014-06-10 12:24 - 2014-06-10 12:24 - 05126408 _____ (JAM Software ) C:\Users\Heidi\Downloads\UltraSearch-x64-Setup.exe
2014-06-10 12:01 - 2013-03-16 21:06 - 00000000 ____D () C:\ProgramData\PMB Files
2014-06-08 13:24 - 2014-05-19 11:02 - 00000000 ____D () C:\Users\Heidi\AppData\Local\Battle.net
2014-06-07 23:27 - 2012-07-23 14:41 - 00000000 ____D () C:\Users\Heidi\AppData\Local\CrashDumps
2014-06-05 20:19 - 2014-06-05 20:19 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-05 20:19 - 2014-06-05 20:19 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-02 21:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME
2014-06-02 21:29 - 2014-06-02 21:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-02 21:25 - 2014-06-02 21:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-02 21:25 - 2014-06-02 21:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-02 19:00 - 2014-04-28 17:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-02 19:00 - 2011-10-14 01:11 - 00000000 ____D () C:\ProgramData\Skype
2014-06-02 17:38 - 2012-04-05 15:12 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-06-02 16:24 - 2014-05-19 11:02 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-05-29 20:28 - 2014-05-28 23:02 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-05-29 20:28 - 2014-05-28 20:09 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-05-29 18:00 - 2014-05-28 20:09 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-05-29 16:05 - 2014-05-28 23:00 - 00000000 ____D () C:\Users\Heidi\Documents\Battlefield Heroes
2014-05-29 10:03 - 2014-05-19 11:04 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-05-28 23:07 - 2014-05-28 20:09 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-05-28 23:01 - 2014-05-28 23:01 - 00000000 ____D () C:\Users\Heidi\AppData\Local\PunkBuster
2014-05-28 20:09 - 2014-05-28 20:09 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games
2014-05-28 19:57 - 2014-05-28 19:57 - 00000000 ____D () C:\Program Files (x86)\EA Games
2014-05-28 14:06 - 2013-05-08 17:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-25 13:45 - 2014-05-25 13:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-25 13:29 - 2011-10-26 12:42 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-05-24 21:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-24 08:31 - 2014-03-30 00:12 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-23 21:54 - 2011-10-14 07:02 - 00000000 ___RD () C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-23 21:54 - 2011-10-14 07:02 - 00000000 ___RD () C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-23 21:52 - 2014-05-07 20:58 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-22 17:41 - 2013-07-12 13:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-22 17:41 - 2012-08-11 17:30 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-19 12:13 - 2014-05-19 11:02 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\Battle.net
2014-05-19 11:35 - 2014-05-19 11:35 - 00000000 ____D () C:\Users\Heidi\AppData\Local\Blizzard
2014-05-19 11:04 - 2014-05-19 11:04 - 00001157 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-05-19 11:04 - 2014-05-19 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-05-19 11:03 - 2014-05-19 11:03 - 00000000 ____D () C:\Users\Heidi\AppData\Local\Blizzard Entertainment
2014-05-19 11:02 - 2014-05-19 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-05-19 11:02 - 2014-05-19 11:02 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-05-19 11:01 - 2014-05-19 11:01 - 00000000 ____D () C:\ProgramData\Battle.net
2014-05-19 11:01 - 2014-05-19 11:00 - 03099552 _____ (Blizzard Entertainment) C:\Users\Heidi\Downloads\Hearthstone-Setup-deDE.exe
2014-05-14 21:19 - 2013-07-09 16:28 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 21:19 - 2013-07-09 16:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 21:19 - 2013-07-09 16:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-12 07:26 - 2014-06-02 21:25 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-02 21:25 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-02 21:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 09:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports

Files to move or delete:
====================
C:\Users\Heidi\jagex_cl_runescape_LIVE.dat
C:\Users\Heidi\jagex_cl_runescape_LIVE1.dat
C:\Users\Heidi\random.dat


Some content of TEMP:
====================
C:\Users\Heidi\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-10 15:42

==================== End Of Log ============================
         

--- --- ---


Ich kenne mich nicht aus aber die beiden txt datein scheinen sich stark zu ähneln, die Addition.txt ist hoffentlich die datei die sich nach dem scan öffnet. Sonst ist sie leider nicht da.

Es öffnen sich 2 Dateien beim Scan. Wenn nicht, FRST öffnen, Haken setzen bei Addition und scannen, jetzt bitte die Addition.txt posten.