|
Plagegeister aller Art und deren Bekämpfung: Habe Zombie News auf meinem Laptop.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.12.2014, 13:30 | #1 |
| Habe Zombie News auf meinem Laptop. Hallo! Ich habe seid gestern ein Virus auf meinem Laptop und wusste erst nicht welches es war, bis ich Zombie News entdeckt habe. Ich habe versucht zu deinstallieren aber es hat nicht funktioniert, also habe ich Avast laufen lassen und danach Adwcleaner runtergeladen damit er das Problem beseitigt. Zombie News ist jetzt zwar aus meiner Systemsteuerung verschwunden aber die Werbung und all das ist geblieben, wie kriege ich den Virus vollständig weg? danke im Voraus. |
28.12.2014, 14:18 | #2 |
/// the machine /// TB-Ausbilder | Habe Zombie News auf meinem Laptop. hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
28.12.2014, 14:27 | #3 |
| Habe Zombie News auf meinem Laptop.FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2014 Ran by derya (administrator) on VAIO on 28-12-2014 13:38:07 Running from C:\Users\derya\Downloads Loaded Profile: derya (Available profiles: derya) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (ClickCaption) C:\Program Files (x86)\ClickCaption_1.10.0.5\Service\ccsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Time Lapse Solutions) C:\ProgramData\qFcAZf\txBLYva.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe (Sony Corporation) C:\Program Files\Sony\Store App Support Utility\StoreAppSupportUtility.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Spotify Ltd) C:\Users\derya\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) C:\Users\derya\AppData\Roaming\Spotify\spotify.exe (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe () C:\Users\derya\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\derya\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\derya\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe () C:\Users\derya\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\derya\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe () C:\Users\derya\AppData\Local\Installer\Installcr_1672\DCytdieamo_amodc_setup.exe () C:\Users\derya\AppData\Local\Installer\Installiwebar_2898\DCytdieamo_amodc_setup.exe (Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2362392 2013-11-21] (Sony Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [152896 2012-06-25] (Intel Corporation) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-07] (AVAST Software) HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.) HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-11-28] ( (Atheros Communications)) HKU\S-1-5-21-525407912-4045976023-3324896752-1001\...\Run: [Spotify Web Helper] => C:\Users\derya\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-12] (Spotify Ltd) HKU\S-1-5-21-525407912-4045976023-3324896752-1001\...\Run: [Facebook Update] => C:\Users\derya\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-08-15] (Facebook Inc.) HKU\S-1-5-21-525407912-4045976023-3324896752-1001\...\Run: [Spotify] => C:\Users\derya\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-12] (Spotify Ltd) HKU\S-1-5-21-525407912-4045976023-3324896752-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22059616 2014-10-01] (Skype Technologies S.A.) HKU\S-1-5-21-525407912-4045976023-3324896752-1001\...\Run: [Super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe HKU\S-1-5-21-525407912-4045976023-3324896752-1001\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] () HKU\S-1-5-21-525407912-4045976023-3324896752-1001\...\Run: [clicup] => C:\Users\derya\AppData\Local\clicup\chrmndr.exe HKU\S-1-5-21-525407912-4045976023-3324896752-1001\...\RunOnce: [Adobe Speed Launcher] => 1419768449 AppInit_DLLs-x32: c:/progra~3/{207cc~1/171~1.0/coca.dll => "c:/progra~3/{207cc~1/171~1.0/coca.dll" File Not Found ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File CHR HKU\S-1-5-21-525407912-4045976023-3324896752-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-525407912-4045976023-3324896752-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKU\S-1-5-21-525407912-4045976023-3324896752-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl HKU\S-1-5-21-525407912-4045976023-3324896752-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu HKU\S-1-5-21-525407912-4045976023-3324896752-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-525407912-4045976023-3324896752-1001 -> URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3317933&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP19D799BD-0E53-4817-90FC-12E417B156BA&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-525407912-4045976023-3324896752-1001 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} SearchScopes: HKU\S-1-5-21-525407912-4045976023-3324896752-1001 -> {41BF22B3-42E4-462A-AC43-B242D2572D61} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q312&_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-525407912-4045976023-3324896752-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKU\S-1-5-21-525407912-4045976023-3324896752-1001 -> ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: DizzyDing 1.0.0.6 -> {b57f3d1b-2f97-4686-b2dd-f2bc1ac645e2} -> C:\Program Files (x86)\DizzyDing\DizzyDingbho.dll No File BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-525407912-4045976023-3324896752-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\derya\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKU\S-1-5-21-525407912-4045976023-3324896752-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\derya\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-525407912-4045976023-3324896752-1001: electronicarts.com/GameFacePlugin -> C:\Users\derya\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts) FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF HKU\S-1-5-21-525407912-4045976023-3324896752-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff Chrome: ======= CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hp&ts=1419695780&from=pcs&uid=HitachiXHTS543232A7A384_E20342BL1Y880P1Y880PX CHR StartupUrls: Default -> "https://www.google.de/?gws_rd=ssl" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\derya\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09] CHR Extension: (Google Wallet) - C:\Users\derya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28] CHR StartMenuInternet: Google Chrome - chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-11-28] (Windows (R) Win 7 DDK provider) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-26] (AVAST Software) R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 ccsvc_1.10.0.5; C:\Program Files (x86)\ClickCaption_1.10.0.5\Service\ccsvc.exe [277584 2014-12-12] (ClickCaption) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-08-06] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-08-06] (Intel Corporation) S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.) S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [625240 2013-09-28] (Sony Corporation) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2013-11-21] (Sony Corporation) R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2014-12-28] (Enigma Software Group USA, LLC.) R2 txBLYva; C:\ProgramData\qFcAZf\txBLYva.exe [2726256 2014-12-28] (Time Lapse Solutions) R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation) S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2012-11-07] (Sony Corporation) R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-11-28] (Atheros) [File not signed] S2 Update DizzyDing; "C:\Program Files (x86)\DizzyDing\updateDizzyDing.exe" [X] S2 YTDUpdt; C:\PROGRA~2\YTDOWN~1\YTDUPD~1.EXE [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-26] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-26] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-26] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-26] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-26] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-26] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-26] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-26] () R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-12-02] (Qualcomm Atheros Communications, Inc.) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-11-28] (Qualcomm Atheros) R3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [428488 2013-11-28] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R1 ccnfd_1_10_0_5; C:\Windows\System32\drivers\ccnfd_1_10_0_5.sys [58232 2014-12-12] (ClickCaption) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2014-12-28] () S3 semav6thermal64ro; C:\WINDOWS\system32\drivers\semav6thermal64ro.sys [13792 2014-12-27] () R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 BtFilter; \SystemRoot\system32\DRIVERS\btfilter.sys [X] S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X] S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-28 13:38 - 2014-12-28 13:39 - 00025383 _____ () C:\Users\derya\Downloads\FRST.txt 2014-12-28 13:37 - 2014-12-28 13:38 - 00000000 ____D () C:\FRST 2014-12-28 13:37 - 2014-12-28 13:37 - 02122752 _____ (Farbar) C:\Users\derya\Downloads\FRST64.exe 2014-12-28 13:20 - 2014-12-28 13:20 - 01660616 _____ (ESET) C:\Users\derya\Downloads\eset_smart_security_live_installer_.exe 2014-12-28 05:17 - 2014-12-28 05:17 - 00000000 ____D () C:\Users\derya\AppData\Local\CrashRpt 2014-12-28 05:15 - 2014-12-28 13:24 - 00000000 ____D () C:\Users\derya\AppData\Local\ZombieNews 2014-12-28 05:05 - 2014-12-28 05:05 - 00000000 ____D () C:\ProgramData\1078601655 2014-12-28 05:03 - 2014-12-28 05:03 - 02166272 _____ () C:\Users\derya\Desktop\adwcleaner-4.105-en.exe 2014-12-28 05:01 - 2014-12-28 05:01 - 00594184 _____ () C:\Users\derya\Downloads\AdwCleaner.exe 2014-12-28 04:26 - 2014-12-28 05:10 - 00000000 ____D () C:\AdwCleaner 2014-12-28 04:26 - 2014-12-28 04:26 - 02173952 _____ () C:\Users\derya\Downloads\adwcleaner_4.106.exe 2014-12-28 04:25 - 2014-12-28 04:25 - 00689851 _____ () C:\Users\derya\Downloads\trz43EF.tmp 2014-12-28 04:25 - 2014-12-28 04:24 - 00452711 _____ () C:\Users\derya\Downloads\trzCC1E.tmp 2014-12-28 03:56 - 2014-12-28 03:56 - 00000000 _____ () C:\autoexec.bat 2014-12-28 03:55 - 2014-12-28 03:55 - 00000000 ____D () C:\Users\derya\AppData\Roaming\Enigma Software Group 2014-12-28 03:55 - 2014-12-28 03:55 - 00000000 ____D () C:\sh4ldr 2014-12-28 03:54 - 2014-12-28 03:54 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys 2014-12-28 03:54 - 2014-12-28 03:54 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-12-28 03:50 - 2014-12-28 03:50 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\derya\Downloads\SpyHunter-Installer (1).exe 2014-12-28 03:46 - 2014-12-28 03:46 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\derya\Downloads\SpyHunter-Installer.exe 2014-12-28 01:11 - 2014-12-28 01:11 - 00003094 _____ () C:\WINDOWS\System32\Tasks\{020032A9-26C4-4A98-9A29-DD86C745E95E} 2014-12-28 00:57 - 2014-12-28 00:57 - 00000000 ____D () C:\ProgramData\qFcAZf 2014-12-28 00:08 - 2014-12-28 00:08 - 00000203 _____ () C:\Users\derya\Downloads\film.mp4 2014-12-28 00:05 - 2014-12-28 00:10 - 00000000 ____D () C:\Users\derya\AppData\Roaming\vlc 2014-12-28 00:04 - 2014-12-28 13:14 - 00000000 ____D () C:\Program Files\VideoLAN 2014-12-28 00:02 - 2014-12-28 00:02 - 01174352 _____ () C:\Users\derya\Downloads\VLC media player 64 Bit - CHIP-Installer.exe 2014-12-27 23:56 - 2014-12-27 23:56 - 01064056 _____ (Download Manager) C:\Users\derya\Downloads\setup (7).exe 2014-12-27 23:56 - 2014-12-27 23:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid 2014-12-27 23:56 - 2014-12-27 23:56 - 00000000 ____D () C:\Program Files (x86)\Xvid 2014-12-27 23:56 - 2014-04-08 21:51 - 00706048 _____ () C:\WINDOWS\system32\xvidcore.dll 2014-12-27 23:56 - 2014-04-08 21:51 - 00251392 _____ () C:\WINDOWS\system32\xvidvfw.dll 2014-12-27 23:56 - 2014-04-08 21:51 - 00169984 _____ () C:\WINDOWS\system32\xvid.ax 2014-12-27 23:56 - 2014-04-08 21:50 - 00632320 _____ () C:\WINDOWS\SysWOW64\xvidcore.dll 2014-12-27 23:56 - 2014-04-08 21:50 - 00235520 _____ () C:\WINDOWS\SysWOW64\xvidvfw.dll 2014-12-27 23:56 - 2014-04-08 21:50 - 00147456 _____ () C:\WINDOWS\SysWOW64\xvid.ax 2014-12-27 23:54 - 2014-12-27 23:55 - 11261576 _____ (Xvid Team) C:\Users\derya\Downloads\Xvid-1.3.3-20140407.exe 2014-12-27 23:04 - 2014-12-27 23:04 - 00003122 _____ () C:\WINDOWS\System32\Tasks\USER_ESRV_SVC 2014-12-27 23:04 - 2014-12-27 23:04 - 00002060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care (Desktop).lnk 2014-12-27 23:04 - 2014-12-27 23:04 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care 2014-12-27 23:02 - 2014-07-01 16:36 - 00000426 _____ () C:\AVScanner.ini 2014-12-27 22:46 - 2014-12-27 22:46 - 00000417 _____ () C:\WINDOWS\SynInst.log 2014-12-27 17:30 - 2014-12-27 17:30 - 00022528 _____ () C:\Users\derya\AppData\Local\trzB80A.tmp 2014-12-27 17:29 - 2014-12-27 17:29 - 00234679 _____ () C:\Users\derya\AppData\Local\dsi1.dat 2014-12-27 17:29 - 2014-12-27 17:29 - 00161916 _____ () C:\Users\derya\AppData\Local\dsi2.dat 2014-12-27 17:29 - 2014-12-27 17:29 - 00022528 _____ () C:\Users\derya\AppData\Local\trz5CBA.tmp 2014-12-27 16:43 - 2014-12-28 05:05 - 00000000 ____D () C:\ProgramData\2355320829 2014-12-27 16:33 - 2014-12-27 16:45 - 00003240 _____ () C:\WINDOWS\System32\Tasks\Super Optimizer Schedule 2014-12-27 16:28 - 2014-12-27 16:28 - 00000000 ____D () C:\Program Files (x86)\ClickCaption_1.10.0.5 2014-12-27 16:15 - 2014-12-27 16:15 - 00000000 ____D () C:\Users\derya\AppData\Local\ContextTrue 2014-12-27 16:13 - 2014-12-27 16:13 - 00000000 ____D () C:\Program Files (x86)\pre_installer_de 2014-12-27 16:12 - 2014-12-27 16:12 - 00004362 _____ () C:\WINDOWS\System32\Tasks\Installer_iwebar 2014-12-27 16:12 - 2014-12-27 16:12 - 00004346 _____ () C:\WINDOWS\System32\Tasks\Installer_cr 2014-12-27 16:06 - 2014-12-27 16:09 - 00574144 _____ () C:\Users\derya\Downloads\DivX.Web.Player.Installer__8420_i1432837035_il29559.exe 2014-12-23 22:55 - 2014-12-23 22:55 - 00000000 ____D () C:\Users\derya\AppData\Roaming\Electronic Arts 2014-12-23 22:48 - 2014-12-23 22:48 - 09091423 _____ (Electronic Arts) C:\Users\derya\Downloads\GameFaceBrowserPluginInstaller.1.8.0.0.exe 2014-12-23 22:45 - 2014-12-23 22:45 - 00000000 ____D () C:\Users\derya\AppData\Local\Unity 2014-12-23 22:44 - 2014-12-23 22:44 - 01080608 _____ (Unity Technologies ApS) C:\Users\derya\Downloads\UnityWebPlayer.exe 2014-12-15 23:33 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2014-12-15 23:33 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2014-12-12 00:53 - 2014-12-12 00:53 - 00058232 _____ (ClickCaption) C:\WINDOWS\system32\Drivers\ccnfd_1_10_0_5.sys 2014-12-11 23:40 - 2014-12-11 23:40 - 00072648 _____ () C:\Users\derya\Downloads\FLVPlayer-Chrome.exe 2014-12-10 05:01 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll 2014-12-10 05:01 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-10 05:01 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2014-12-10 05:01 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2014-12-10 04:42 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-12-10 04:42 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-12-10 04:42 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2014-12-10 04:42 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2014-12-10 04:42 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-12-10 04:42 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-12-10 04:42 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2014-12-10 04:42 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2014-12-10 04:42 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2014-12-10 04:42 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2014-12-10 04:41 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-12-10 04:41 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-12-10 04:41 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-12-10 04:41 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2014-12-10 04:41 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-12-10 04:41 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-12-10 04:41 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-12-10 04:41 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-12-10 04:41 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2014-12-10 04:41 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-12-10 04:41 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-12-10 04:41 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-12-10 04:41 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-12-10 04:41 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2014-12-10 04:41 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-12-10 04:41 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2014-12-10 04:41 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-12-10 04:41 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-12-10 04:41 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-12-10 04:41 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-12-10 04:41 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-12-10 04:41 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-12-10 04:41 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2014-12-10 04:41 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-12-10 04:41 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-12-10 04:41 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2014-12-10 04:41 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-12-10 04:41 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2014-12-10 04:41 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-12-10 04:41 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-12-10 04:41 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-12-10 04:41 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-12-10 04:41 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-12-10 04:41 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-12-10 04:41 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-12-10 04:41 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-12-10 04:41 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-28 13:39 - 2013-12-25 16:59 - 01647038 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-28 13:32 - 2014-08-16 14:06 - 00005118 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for VAIO-derya VAIO 2014-12-28 13:27 - 2013-04-24 17:15 - 00000000 ____D () C:\Users\derya\AppData\Roaming\Spotify 2014-12-28 13:19 - 2013-04-24 15:47 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-525407912-4045976023-3324896752-1001 2014-12-28 13:12 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-12-28 13:11 - 2013-12-25 17:16 - 00000000 ___DO () C:\Users\derya\SkyDrive 2014-12-28 13:09 - 2013-08-12 12:24 - 00000000 ____D () C:\Users\derya\AppData\Local\CrashDumps 2014-12-28 13:07 - 2013-04-24 16:04 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-28 13:07 - 2013-04-24 16:04 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-28 13:05 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-12-28 13:01 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-12-28 13:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-12-28 10:43 - 2014-01-18 15:22 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D59412A2-7DDA-42B5-B436-4BD81043FA2C} 2014-12-28 10:41 - 2013-08-15 00:36 - 00000938 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-525407912-4045976023-3324896752-1001UA.job 2014-12-28 05:11 - 2013-11-13 23:18 - 00095570 _____ () C:\WINDOWS\PFRO.log 2014-12-28 04:32 - 2013-12-25 16:41 - 00000000 ____D () C:\Users\derya 2014-12-28 04:01 - 2013-09-30 22:02 - 00000284 _____ () C:\Users\derya\AppData\Roaming\WB.CFG 2014-12-28 01:48 - 2013-12-25 17:12 - 00001450 _____ () C:\Users\derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-12-28 01:41 - 2013-08-15 00:36 - 00000916 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-525407912-4045976023-3324896752-1001Core.job 2014-12-27 23:52 - 2013-11-14 08:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-12-27 23:52 - 2013-11-14 08:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat 2014-12-27 23:52 - 2013-11-14 08:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat 2014-12-27 23:50 - 2013-08-22 15:46 - 00292865 _____ () C:\WINDOWS\setupact.log 2014-12-27 23:05 - 2014-01-05 15:09 - 00000000 ____D () C:\Update 2014-12-27 23:04 - 2012-10-31 04:45 - 00000000 ____D () C:\Program Files (x86)\Sony 2014-12-27 23:03 - 2012-10-31 04:17 - 00000000 ____D () C:\Program Files\Sony 2014-12-27 23:02 - 2014-07-01 16:35 - 00000000 ____D () C:\ProgramData\Sony 2014-12-27 23:01 - 2014-03-03 23:01 - 00013792 _____ () C:\WINDOWS\system32\Drivers\semav6thermal64ro.sys 2014-12-27 22:52 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-12-27 22:51 - 2013-04-24 16:13 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update 2014-12-27 22:45 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy 2014-12-27 22:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy 2014-12-27 22:43 - 2012-10-31 04:29 - 00000000 ____D () C:\Program Files (x86)\Realtek 2014-12-27 22:42 - 2013-12-25 16:35 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM 2014-12-27 22:42 - 2013-08-22 15:46 - 00002002 _____ () C:\WINDOWS\setuperr.log 2014-12-27 22:42 - 2013-04-24 15:41 - 00000000 ____D () C:\Users\derya\Documents\Bluetooth Folder 2014-12-27 22:38 - 2012-10-31 04:27 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-12-27 22:31 - 2013-09-30 21:04 - 00000000 ____D () C:\Program Files\DivX 2014-12-27 22:31 - 2013-09-30 21:02 - 00000000 ____D () C:\ProgramData\DivX 2014-12-27 22:31 - 2013-09-30 21:02 - 00000000 ____D () C:\Program Files (x86)\DivX 2014-12-27 16:58 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System 2014-12-27 16:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-12-27 00:46 - 2013-04-29 20:06 - 00000000 ____D () C:\output 2014-12-26 12:01 - 2014-06-24 19:53 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-12-18 20:31 - 2013-04-24 17:15 - 00000000 ____D () C:\Users\derya\AppData\Local\Spotify 2014-12-12 14:09 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-12-12 12:42 - 2012-10-31 05:01 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2014-12-12 06:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2014-12-12 06:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS 2014-12-12 06:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2014-12-12 05:52 - 2013-04-26 20:27 - 00000000 ____D () C:\Users\derya\AppData\Roaming\Skype 2014-12-12 04:47 - 2013-08-14 10:01 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-12-12 04:37 - 2013-04-25 11:22 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-12-09 00:00 - 2013-10-19 23:24 - 00000000 ____D () C:\Users\derya\Desktop\rachel 2014-12-08 23:47 - 2013-11-10 15:58 - 00000000 ____D () C:\Users\derya\Desktop\antonia 2014-12-08 23:47 - 2013-06-02 12:14 - 00000000 ____D () C:\Users\derya\Desktop\kristen Some content of TEMP: ==================== C:\Users\derya\AppData\Local\Temp\BackupSetup.exe C:\Users\derya\AppData\Local\Temp\DivX.Web.Player.Installer__8420_i1432837035_il29559.exe C:\Users\derya\AppData\Local\Temp\DivXSetup.exe C:\Users\derya\AppData\Local\Temp\dlLogic.exe C:\Users\derya\AppData\Local\Temp\EnableExtDll.dll C:\Users\derya\AppData\Local\Temp\IminentSetup-NewVer_22april.exe C:\Users\derya\AppData\Local\Temp\mp3el2.exe C:\Users\derya\AppData\Local\Temp\nsdABF0.exe C:\Users\derya\AppData\Local\Temp\nsk970F.exe C:\Users\derya\AppData\Local\Temp\nslBC6.exe C:\Users\derya\AppData\Local\Temp\nsmA74C.exe C:\Users\derya\AppData\Local\Temp\nsrF438.exe C:\Users\derya\AppData\Local\Temp\nsvF197.exe C:\Users\derya\AppData\Local\Temp\nsx919F.exe C:\Users\derya\AppData\Local\Temp\nsz741.exe C:\Users\derya\AppData\Local\Temp\openssl.exe C:\Users\derya\AppData\Local\Temp\optprosetup.exe C:\Users\derya\AppData\Local\Temp\prismsetup.exe C:\Users\derya\AppData\Local\Temp\Quarantine.exe C:\Users\derya\AppData\Local\Temp\sdfEC8C.exe C:\Users\derya\AppData\Local\Temp\setup.exe C:\Users\derya\AppData\Local\Temp\SkypeSetup.exe C:\Users\derya\AppData\Local\Temp\sp-downloader.exe C:\Users\derya\AppData\Local\Temp\SPSetup.exe C:\Users\derya\AppData\Local\Temp\sqlite3.dll C:\Users\derya\AppData\Local\Temp\tmd_34018450.exe C:\Users\derya\AppData\Local\Temp\tmp5BB1.exe C:\Users\derya\AppData\Local\Temp\tmp7C2C.exe C:\Users\derya\AppData\Local\Temp\tu17p84.exe C:\Users\derya\AppData\Local\Temp\uninst1.exe C:\Users\derya\AppData\Local\Temp\vcredist_x64.exe C:\Users\derya\AppData\Local\Temp\x264enc5.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-27 21:44 ==================== End Of Log ============================ FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2014 Ran by derya at 2014-12-28 13:40:50 Running from C:\Users\derya\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated) avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software) Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.347.0 - Microsoft Corporation) Click Caption 1.10.0.5 (HKLM-x32\...\ClickCaption_1.10.0.5) (Version: 1.10.0.5 - ClickCaption) <==== ATTENTION D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version: - ) DizzyDing (HKLM\...\DizzyDing) (Version: 2014.12.28.012244 - DizzyDing) <==== ATTENTION! EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKU\S-1-5-21-525407912-4045976023-3324896752-1001\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.10.923 - DVDVideoSoft Ltd.) Free YouTube Download version 3.2.39.604 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.39.604 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.38.530 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.38.530 - DVDVideoSoft Ltd.) Free YouTube Uploader version 4.0.12.415 (HKLM-x32\...\Free YouTube Uploader_is1) (Version: 4.0.12.415 - DVDVideoSoft Ltd.) GIF Construction Set Professional 4 (HKLM-x32\...\{2C49CB68-C654-11DF-87E7-FB37E0D72085}) (Version: 4.0.0.32 - Alchemy Mindworks) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - ) Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 38645) (Version: 03.05.11 - Intel) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle) Java(TM) 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden KUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - ) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) MergeModule_x64 (Version: 8.0.00 - Sony Corporation) Hidden Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-525407912-4045976023-3324896752-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden OpenSource Flash Video Splitter 1.0.0.5 (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - ) PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) PlayMemories Home (HKLM-x32\...\{4C93E894-BE17-463B-A789-4CAB706987A0}) (Version: 8.0.21.11211 - Sony Corporation) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.312 - Qualcomm Atheros Communications) Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) SOHLib for PlayMemories Home (Version: 1.0.1.11110 - Sony Corporation) Hidden Spotify (HKU\S-1-5-21-525407912-4045976023-3324896752-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB) SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden Store App Support Utility (HKLM\...\{B93C07D4-49FF-440D-8A6A-054A42AEA960}) (Version: 1.0.0.02240 - Sony Corporation) Unity Web Player (HKU\S-1-5-21-525407912-4045976023-3324896752-1001\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS) VAIO - Remote-Tastatur (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.2.0.09270 - Sony Corporation) VAIO - Remote-Tastatur mit PlayStation®3 (HKLM-x32\...\{E682702C-609C-4017-99E7-3129C163955F}) (Version: 1.2.0.09210 - Sony Corporation) VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.3.2.07020 - Sony Corporation) VAIO Care (HKLM\...\{EF649526-0134-46A8-8DF3-D7F9309E48DB}) (Version: 8.4.2.12046 - Sony Corporation) VAIO Care Recovery (HKLM\...\{15B9204E-BA09-485E-8F2C-094AC0077664}) (Version: 1.1.2.13230 - Sony Corporation) VAIO Care-Hardwarediagnose-Plugin (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.11.1.11220 - Sony Corporation) VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.0.0.08200 - Sony Corporation) VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.10.0.07270 - Sony Corporation) VAIO Easy Connect (x32 Version: 8.2.0.14170 - Sony Corporation) Hidden VAIO Gate (HKLM-x32\...\{14AC95A2-7675-4988-A5BD-3F5B943AED08}) (Version: 3.0.0.08140 - Sony Corporation) VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 3.0.0.08060 - Sony Corporation) VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.0.0.08240 - Sony Corporation) VAIO Gesture Control (x32 Version: 2.0.0.08240 - Sony Corporation) Hidden VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.3.00.10220 - Sony Corporation) VAIO Image Optimizer (x32 Version: 3.0.00.08170 - Sony Corporation) Hidden VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.0.0.08090 - Sony Corporation) VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.0.2.11060 - Sony Corporation) VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.3.01.11140 - Sony Corporation) VAIO Movie Creator (x32 Version: 4.0.00.10170 - Sony Corporation) Hidden VAIO Movie Creator Template Data (x32 Version: 4.0.00.08170 - Sony Corporation) Hidden VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation) VAIO*CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation) VAIO-Handbuch (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 3.0.0.08100 - Sony Corporation) VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.8.0.08212 - Sony Corporation) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden VideoPad Video-Editor (HKLM-x32\...\VideoPad) (Version: 3.33 - NCH Software) VIx64 (Version: 1.0.0 - Sony Corporation) Hidden VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden VU5x64 (Version: 1.0.0 - Sony Corporation ) Hidden VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden VUx64 (Version: 1.0.0 - Sony Corporation ) Hidden VUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows-Treiberpaket - Qualcomm Atheros Communications Inc. (athr) Net (07/15/2013 10.0.0.260) (HKLM\...\FF9ECD00DD25FDB7D3208607214790302878ACBE) (Version: 07/15/2013 10.0.0.260 - Qualcomm Atheros Communications Inc.) XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.3) (Version: 1.3.3 - Xvid Team) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-525407912-4045976023-3324896752-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\derya\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 12-12-2014 04:29:53 Windows Update 15-12-2014 23:44:09 Windows Update 19-12-2014 13:16:46 Windows Update 27-12-2014 16:46:15 Konfiguriert PowerDVD ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0277D0EB-1FCA-4404-B67E-17BB559A08C8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-24] (Google Inc.) Task: {0731F49B-1010-4A21-9AE4-B61E48C8E301} - System32\Tasks\{FB6262E9-7068-405C-A450-B9728F2BB8F5} => pcalua.exe -a "C:\Program Files (x86)\TuneUp Utilities 2013\TUInstallHelper.exe" -c --Trigger-Uninstall Task: {085C92B0-55B4-40EA-835D-A4FB9745A60B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-525407912-4045976023-3324896752-1001Core => C:\Users\derya\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-15] (Facebook Inc.) Task: {10380A9E-0AFC-4137-AA3B-2DA2B739DEEC} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation) Task: {103C9D3C-C9A3-4F6F-947C-E121040F3500} - System32\Tasks\Sony Corporation\VAIO Care\UpdateContacts => %ProgramData%\Sony Corporation\VAIO Care\UpdateContacts.exe Task: {15C1AF22-AC9E-4F26-B43F-B222C1267C87} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-12-03] (Sony Corporation) Task: {1E0375E4-07A1-4ED5-94B0-968B97A56FB7} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation) Task: {1EFB8B5B-455D-4C0B-89DB-5504FE8D9078} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-12] (Microsoft Corporation) Task: {1F1FFBBA-90CC-4110-91BE-20443FC127A6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-525407912-4045976023-3324896752-1001UA => C:\Users\derya\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-15] (Facebook Inc.) Task: {208EA284-9129-4220-AC20-DECD17117AEF} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-08-14] (Sony Corporation) Task: {20A9711C-2D98-499B-8ADE-D611B1B852AD} - System32\Tasks\{3493F740-68E8-4D96-A9BC-9915693ED156} => Chrome.exe Skype für den Desktop herunterladen Task: {30515C7E-8821-455B-AC8C-10763E97ED4D} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation) Task: {30D1571D-77C8-45CF-8231-C32756D7EF9B} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2012-08-04] (Sony Corporation) Task: {36138E8C-3A18-473D-8806-FDD9E9C2D8D2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-26] (AVAST Software) Task: {382A6A2C-1543-4B0F-902A-6438E0D63CC7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation) Task: {3A20C8C1-81FF-4C1D-A3AF-2F928BDC286B} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2014-02-28] (Sony Corporation) Task: {3D8C2E5D-75DC-4F35-8E4E-E1A663A6ABC0} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation) Task: {3E206FA7-9F63-4F1A-980B-073987E124E2} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2012-08-09] (Sony Corporation) Task: {5A5A014D-CE38-4F61-AC21-3961B66D87EF} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation) Task: {5E630DA0-17C5-4C13-9F17-851C0D3BE452} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs" Task: {5F209E3C-D722-421C-A133-0745406DD387} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2014-07-03] (Sony Corporation) Task: {60629424-97A2-4081-99F9-DD7490111C18} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2012-08-09] (Sony Corporation) Task: {63596347-2F6F-461D-8B5D-A343882623CC} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-08-18] (Sony Corporation) Task: {63B300D0-95E3-42E5-A1B4-5A1B92D55594} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation) Task: {65B8C83E-325E-4142-98A7-861A41B70F72} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2012-08-09] (Sony Corporation) Task: {799D5F8E-5A21-4D17-8D76-6FE11BF7D698} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-24] (Google Inc.) Task: {928B18E9-74B7-49A2-8471-0E86382BDABD} - System32\Tasks\Sony Corporation\Store App Support Utility\Store App Support Utility Logon Start => C:\Program Files\Sony\Store App Support Utility\StoreAppSupportUtility.exe [2014-02-24] (Sony Corporation) Task: {9C7B5036-F1E7-4556-B526-F1D328439260} - System32\Tasks\{020032A9-26C4-4A98-9A29-DD86C745E95E} => pcalua.exe -a C:\ProgramData\ZombieNews\uninstall.exe -c /kb=y /ic=1 Task: {ABFECE39-52BB-4950-BF10-E1147C570C58} - System32\Tasks\Microsoft Office 15 Sync Maintenance for VAIO-derya VAIO => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation) Task: {ADF98700-E3B6-404B-9B4D-93912A2A770D} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation) Task: {AF481C7C-9140-44AA-A9FE-EBDCADCB80BB} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation) Task: {B331704E-E23D-4855-838B-B13E1203196E} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation) Task: {B5C86874-743A-4237-B89F-1341EA83F3F0} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation) Task: {B727B0D7-ED78-4525-B946-B25900572F07} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-525407912-4045976023-3324896752-1001 Task: {C655A850-C846-4C6A-950B-916B1379B583} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation) Task: {CCD7A2C8-142E-46C6-842B-918AF2F6BD86} - System32\Tasks\Installer_iwebar => C:\Users\derya\AppData\Local\Installer\Installiwebar_2898\DCytdieamo_amodc_setup.exe [2014-12-27] () <==== ATTENTION Task: {D029D07F-4C01-43FA-B737-76A877C6B5AE} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation) Task: {DB482FAA-2154-4819-8EFC-3013D67F4C6E} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-08-18] (Sony Corporation) Task: {DC40A5E6-5F71-46F8-A6C6-7ACFEA600BBC} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation) Task: {E5471E7F-5260-4A31-89C3-B6DE35C7D4A9} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation) Task: {E89C8FD5-248A-481E-8EB8-8CEC3A3733E4} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-525407912-4045976023-3324896752-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe Task: {EAED3A0F-7DB0-4969-A3C0-9D0797120F32} - System32\Tasks\Installer_cr => C:\Users\derya\AppData\Local\Installer\Installcr_1672\DCytdieamo_amodc_setup.exe [2014-12-27] () <==== ATTENTION Task: {EAF10A56-D24A-4B2C-B0D4-0DFF249CA50F} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe Task: {F604E89B-A5EA-4A3F-96E8-B63B639A4090} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-525407912-4045976023-3324896752-1001Core.job => C:\Users\derya\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-525407912-4045976023-3324896752-1001UA.job => C:\Users\derya\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Loaded Modules (whitelisted) ============= 2014-06-24 19:53 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-11-28 21:35 - 2013-11-28 21:35 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-11-28 21:32 - 2013-11-28 21:32 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll 2013-11-28 21:38 - 2013-11-28 21:38 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe 2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-11-28 21:38 - 2013-11-28 21:38 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll 2013-11-28 21:28 - 2013-11-28 21:28 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll 2013-09-24 13:06 - 2014-12-12 12:31 - 00374840 _____ () C:\Users\derya\AppData\Roaming\Spotify\Data\SpotifyHelper.exe 2014-12-27 16:12 - 2014-12-27 16:12 - 01185664 _____ () C:\Users\derya\AppData\Local\Installer\Installcr_1672\DCytdieamo_amodc_setup.exe 2014-12-27 16:12 - 2014-12-27 16:12 - 01185664 _____ () C:\Users\derya\AppData\Local\Installer\Installiwebar_2898\DCytdieamo_amodc_setup.exe 2014-12-28 10:43 - 2014-12-28 10:43 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122800\algo.dll 2013-04-24 17:15 - 2014-12-12 12:31 - 36966968 _____ () C:\Users\derya\AppData\Roaming\Spotify\Data\libcef.dll 2013-11-30 18:52 - 2013-11-30 18:52 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-07-08 15:54 - 2014-12-12 12:31 - 00867896 _____ () C:\Users\derya\AppData\Roaming\Spotify\Data\ffmpegsumo.dll 2013-09-24 13:06 - 2014-12-12 12:31 - 00886840 _____ () C:\Users\derya\AppData\Roaming\Spotify\Data\libglesv2.dll 2013-09-24 13:06 - 2014-12-12 12:31 - 00108600 _____ () C:\Users\derya\AppData\Roaming\Spotify\Data\libegl.dll 2012-10-31 04:36 - 2012-08-06 18:54 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2014-11-14 13:46 - 2014-11-14 13:46 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\derya\SkyDrive:ms-properties AlternateDataStreams: C:\Users\derya\Downloads\DivX.Web.Player.Installer__8420_i1432837035_il29559.exe:typelib ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "YTDownloader" HKU\S-1-5-21-525407912-4045976023-3324896752-1001\...\StartupApproved\Run: => "Skype" ========================= Accounts: ========================== Administrator (S-1-5-21-525407912-4045976023-3324896752-500 - Administrator - Disabled) derya (S-1-5-21-525407912-4045976023-3324896752-1001 - Administrator - Enabled) => C:\Users\derya Gast (S-1-5-21-525407912-4045976023-3324896752-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-525407912-4045976023-3324896752-1003 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/28/2014 01:09:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: VESUserProxy.exe, Version: 6.0.0.8170, Zeitstempel: 0x502ea187 Name des fehlerhaften Moduls: SynCom.DLL, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3 Ausnahmecode: 0xc0000135 Fehleroffset: 0x00098f05 ID des fehlerhaften Prozesses: 0x15e8 Startzeit der fehlerhaften Anwendung: 0xVESUserProxy.exe0 Pfad der fehlerhaften Anwendung: VESUserProxy.exe1 Pfad des fehlerhaften Moduls: VESUserProxy.exe2 Berichtskennung: VESUserProxy.exe3 Vollständiger Name des fehlerhaften Pakets: VESUserProxy.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VESUserProxy.exe5 Error: (12/28/2014 01:07:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: VESUserProxy.exe, Version: 6.0.0.8170, Zeitstempel: 0x502ea187 Name des fehlerhaften Moduls: SynCom.DLL, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3 Ausnahmecode: 0xc0000135 Fehleroffset: 0x00098f05 ID des fehlerhaften Prozesses: 0x11e4 Startzeit der fehlerhaften Anwendung: 0xVESUserProxy.exe0 Pfad der fehlerhaften Anwendung: VESUserProxy.exe1 Pfad des fehlerhaften Moduls: VESUserProxy.exe2 Berichtskennung: VESUserProxy.exe3 Vollständiger Name des fehlerhaften Pakets: VESUserProxy.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VESUserProxy.exe5 Error: (12/28/2014 01:01:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: VCAgent.exe, Version: 8.4.2.12030, Zeitstempel: 0x5476d099 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00007ffafdcdab71 ID des fehlerhaften Prozesses: 0x16b4 Startzeit der fehlerhaften Anwendung: 0xVCAgent.exe0 Pfad der fehlerhaften Anwendung: VCAgent.exe1 Pfad des fehlerhaften Moduls: VCAgent.exe2 Berichtskennung: VCAgent.exe3 Vollständiger Name des fehlerhaften Pakets: VCAgent.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VCAgent.exe5 Error: (12/28/2014 01:01:04 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: VCAgent.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.NullReferenceException Stapel: bei VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32) bei MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32) bei System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32) bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) bei System.Windows.Application.RunInternal(System.Windows.Window) bei System.Windows.Application.Run() bei VCAgent.App.Main() Error: (12/28/2014 05:44:51 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1368 Startzeit: 01d02258920f59ea Endzeit: 4294967295 Anwendungspfad: C:\WINDOWS\syswow64\wwahost.exe Berichts-ID: 3dd854ec-8e4c-11e4-befd-a41731c9d314 Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App Error: (12/28/2014 05:14:39 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: VESUserProxy.exe, Version: 6.0.0.8170, Zeitstempel: 0x502ea187 Name des fehlerhaften Moduls: SynCom.DLL, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3 Ausnahmecode: 0xc0000135 Fehleroffset: 0x00098f05 ID des fehlerhaften Prozesses: 0x15d4 Startzeit der fehlerhaften Anwendung: 0xVESUserProxy.exe0 Pfad der fehlerhaften Anwendung: VESUserProxy.exe1 Pfad des fehlerhaften Moduls: VESUserProxy.exe2 Berichtskennung: VESUserProxy.exe3 Vollständiger Name des fehlerhaften Pakets: VESUserProxy.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VESUserProxy.exe5 Error: (12/28/2014 05:13:28 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: VESUserProxy.exe, Version: 6.0.0.8170, Zeitstempel: 0x502ea187 Name des fehlerhaften Moduls: SynCom.DLL, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3 Ausnahmecode: 0xc0000135 Fehleroffset: 0x00098f05 ID des fehlerhaften Prozesses: 0x1314 Startzeit der fehlerhaften Anwendung: 0xVESUserProxy.exe0 Pfad der fehlerhaften Anwendung: VESUserProxy.exe1 Pfad des fehlerhaften Moduls: VESUserProxy.exe2 Berichtskennung: VESUserProxy.exe3 Vollständiger Name des fehlerhaften Pakets: VESUserProxy.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VESUserProxy.exe5 Error: (12/28/2014 05:10:16 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_DeviceAssociationService, Version: 6.3.9600.16384, Zeitstempel: 0x5215dfe3 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000f0d6c ID des fehlerhaften Prozesses: 0x1a8 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_DeviceAssociationService0 Pfad der fehlerhaften Anwendung: svchost.exe_DeviceAssociationService1 Pfad des fehlerhaften Moduls: svchost.exe_DeviceAssociationService2 Berichtskennung: svchost.exe_DeviceAssociationService3 Vollständiger Name des fehlerhaften Pakets: svchost.exe_DeviceAssociationService4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_DeviceAssociationService5 Error: (12/28/2014 04:37:20 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: VESUserProxy.exe, Version: 6.0.0.8170, Zeitstempel: 0x502ea187 Name des fehlerhaften Moduls: SynCom.DLL, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3 Ausnahmecode: 0xc0000135 Fehleroffset: 0x00098f05 ID des fehlerhaften Prozesses: 0x11b8 Startzeit der fehlerhaften Anwendung: 0xVESUserProxy.exe0 Pfad der fehlerhaften Anwendung: VESUserProxy.exe1 Pfad des fehlerhaften Moduls: VESUserProxy.exe2 Berichtskennung: VESUserProxy.exe3 Vollständiger Name des fehlerhaften Pakets: VESUserProxy.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VESUserProxy.exe5 Error: (12/28/2014 04:35:58 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: VESUserProxy.exe, Version: 6.0.0.8170, Zeitstempel: 0x502ea187 Name des fehlerhaften Moduls: SynCom.DLL, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3 Ausnahmecode: 0xc0000135 Fehleroffset: 0x00098f05 ID des fehlerhaften Prozesses: 0x6b4 Startzeit der fehlerhaften Anwendung: 0xVESUserProxy.exe0 Pfad der fehlerhaften Anwendung: VESUserProxy.exe1 Pfad des fehlerhaften Moduls: VESUserProxy.exe2 Berichtskennung: VESUserProxy.exe3 Vollständiger Name des fehlerhaften Pakets: VESUserProxy.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VESUserProxy.exe5 System errors: ============= Error: (12/28/2014 01:40:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: %%127 Error: (12/28/2014 01:23:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: %%127 Error: (12/28/2014 01:11:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: %%127 Error: (12/28/2014 01:11:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: %%127 Error: (12/28/2014 01:11:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: %%127 Error: (12/28/2014 01:11:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: %%127 Error: (12/28/2014 01:10:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: %%127 Error: (12/28/2014 01:10:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: %%127 Error: (12/28/2014 01:10:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: %%127 Error: (12/28/2014 01:10:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: %%127 Microsoft Office Sessions: ========================= Error: (12/28/2014 01:09:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: VESUserProxy.exe6.0.0.8170502ea187SynCom.DLL6.3.9600.1727853eeb4a3c000013500098f0515e801d0229725259bbdC:\Program Files (x86)\Sony\VAIO Control Center\VESUserProxy.exeSynCom.DLL63f7c99e-8e8a-11e4-befe-a41731c9d314 Error: (12/28/2014 01:07:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: VESUserProxy.exe6.0.0.8170502ea187SynCom.DLL6.3.9600.1727853eeb4a3c000013500098f0511e401d02296dd9b4dbfC:\Program Files (x86)\Sony\VAIO Control Center\VESUserProxy.exeSynCom.DLL1de048ce-8e8a-11e4-befe-a41731c9d314 Error: (12/28/2014 01:01:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: VCAgent.exe8.4.2.120305476d099unknown0.0.0.000000000c000000500007ffafdcdab7116b401d0225583a0c05eC:\Program Files\Sony\VAIO Care\VCAgent.exeunknown32bcaa35-8e89-11e4-befd-a41731c9d314 Error: (12/28/2014 01:01:04 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: VCAgent.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.NullReferenceException Stapel: bei VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32) bei MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32) bei System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32) bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) bei System.Windows.Application.RunInternal(System.Windows.Window) bei System.Windows.Application.Run() bei VCAgent.App.Main() Error: (12/28/2014 05:44:51 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: wwahost.exe6.3.9600.17031136801d02258920f59ea4294967295C:\WINDOWS\syswow64\wwahost.exe3dd854ec-8e4c-11e4-befd-a41731c9d314Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp Error: (12/28/2014 05:14:39 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: VESUserProxy.exe6.0.0.8170502ea187SynCom.DLL6.3.9600.1727853eeb4a3c000013500098f0515d401d02254cb8baa24C:\Program Files (x86)\Sony\VAIO Control Center\VESUserProxy.exeSynCom.DLL09f5f78a-8e48-11e4-befd-a41731c9d314 Error: (12/28/2014 05:13:28 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: VESUserProxy.exe6.0.0.8170502ea187SynCom.DLL6.3.9600.1727853eeb4a3c000013500098f05131401d022549ed56d94C:\Program Files (x86)\Sony\VAIO Control Center\VESUserProxy.exeSynCom.DLLdff77640-8e47-11e4-befd-a41731c9d314 Error: (12/28/2014 05:10:16 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe_DeviceAssociationService6.3.9600.163845215dfe3ntdll.dll6.3.9600.1727853eebd22c000037400000000000f0d6c1a801d0224f28067995C:\WINDOWS\System32\svchost.exeC:\WINDOWS\SYSTEM32\ntdll.dll6cfbf869-8e47-11e4-befc-a41731c9d314 Error: (12/28/2014 04:37:20 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: VESUserProxy.exe6.0.0.8170502ea187SynCom.DLL6.3.9600.1727853eeb4a3c000013500098f0511b801d0224f94f2b219C:\Program Files (x86)\Sony\VAIO Control Center\VESUserProxy.exeSynCom.DLLd3457086-8e42-11e4-befc-a41731c9d314 Error: (12/28/2014 04:35:58 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: VESUserProxy.exe6.0.0.8170502ea187SynCom.DLL6.3.9600.1727853eeb4a3c000013500098f056b401d0224f60a6def3C:\Program Files (x86)\Sony\VAIO Control Center\VESUserProxy.exeSynCom.DLLa2891311-8e42-11e4-befc-a41731c9d314 ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU B980 @ 2.40GHz Percentage of memory in use: 45% Total physical RAM: 3973.28 MB Available physical RAM: 2184.43 MB Total Pagefile: 6405.28 MB Available Pagefile: 4296.72 MB Total Virtual: 131072 MB Available Virtual: 131071.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:267.76 GB) (Free:165.46 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: 765EFBF8) Partition: GPT Partition Type. ==================== End Of Log ============================ |
28.12.2014, 19:35 | #4 |
/// the machine /// TB-Ausbilder | Habe Zombie News auf meinem Laptop. Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Habe Zombie News auf meinem Laptop. |
adwcleaner, avast, deinstalliere, deinstallieren, entdeck, entdeckt, funktionier, funktioniert, gestern, kriege, laptop, laufe, laufen, problem, runtergeladen, systems, systemsteuerung, verschwunden, versuch, versucht, virus, vollständig, werbung, zombie, zombie news |