Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Fedpol CH Trojaner, Norton hängt sich auf beim Scanen, langsamer beim Browsen. (https://www.trojaner-board.de/147097-windows-7-fedpol-ch-trojaner-norton-haengt-beim-scanen-langsamer-beim-browsen.html)

amazoenli 01.01.2014 23:06
Windows 7: Fedpol CH Trojaner, Norton hängt sich auf beim Scanen, langsamer beim Browsen.
 
Guten Abend allerseits,

Habe mir gestern den Fedpol-Trojaner CH-Version eingefangen mit Mozilla Firefox, der lief danach nicht mehr. Beim Scanen hat sich Norton immer wieder aufgehängt, kam also nicht zum Ziel. Ich browse jetzt mit Chrome, und hier geht alles. Ich hatte schon vor einem Monat einen Virenbefall, habe jedoch mit Hilfe des abgesicherten Modus und Norton alles wieder in Griff gekriegt, d.h. ich habe das Gefühl, dass ich langsamer browse als früher... Beim Erstellen der logs lief FRST nur im abgesicherten Modus.

So anbei meine logs:

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:01 on 01/01/2014 (Augustus Mobile)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-01-2014
Ran by Augustus Mobile (administrator) on AUGUSTUSMOBILE on 01-01-2014 22:15:58
Running from C:\Users\Augustus Mobile\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11490408 2011-06-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2179688 2011-06-16] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [226672 2011-06-15] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [497648 2010-09-16] (Adobe Systems Incorporated)
HKLM\...\Run: [ClientAppLogon] - C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe [421192 2011-04-26] (AuthenTec, Inc.)
HKLM\...\Run: [ClientAppLogon32] - C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe [308040 2011-04-26] (AuthenTec, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2801288 2011-05-31] (Sony Corporation)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation)
HKLM-x32\...\Run: [ModemListener] - C:\Program Files (x86)\HSPA USB MODEM\ModemListener.exe [110248 2012-12-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [] - [x]
MountPoints2: {45722467-4bf0-11e1-9d27-00a0c6000000} - E:\AutoRun.exe
MountPoints2: {45722485-4bf0-11e1-9d27-00a0c6000000} - D:\AutoRun.exe
MountPoints2: {4572278d-4bf0-11e1-9d27-00a0c6000000} - D:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {73162d2b-ee55-11e2-9aab-00a0c6000000} - D:\AutoRun.exe
MountPoints2: {73162d3a-ee55-11e2-9aab-00a0c6000000} - D:\AutoRun.exe
MountPoints2: {73162d73-ee55-11e2-9aab-00a0c6000000} - D:\AutoRun.exe
MountPoints2: {8ccd97da-f6d9-11e2-9732-00a0c6000000} - D:\AutoRun.exe
MountPoints2: {8ccd9a22-f6d9-11e2-9732-00a0c6000000} - D:\AutoRun.exe
MountPoints2: {8ccd9a37-f6d9-11e2-9732-00a0c6000000} - D:\AutoRun.exe
MountPoints2: {8ccd9a47-f6d9-11e2-9732-00a0c6000000} - D:\AutoRun.exe
MountPoints2: {8ccd9a55-f6d9-11e2-9732-00a0c6000000} - D:\AutoRun.exe
MountPoints2: {b3414410-0833-11e3-91c9-00a0c6000000} - D:\AutoRun.exe
MountPoints2: {b3414425-0833-11e3-91c9-00a0c6000000} - D:\AutoRun.exe
MountPoints2: {d76e46b3-086e-11e3-9160-00a0c6000000} - D:\AutoRun.exe
MountPoints2: {d76e48b7-086e-11e3-9160-00a0c6000000} - D:\AutoRun.exe
MountPoints2: {d76e48cb-086e-11e3-9160-00a0c6000000} - D:\AutoRun.exe
MountPoints2: {d76e491b-086e-11e3-9160-00a0c6000000} - D:\AutoRun.exe
MountPoints2: {e3387104-0bc0-11e3-9229-00a0c6000000} - D:\AutoRun.exe
MountPoints2: {ea46886b-b687-11e1-97fb-f0bf97e1f19d} - D:\AutoRun.exe
MountPoints2: {ee124d52-a245-11e2-98f0-f0bf97e1f19d} - D:\autorun.exe
Startup: C:\Users\Augustus Mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com
URLSearchHook: HKCU - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File
SearchScopes: HKCU - DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/?a=6OyZWYgSPg&loc=skw&search={searchTerms}
SearchScopes: HKCU - {14FCC6E1-CD4E-4D4F-9259-A6FA8CD62FC4} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYCH&apn_uid=40EB3D35-31F6-4E7D-94C2-8388FE2DB34A&apn_sauid=4853BF76-6860-46D0-A666-038E2EDBAE24
SearchScopes: HKCU - {593AF9D1-ACDC-4068-A6D2-4AFFFDA196F4} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
SearchScopes: HKCU - {B16D9DD4-EBF5-4713-9702-2B0CD66987DE} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKCU - {BA63F8F2-0DD5-499C-92DB-E26D5BCC060B} URL = hxxp://rover.ebay.com/rover/1/5222-42442-16445-29/4?mpre=hxxp://shop.ebay.ch/?oemInLn=ieSrch-Q311&_nkw={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/?a=6OyZWYgSPg&loc=skw&search={searchTerms}
BHO: IB Updater - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll ()
BHO: TrueSuite WebStore - {5cb2b77d-c8ca-44db-af20-a7a4df462a12} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: IB Updater - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
BHO-x32: TrueSuite WebStore - {5cb2b77d-c8ca-44db-af20-a7a4df462a12} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\ipsbho.dll (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll (AuthenTec Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FE262FD0-69EB-46BC-B26C-F696DEA52046}: [NameServer]212.98.37.131 194.230.55.97

FireFox:
========
FF ProfilePath: C:\Users\Augustus Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\oryg7q42.default
FF user.js: detected! => C:\Users\Augustus Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\oryg7q42.default\user.js
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: MyStart Search
FF Homepage: hxxp://mystart.incredibar.com/?a=6OyZWYgSPg&loc=skw|https://mail.google.com/mail/?shva=1#all
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Users\Augustus Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\oryg7q42.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: TrueSuite Website Log On - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF Extension: No Name - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF Extension: No Name - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF Extension: No Name - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF Extension: No Name - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\

Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "hxxp://mystart.incredibar.com/?a=6OyZWYgSPg&loc=skw", "hxxp://mystart.incredibar.com/mb201?a=6OyZWYgSPg&loc=skw", ""
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (TrueSuite) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokdoppleiafjmfmggefbkghfblaplo\1.0_0\npwebsitelogon.dll (AuthenTec, Inc)
CHR Plugin: (Injovo Extension Plugin) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.557_0\npbrowserext.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.13.20.29_0\plugins/np-cwmp.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (Media Go Detector) - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Extension: (Google Docs) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (IB Updater) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.578_0
CHR Extension: (uTorrentBar_DE) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.24.3.503_0
CHR Extension: (Norton Identity Protection) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.2.3_0
CHR Extension: (Google Wallet) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (SweetPacks Chrome Extension) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_1
CHR Extension: (Website Logon) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokdoppleiafjmfmggefbkghfblaplo\1.0_0
CHR Extension: (Gmail) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
CHR HKLM-x32\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Augustus Mobile\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\jmdp\SweetNT.crx
CHR HKLM-x32\...\Chrome\Extension: [oiokdoppleiafjmfmggefbkghfblaplo] - C:\Program Files\TrueSuite\x86\tschrome.crx

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 DeviceManager; C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe [40960 2012-10-12] ()
S2 FPLService; C:\Program Files\TrueSuite\TrueSuite.Service.exe [294216 2011-04-26] (AuthenTec, Inc)
S2 GobiQDLService; C:\Program Files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe [318464 2011-03-04] (HUAWEI Technologies Co., Ltd.)
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 IB Updater; C:\Program Files\IB Updater\ExtensionUpdaterService.exe [188760 2013-01-29] ()
S2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1833776 2013-12-29] ()
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [671744 2013-02-05] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-11-30] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R3 gobi3kfilter; C:\Windows\System32\DRIVERS\gobi3kfilter.sys [34304 2010-12-13] (QUALCOMM Incorporated)
S3 gobi3kmbb; C:\Windows\System32\DRIVERS\gobi3kmbb.sys [399872 2011-04-21] (QUALCOMM Incorporated)
S3 gobi3kserial; C:\Windows\System32\DRIVERS\gobi3kserial.sys [233984 2010-12-13] (QUALCOMM Incorporated)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [241152 2012-12-03] (Huawei Technologies Co., Ltd.)
S1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131230.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation)
S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [123776 2012-03-31] (TCT International Mobile Ltd.)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131231.001\ENG64.SYS [126040 2013-11-27] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131231.001\EX64.SYS [2099288 2013-11-27] (Symantec Corporation)
S3 SRTSP; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-07] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
S1 SymNetS; C:\Windows\system32\drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [132608 2009-02-17] (Huawei Technologies Co., Ltd.)
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-01 22:15 - 2014-01-01 22:16 - 00023291 _____ C:\Users\Augustus Mobile\Downloads\FRST.txt
2014-01-01 22:15 - 2014-01-01 22:15 - 00000000 ____D C:\FRST
2014-01-01 22:13 - 2014-01-01 22:13 - 00020318 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2014_ 1_ 1.csv
2014-01-01 22:02 - 2014-01-01 22:02 - 01931396 _____ (Farbar) C:\Users\Augustus Mobile\Downloads\FRST64.exe
2014-01-01 22:01 - 2014-01-01 22:01 - 00000492 _____ C:\Users\Augustus Mobile\Downloads\defogger_disable.log
2014-01-01 22:01 - 2014-01-01 22:01 - 00000000 _____ C:\Users\Augustus Mobile\defogger_reenable
2014-01-01 22:00 - 2014-01-01 22:00 - 00050477 _____ C:\Users\Augustus Mobile\Downloads\Defogger.exe
2013-12-31 17:41 - 2013-12-31 17:41 - 00000000 ____D C:\ProgramData\Oracle
2013-12-31 17:41 - 2013-12-31 17:40 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-31 17:40 - 2013-12-31 17:40 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-31 17:40 - 2013-12-31 17:40 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-31 17:40 - 2013-12-31 17:40 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-31 17:40 - 2013-12-31 17:40 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-31 17:37 - 2013-12-31 17:37 - 00915368 _____ (Oracle Corporation) C:\Users\Augustus Mobile\Downloads\chromeinstall-7u45.exe
2013-12-30 11:25 - 2013-12-30 11:25 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Local\{4227F241-3D01-4AFA-9DF3-E5C1FF71DAE6}
2013-12-29 20:21 - 2013-12-29 20:21 - 00020351 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_29.csv
2013-12-26 21:28 - 2013-12-26 21:28 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Local\{ACBD6186-E588-49F3-BE93-0BE4143C1EE1}
2013-12-26 13:25 - 2013-12-26 13:25 - 00020351 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_26.csv
2013-12-26 09:17 - 2013-12-26 09:17 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Local\{F4FE62F3-33C9-4852-B23C-C1E9EF3A0D65}
2013-12-25 20:47 - 2013-12-25 20:47 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Local\{B083089F-15B4-464A-B42B-6BEEF0891A23}
2013-12-25 01:50 - 2013-12-25 01:50 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Local\{749395FC-FC53-4067-BC67-FAE72FFE59A3}
2013-12-25 00:20 - 2013-12-25 00:20 - 05183143 _____ (Kigosoft Inc.                                              ) C:\Users\Augustus Mobile\Downloads\PhotoCardMaker.exe
2013-12-22 22:49 - 2013-12-22 22:49 - 01094246 _____ C:\Users\Augustus Mobile\Downloads\libera esportazione augustus 22 dicembre.bmp
2013-12-22 20:18 - 2013-12-22 20:18 - 00020351 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_22.csv
2013-12-22 00:12 - 2014-01-01 22:15 - 00155648 ___SH C:\Users\Augustus Mobile\Desktop\Thumbs.db
2013-12-22 00:07 - 2013-12-22 00:07 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Local\{94FE8EE1-8953-4D90-926C-557E57513AA8}
2013-12-19 07:23 - 2013-12-19 07:23 - 00020318 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_19.csv
2013-12-18 23:49 - 2013-12-18 23:49 - 00016386 _____ C:\Windows\SysWOW64\sibcs207.dll
2013-12-18 23:49 - 2013-12-18 23:49 - 00003248 _____ C:\Windows\System32\Tasks\{2497518A-D03B-45DB-AFCC-057807A54C5F}
2013-12-18 23:48 - 2013-12-18 23:48 - 00001106 _____ C:\Users\Augustus Mobile\Desktop\BusinessCard Software Demo.lnk
2013-12-18 23:48 - 2013-12-18 23:48 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Roaming\Sigel
2013-12-18 23:48 - 2003-06-25 11:17 - 00374272 _____ (Herd Software Entwicklung/ Ketteler Str. 35/ D-68642 Bürstadt/ hxxp://www.herdsoft.com/ Telefon:+49-6206-707775/ Telefax:+49-6206-707776) C:\Windows\SysWOW64\Dav3_32.dll
2013-12-18 23:48 - 2003-06-24 13:35 - 00143360 _____ (Herd Software Entwicklung/ Ketteler Str.35/ D-68642 Bürstadt/ hxxp://www.herdsoft.com/ eMail:info@herdsoft.com/ Telefon:+49-6206-707775/ Telefax:+49-6206-707776) C:\Windows\SysWOW64\leon3_32.dll
2013-12-18 23:47 - 2013-12-18 23:47 - 09895012 _____ C:\Users\Augustus Mobile\Downloads\Sigel_BusinessCard_Demo.zip
2013-12-18 23:47 - 2013-12-18 23:47 - 00000000 ____D C:\Users\Augustus Mobile\Downloads\Sigel_BusinessCard_Demo
2013-12-18 23:22 - 2013-12-18 23:48 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sigel
2013-12-18 23:22 - 2013-12-18 23:48 - 00000000 ____D C:\Program Files (x86)\Sigel
2013-12-18 23:22 - 2013-12-18 23:22 - 00001151 _____ C:\Users\Augustus Mobile\Desktop\Visitenkarten In 2 Minuten.lnk
2013-12-18 23:21 - 2013-12-18 23:21 - 03714404 _____ C:\Users\Augustus Mobile\Downloads\Sigel_Visitenkarten_In_2_Minuten.zip
2013-12-17 18:42 - 2013-12-17 18:48 - 499830816 _____ C:\Users\Augustus Mobile\Downloads\kptg-monat1.zip
2013-12-15 21:19 - 2013-12-15 21:19 - 00020425 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_15.csv
2013-12-12 03:22 - 2013-12-12 03:22 - 00000000 _____ C:\Windows\SysWOW64\sho9CE9.tmp
2013-12-12 03:05 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 03:05 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 03:05 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 03:05 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 03:02 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 03:02 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 03:02 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 03:02 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 03:02 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 03:02 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 03:02 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 03:02 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 03:02 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 03:02 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 03:02 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 03:02 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 03:02 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 03:02 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 03:02 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 03:02 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 03:02 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 03:02 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 03:02 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 03:02 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 03:02 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 03:02 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 03:02 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 03:02 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 03:02 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 03:02 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 03:02 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 03:02 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 03:02 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 03:02 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 03:02 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 18:18 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 18:18 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 18:17 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 18:17 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 18:17 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 18:17 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 18:17 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 18:17 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 18:17 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 18:17 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 18:17 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 18:17 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 18:17 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 18:17 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 18:17 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 18:17 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 18:17 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 18:17 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 18:17 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-10 14:34 - 2013-12-10 14:34 - 00020285 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_10.csv
2013-12-08 12:06 - 2013-12-08 12:06 - 00020425 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_ 8.csv
2013-12-02 01:04 - 2013-12-02 01:04 - 00015388 _____ C:\Users\Augustus Mobile\Documents\2013 Eva Samichlaus.odt
2013-12-02 01:04 - 2013-12-02 01:04 - 00012657 _____ C:\Users\Augustus Mobile\Documents\2013 Lara Samichlaus.odt

==================== One Month Modified Files and Folders =======

2014-01-01 22:16 - 2014-01-01 22:15 - 00023291 _____ C:\Users\Augustus Mobile\Downloads\FRST.txt
2014-01-01 22:15 - 2014-01-01 22:15 - 00000000 ____D C:\FRST
2014-01-01 22:15 - 2013-12-22 00:12 - 00155648 ___SH C:\Users\Augustus Mobile\Desktop\Thumbs.db
2014-01-01 22:14 - 2010-11-21 04:47 - 00079446 _____ C:\Windows\PFRO.log
2014-01-01 22:13 - 2014-01-01 22:13 - 00020318 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2014_ 1_ 1.csv
2014-01-01 22:13 - 2013-01-13 09:32 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Roaming\SoftGrid Client
2014-01-01 22:13 - 2012-01-31 10:27 - 01685581 _____ C:\Windows\WindowsUpdate.log
2014-01-01 22:10 - 2009-07-14 05:45 - 00020944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-01 22:10 - 2009-07-14 05:45 - 00020944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-01 22:04 - 2013-01-29 17:07 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-01 22:02 - 2014-01-01 22:02 - 01931396 _____ (Farbar) C:\Users\Augustus Mobile\Downloads\FRST64.exe
2014-01-01 22:01 - 2014-01-01 22:01 - 00000492 _____ C:\Users\Augustus Mobile\Downloads\defogger_disable.log
2014-01-01 22:01 - 2014-01-01 22:01 - 00000000 _____ C:\Users\Augustus Mobile\defogger_reenable
2014-01-01 22:01 - 2012-01-31 10:27 - 00000000 ____D C:\Users\Augustus Mobile
2014-01-01 22:00 - 2014-01-01 22:00 - 00050477 _____ C:\Users\Augustus Mobile\Downloads\Defogger.exe
2014-01-01 21:14 - 2013-06-11 10:52 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-01 21:04 - 2013-01-29 17:07 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-31 23:39 - 2009-07-14 05:51 - 00124510 _____ C:\Windows\setupact.log
2013-12-31 22:19 - 2013-01-29 16:54 - 00000000 ____D C:\Windows\SysWOW64\ARFC
2013-12-31 22:19 - 2013-01-11 12:45 - 00000000 ____D C:\Windows\SysWOW64\WNLT
2013-12-31 17:43 - 2013-01-12 16:25 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Local\Conduit
2013-12-31 17:41 - 2013-12-31 17:41 - 00000000 ____D C:\ProgramData\Oracle
2013-12-31 17:40 - 2013-12-31 17:41 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-31 17:40 - 2013-12-31 17:40 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-31 17:40 - 2013-12-31 17:40 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-31 17:40 - 2013-12-31 17:40 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-31 17:40 - 2013-12-31 17:40 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-31 17:37 - 2013-12-31 17:37 - 00915368 _____ (Oracle Corporation) C:\Users\Augustus Mobile\Downloads\chromeinstall-7u45.exe
2013-12-31 17:13 - 2013-11-26 00:50 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Roaming\Wuala
2013-12-31 08:02 - 2012-05-16 19:53 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Roaming\vlc
2013-12-31 00:24 - 2012-06-08 23:50 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Roaming\dvdcss
2013-12-30 17:34 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-12-30 11:25 - 2013-12-30 11:25 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Local\{4227F241-3D01-4AFA-9DF3-E5C1FF71DAE6}
2013-12-29 20:21 - 2013-12-29 20:21 - 00020351 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_29.csv
2013-12-29 11:12 - 2013-01-11 12:45 - 01833776 _____ C:\Windows\system32\dmwu.exe
2013-12-29 11:08 - 2013-01-11 12:45 - 00033792 _____ (IncrediMail, Ltd.) C:\Windows\system32\ImHttpComm.dll
2013-12-27 21:53 - 2013-05-17 12:30 - 00000000 ____D C:\Users\Augustus Mobile\Desktop\Augustus
2013-12-26 21:28 - 2013-12-26 21:28 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Local\{ACBD6186-E588-49F3-BE93-0BE4143C1EE1}
2013-12-26 13:25 - 2013-12-26 13:25 - 00020351 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_26.csv
2013-12-26 09:17 - 2013-12-26 09:17 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Local\{F4FE62F3-33C9-4852-B23C-C1E9EF3A0D65}
2013-12-25 20:47 - 2013-12-25 20:47 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Local\{B083089F-15B4-464A-B42B-6BEEF0891A23}
2013-12-25 01:50 - 2013-12-25 01:50 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Local\{749395FC-FC53-4067-BC67-FAE72FFE59A3}
2013-12-25 00:22 - 2013-06-21 10:15 - 00343552 ___SH C:\Users\Augustus Mobile\Downloads\Thumbs.db
2013-12-25 00:20 - 2013-12-25 00:20 - 05183143 _____ (Kigosoft Inc.                                              ) C:\Users\Augustus Mobile\Downloads\PhotoCardMaker.exe
2013-12-22 22:49 - 2013-12-22 22:49 - 01094246 _____ C:\Users\Augustus Mobile\Downloads\libera esportazione augustus 22 dicembre.bmp
2013-12-22 20:18 - 2013-12-22 20:18 - 00020351 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_22.csv
2013-12-22 00:07 - 2013-12-22 00:07 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Local\{94FE8EE1-8953-4D90-926C-557E57513AA8}
2013-12-21 00:29 - 2013-02-11 15:33 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Local\Microsoft Help
2013-12-21 00:28 - 2011-09-11 04:50 - 00697534 _____ C:\Windows\system32\perfh007.dat
2013-12-21 00:28 - 2011-09-11 04:50 - 00148540 _____ C:\Windows\system32\perfc007.dat
2013-12-21 00:28 - 2009-07-14 06:13 - 01614892 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-19 07:23 - 2013-12-19 07:23 - 00020318 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_19.csv
2013-12-18 23:49 - 2013-12-18 23:49 - 00016386 _____ C:\Windows\SysWOW64\sibcs207.dll
2013-12-18 23:49 - 2013-12-18 23:49 - 00003248 _____ C:\Windows\System32\Tasks\{2497518A-D03B-45DB-AFCC-057807A54C5F}
2013-12-18 23:49 - 2012-01-31 15:49 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Local\CrashDumps
2013-12-18 23:48 - 2013-12-18 23:48 - 00001106 _____ C:\Users\Augustus Mobile\Desktop\BusinessCard Software Demo.lnk
2013-12-18 23:48 - 2013-12-18 23:48 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Roaming\Sigel
2013-12-18 23:48 - 2013-12-18 23:22 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sigel
2013-12-18 23:48 - 2013-12-18 23:22 - 00000000 ____D C:\Program Files (x86)\Sigel
2013-12-18 23:47 - 2013-12-18 23:47 - 09895012 _____ C:\Users\Augustus Mobile\Downloads\Sigel_BusinessCard_Demo.zip
2013-12-18 23:47 - 2013-12-18 23:47 - 00000000 ____D C:\Users\Augustus Mobile\Downloads\Sigel_BusinessCard_Demo
2013-12-18 23:22 - 2013-12-18 23:22 - 00001151 _____ C:\Users\Augustus Mobile\Desktop\Visitenkarten In 2 Minuten.lnk
2013-12-18 23:21 - 2013-12-18 23:21 - 03714404 _____ C:\Users\Augustus Mobile\Downloads\Sigel_Visitenkarten_In_2_Minuten.zip
2013-12-17 18:48 - 2013-12-17 18:42 - 499830816 _____ C:\Users\Augustus Mobile\Downloads\kptg-monat1.zip
2013-12-15 21:19 - 2013-12-15 21:19 - 00020425 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_15.csv
2013-12-12 17:15 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-12 03:24 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-12 03:24 - 2009-07-14 05:45 - 00444288 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 03:22 - 2013-12-12 03:22 - 00000000 _____ C:\Windows\SysWOW64\sho9CE9.tmp
2013-12-10 23:14 - 2013-06-11 10:52 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 23:14 - 2013-01-11 20:57 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 23:14 - 2011-09-11 05:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-10 14:34 - 2013-12-10 14:34 - 00020285 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_10.csv
2013-12-08 12:06 - 2013-12-08 12:06 - 00020425 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_ 8.csv
2013-12-06 10:45 - 2013-01-29 17:08 - 00002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-04 01:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-03 20:59 - 2013-01-29 17:07 - 00004124 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-03 20:59 - 2013-01-29 17:07 - 00003872 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-02 01:04 - 2013-12-02 01:04 - 00015388 _____ C:\Users\Augustus Mobile\Documents\2013 Eva Samichlaus.odt
2013-12-02 01:04 - 2013-12-02 01:04 - 00012657 _____ C:\Users\Augustus Mobile\Documents\2013 Lara Samichlaus.odt

Some content of TEMP:
====================
C:\Users\Augustus Mobile\AppData\Local\Temp\addlyrics1030.exe
C:\Users\Augustus Mobile\AppData\Local\Temp\APNStub.exe
C:\Users\Augustus Mobile\AppData\Local\Temp\crt88C4.tmp.exe
C:\Users\Augustus Mobile\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Augustus Mobile\AppData\Local\Temp\DE_de_Avery_AW40.exe
C:\Users\Augustus Mobile\AppData\Local\Temp\i4jdel0.exe
C:\Users\Augustus Mobile\AppData\Local\Temp\incredibar_installer.exe
C:\Users\Augustus Mobile\AppData\Local\Temp\mfc80.dll
C:\Users\Augustus Mobile\AppData\Local\Temp\mfc80u.dll
C:\Users\Augustus Mobile\AppData\Local\Temp\mfcm80.dll
C:\Users\Augustus Mobile\AppData\Local\Temp\mfcm80u.dll
C:\Users\Augustus Mobile\AppData\Local\Temp\msvbvm60.dll
C:\Users\Augustus Mobile\AppData\Local\Temp\msvcm80.dll
C:\Users\Augustus Mobile\AppData\Local\Temp\msvcp80.dll
C:\Users\Augustus Mobile\AppData\Local\Temp\msvcr80.dll
C:\Users\Augustus Mobile\AppData\Local\Temp\MyBabylonTB_google_20120807.exe
C:\Users\Augustus Mobile\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Augustus Mobile\AppData\Local\Temp\proxy_util_w32.dll
C:\Users\Augustus Mobile\AppData\Local\Temp\ResetDevice.exe
C:\Users\Augustus Mobile\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Augustus Mobile\AppData\Local\Temp\swfo.exe
C:\Users\Augustus Mobile\AppData\Local\Temp\tbedrs.dll
C:\Users\Augustus Mobile\AppData\Local\Temp\tbuTor.dll
C:\Users\Augustus Mobile\AppData\Local\Temp\Uninstaller.exe
C:\Users\Augustus Mobile\AppData\Local\Temp\UninstallerChina.dll
C:\Users\Augustus Mobile\AppData\Local\Temp\UninstallerChiTrad.dll
C:\Users\Augustus Mobile\AppData\Local\Temp\UninstallerFre.dll
C:\Users\Augustus Mobile\AppData\Local\Temp\UninstallerGer.dll
C:\Users\Augustus Mobile\AppData\Local\Temp\UninstallerIta.dll
C:\Users\Augustus Mobile\AppData\Local\Temp\UninstallerPol.dll
C:\Users\Augustus Mobile\AppData\Local\Temp\UninstallerRus.dll
C:\Users\Augustus Mobile\AppData\Local\Temp\UninstallerSpa.dll
C:\Users\Augustus Mobile\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Augustus Mobile\AppData\Local\Temp\utt2294.tmp.exe
C:\Users\Augustus Mobile\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\Augustus Mobile\AppData\Local\Temp\WtgDriverInstallX.dll
C:\Users\Augustus Mobile\AppData\Local\Temp\WTGXMLUtil.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-21 10:11

==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2014
Ran by Augustus Mobile at 2014-01-01 22:16:51
Running from C:\Users\Augustus Mobile\Downloads
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

µTorrent (x32 Version: 3.2.3.28705 - BitTorrent Inc.)
2007 Microsoft Office Suite Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Adobe Acrobat X Standard - English, Français, Deutsch (x32 Version: 10.0.0 - Adobe Systems)
Adobe AIR (x32 Version: 2.7.0.19460 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.0.19460 - Adobe Systems Incorporated) Hidden
Adobe Community Help (x32 Version: 3.2.1 - Adobe Systems Incorporated) Hidden
Adobe Community Help (x32 Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (x32 Version: 9.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 9 (x32 Version: 9.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X MUI (x32 Version: 10.0.0 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (Version:  - ALPS ELECTRIC CO., LTD.)
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.60701.2253 - ATI Technologies Inc.) Hidden
ArcSoft WebCam Companion 4 (x32 Version: 4.0.444 - ArcSoft)
ATI Catalyst Install Manager (Version: 3.0.829.0 - ATI Technologies, Inc.)
AuthenTec TrueSuite (Version: 4.0.100.26 - AuthenTec, Inc.)
AuthenTec WinBio FingerPrint Software (Version: 3.1.0.80 - AuthenTec, Inc.)
Avery Wizard 4.0 (x32 Version: 4.0.201 - Avery)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center (x32 Version: 2011.0701.2226.38454 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0701.2226.38454 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0701.2226.38454 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0701.2226.38454 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0701.2226.38454 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0701.2225.38454 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0701.2225.38454 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0701.2225.38454 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0701.2225.38454 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0701.2225.38454 - ATI) Hidden
CCC Help English (x32 Version: 2011.0701.2225.38454 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0701.2225.38454 - ATI) Hidden
CCC Help French (x32 Version: 2011.0701.2225.38454 - ATI) Hidden
CCC Help German (x32 Version: 2011.0701.2225.38454 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0701.2225.38454 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0701.2225.38454 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0701.2225.38454 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0701.2225.38454 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0701.2225.38454 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0701.2225.38454 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0701.2225.38454 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0701.2225.38454 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0701.2225.38454 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0701.2225.38454 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0701.2225.38454 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0701.2225.38454 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0701.2225.38454 - ATI) Hidden
ccc-utility64 (Version: 2011.0701.2226.38454 - ATI) Hidden
Comatic Remote Desktop (x32 Version: 1.00.0000 - Comatic)
Control ActiveX Windows Live Mesh pentru conexiuni la distanță (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DesignPro 5 (x32 Version: 5.5.708 - Avery Dennison)
DesignPro 5 (x32 Version: 5.5.708 - Avery Dennison) Hidden
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
eLohnausweis SSK Uninstaller (x32 Version:  - DV Bern AG)
Evernote v. 4.4 (x32 Version: 4.4.0.4848 - Evernote Corp.)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gobi_Firmware (x32 Version:  - )
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HERMA Label Designer plus 1.1 (x32 Version: 1.00.0000 - HERMA GmbH)
HSPA USB MODEM (x32 Version:  - Alcatel)
HW Gobi 3000 Driver 1.08.00.00 (x32 Version: 1.08.00.00 - Huawei technologies Co., Ltd.)
IB Updater 2.0.0.578 (Version: 2.0.0.578 - IncrediBar) <==== ATTENTION
IB Updater Service (x32 Version: 5.0.1.7 - ) <==== ATTENTION
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Display Audio Driver (x32 Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (Version: 1.1.0.0157 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 1.1.1.0581 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (Version: 14.01.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 10.6.0.1002 - Intel Corporation)
Intel(R) WiDi (x32 Version: 2.1.41.0 - Intel Corporation)
Intel(R) Wireless Display (Version:  - )
Internet Manager (x32 Version: 22.001.18.74.55 - Huawei Technologies Co.,Ltd)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Media Go (x32 Version: 1.7.254 - Sony)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile FRA Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile ITA Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended - Language Pack (ITA) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended FRA Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended ITA Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mobile Partner (x32 Version: 11.300.05.01.154 - Huawei Technologies Co.,Ltd)
Module linguistique Microsoft .NET Framework 4 Client Profile FRA (Version: 4.0.30319 - Microsoft Corporation)
Module linguistique Microsoft .NET Framework 4 Extended FRA (Version: 4.0.30319 - Microsoft Corporation)
Mozilla Firefox 12.0 (x86 de) (x32 Version: 12.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 12.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (x32 Version: 7.1.172.0 - Nokia)
Nokia Suite (x32 Version: 3.8.30.0 - Nokia)
Nokia Suite (x32 Version: 3.8.30.0 - Nokia) Hidden
Norton Internet Security (x32 Version: 21.1.0.18 - Symantec Corporation)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593 - Apache Software Foundation)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (x32 Version: 15.4.5722.2 - Microsoft Corporation)
PC Connectivity Solution (x32 Version: 12.0.109.0 - Nokia)
PlayStation(R)Network Downloader (x32 Version: 2.05.00710 - Sony Computer Entertainment Inc.)
PlayStation(R)Store (x32 Version: 4.1.8.11883 - Sony Computer Entertainment Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Private Tax 2012 2.7 (x32 Version: 2.7 - Information Factory AG)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Quick Web Access (x32 Version: 1.4.6.10 - Sony Corporation)
Quick Web Access (x32 Version: 1.4.6.10 - Sony Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (x32 Version: 7.40.126.2011 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6225 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (x32 Version: 6.1.7600.80 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.16.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.16.0 - Renesas Electronics Corporation) Hidden
Sigel BusinessCardSoftware Demo (x32 Version:  - )
Skype™ 5.1 (x32 Version: 5.1.104 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
Sony Corporation (Version: 1.0.0 - Default Company Name) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (x32 Version: 15.4.5722.2 - Microsoft Corporation)
VAIO Care (Version: 7.3.0.14170 - Sony Corporation)
VAIO Control Center (x32 Version: 5.0.0.07070 - Sony Corporation)
VAIO CPU Fan Diagnostic (x32 Version: 1.0.0.14140 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.7.0.05270 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.7.0.05270 - Sony Corporation) Hidden
VAIO Easy Connect (x32 Version: 1.0.0.03050 - Sony Corporation)
VAIO Gate (x32 Version: 2.4.0.06210 - Sony Corporation)
VAIO Gate Default (x32 Version: 2.5.0.07080 - Sony Corporation)
VAIO Hero Screensaver - Fall 2011 Screensaver (x32 Version:  - )
VAIO Improvement (x32 Version: 1.1.0.06030 - Sony Corporation)
VAIO Improvement Validation (Version: 1.0.4.01190 - Sony Corporation)
VAIO Manual (x32 Version: 1.4.0.05310 - Sony Corporation)
VAIO Smart Network (x32 Version: 3.7.0.07150 - Sony Corporation)
VAIO Transfer Support (x32 Version: 1.4.0.14230 - Sony Corporation)
VAIO Update (x32 Version: 5.5.0.06290 - Sony Corporation)
VAIO Update Merge Module x64 (Version: 5.5.06290 - Sony Corporation) Hidden
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
Visitenkarten in 2 Minuten (x32 Version:  - )
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player 2.0.2 (x32 Version: 2.0.2 - VideoLAN)
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Корпорація Майкрософт) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Корпорація Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0 - Nokia)
Wuala (HKCU Version: 1.0.444.0 - LaCie)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Елемент керування Windows Live Mesh ActiveX для віддалених підключень (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Основи Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотоколекція Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (x32 Version: 15.4.5722.2 - Microsoft Corporation)

==================== Restore Points  =========================

14-11-2013 02:01:59 Windows Update
27-11-2013 02:00:20 Windows Update
12-12-2013 02:01:13 Windows Update
31-12-2013 16:28:16 Removed Java 7 Update 21
31-12-2013 16:31:26 Removed Java(TM) 6 Update 26
31-12-2013 16:33:20 Removed Java(TM) 6 Update 26 (64-bit)
31-12-2013 16:39:45 Installed Java 7 Update 45

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {09F91527-AE3D-4416-92C3-6B2FCEF6142A} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-05-31] (Sony Corporation)
Task: {13D2A160-1116-4607-97F4-14801A0D24CE} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {1611D985-1A4C-4049-8643-AB47F96612D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-29] (Google Inc.)
Task: {17F93950-0086-4154-A093-D0E809953888} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {240B23F5-E762-4D77-A7E8-5BC66B26152C} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {4482F5B2-B0A9-475C-AECA-21C9E6AEA26C} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {47F40D25-6DDE-47FB-B76F-4544977E9617} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-05-31] (Sony Corporation)
Task: {4AB659D2-72E2-49FB-AF23-CA1A0270016F} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2011-06-21] (Sony Corporation)
Task: {5DBA9B62-6C7B-40CB-8AD1-2DF32F0F0BB8} - System32\Tasks\{BF0AD00A-DD39-4ECC-A957-A9F0207C6051} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsMain
Task: {5DCBB3EE-D305-421F-B7A5-F7FA67E0AD05} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {5E9FA666-699A-4F78-B3E2-A416243C7369} - System32\Tasks\Sony Corporation\VAIO Improvement Validation\VAIO Improvement Validation => C:\Program Files\Sony\VAIO Improvement Validation\viv.exe [2011-01-20] (Sony Corporation)
Task: {623CC774-1AE8-4CC9-8338-41FACBED5B64} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {6ED9AA56-8F22-43F7-B909-DFCD830DA938} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {73C92649-EDB4-48A5-AE53-89EA9613053F} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2011-07-07] (Sony Corporation)
Task: {7A28055E-B9FA-453A-BF4C-3FC94174CF7F} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {92947D3E-E108-42F0-8731-18658269C11B} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {A4146BB5-8E78-4587-B6E7-FCBD701B8074} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-05-31] (Sony Corporation)
Task: {AC7C130F-ADBE-4835-9330-473C594D2CC3} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2011-06-21] (Sony Corporation)
Task: {C8C56A99-39C1-48A8-8A10-AB9AA33FA361} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-06-03] (Sony Corporation)
Task: {CAAFA6D8-7BC8-4036-A459-890B61289FFA} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2011-07-07] (Sony Corporation)
Task: {D8C4BA2E-4B08-48EA-ADED-94AA54E984E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-29] (Google Inc.)
Task: {F11838B4-0BF3-4FE8-AC1F-188396266468} - System32\Tasks\Sony Corporation\VAIO Care\AutoCheckMessage => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {FC582923-C207-4D6A-AFC8-7DC2A8FCF390} - System32\Tasks\Sony Corporation\VAIO Care\VAU => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {FE760C83-C42C-41BA-A217-DC016BC0D95B} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR410 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== Faulty Device Manager Devices =============

Name: AMD Radeon(TM) HD 6470M
Description: AMD Radeon(TM) HD 6470M
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: ATI Technologies Inc.
Service: amdkmdap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Realtek PCIE CardReader
Description: Realtek PCIE CardReader
Class Guid: {4d36e970-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconduct Corp.
Service: RSPCIESTOR
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/01/2014 10:16:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 10:13:01 PM) (Source: Application Hang) (User: )
Description: Programm FRST64.exe, Version 3.3.8.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 4bb0

Startzeit: 01cf073560ad87a2

Endzeit: 60000

Anwendungspfad: C:\Users\Augustus Mobile\Downloads\FRST64.exe

Berichts-ID: 51fd69d9-7329-11e3-a5a2-00a0c6000000

Error: (01/01/2014 10:06:17 PM) (Source: Application Hang) (User: )
Description: Programm FRST64.exe, Version 3.3.8.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 5a4c

Startzeit: 01cf0734cca0a65c

Endzeit: 60000

Anwendungspfad: C:\Users\Augustus Mobile\Downloads\FRST64.exe

Berichts-ID: 5ca4a52d-7328-11e3-a5a2-00a0c6000000

Error: (12/18/2013 11:49:15 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BusinessCardDemo.exe, Version: 2.4.7.177, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x204c
Startzeit der fehlerhaften Anwendung: 0xBusinessCardDemo.exe0
Pfad der fehlerhaften Anwendung: BusinessCardDemo.exe1
Pfad des fehlerhaften Moduls: BusinessCardDemo.exe2
Berichtskennung: BusinessCardDemo.exe3

Error: (12/18/2013 11:49:02 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BusinessCardDemo.exe, Version: 2.4.7.177, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x2e7c
Startzeit der fehlerhaften Anwendung: 0xBusinessCardDemo.exe0
Pfad der fehlerhaften Anwendung: BusinessCardDemo.exe1
Pfad des fehlerhaften Moduls: BusinessCardDemo.exe2
Berichtskennung: BusinessCardDemo.exe3

Error: (12/18/2013 11:35:10 PM) (Source: Office Software Protection Platform Service) (User: )
Description: The Software Protection service failed to start. 0x80070005
14.0.370.400

Error: (12/17/2013 11:23:24 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: TrueSuite.TouchControl.exe, Version: 4.0.100.26, Zeitstempel: 0x4db67fa3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c4102
ID des fehlerhaften Prozesses: 0x14ac
Startzeit der fehlerhaften Anwendung: 0xTrueSuite.TouchControl.exe0
Pfad der fehlerhaften Anwendung: TrueSuite.TouchControl.exe1
Pfad des fehlerhaften Moduls: TrueSuite.TouchControl.exe2
Berichtskennung: TrueSuite.TouchControl.exe3

Error: (12/16/2013 00:43:39 PM) (Source: SampleCollector) (User: )
Description: init_sstates_file:CreateFile:Prev_SState: Failed with error 0x20: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (12/15/2013 09:40:22 AM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (12/12/2013 03:35:11 AM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:


System errors:
=============
Error: (01/01/2014 10:15:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (01/01/2014 10:15:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (01/01/2014 10:15:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (01/01/2014 10:15:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (01/01/2014 10:15:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (01/01/2014 10:15:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (01/01/2014 10:15:17 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/01/2014 10:15:16 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/01/2014 10:15:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (01/01/2014 10:15:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068


Microsoft Office Sessions:
=========================
Error: (10/22/2013 04:54:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2463 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (10/21/2013 11:41:05 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 66 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (10/01/2013 11:13:31 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 54 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/27/2013 08:57:16 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 24 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/27/2013 08:52:13 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 34 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/27/2013 08:50:16 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 30 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/26/2013 00:43:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 32 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/26/2013 00:35:51 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 57 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/26/2013 00:34:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 183 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (09/26/2013 10:51:56 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 53 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-02-12 22:52:38.796
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-02 13:23:46.894
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 8107.86 MB
Available physical RAM: 6910.59 MB
Total Pagefile: 16213.9 MB
Available Pagefile: 15035.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.64 GB) (Free:318.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 858C196E)
Partition 1: (Not Active) - (Size=19 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=447 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-01 22:46:06
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GT00 465.76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\AUGUST~1\AppData\Local\Temp\kwldapob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            0000000075fd1465 2 bytes [FD, 75]
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          0000000075fd14bb 2 bytes [FD, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          0000000075fd1465 2 bytes [FD, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          0000000075fd14bb 2 bytes [FD, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Windows\SysWOW64\jmdp\stij.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                        0000000075fd1465 2 bytes [FD, 75]
.text  C:\Windows\SysWOW64\jmdp\stij.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                      0000000075fd14bb 2 bytes [FD, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000075fd1465 2 bytes [FD, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000075fd14bb 2 bytes [FD, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                      0000000075fd1465 2 bytes [FD, 75]
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    0000000075fd14bb 2 bytes [FD, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000075fd1465 2 bytes [FD, 75]
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                            0000000075fd14bb 2 bytes [FD, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        0000000075fd1465 2 bytes [FD, 75]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        0000000075fd14bb 2 bytes [FD, 75]
.text  ...                                                                                                                                                    * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\SysWOW64\ntdll.dll [3872:3748]                                                                                                              0000000000051c94

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\88532e187607                                                                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\88532e810550                                                                           
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\88532e187607 (not active ControlSet)                                                       
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\88532e810550 (not active ControlSet)                                                       

---- EOF - GMER 2.1 ----
Danke Euch schon im Voraus für Eure Bemühungen und Eure Hilfe.
amazoenli

schrauber 02.01.2014 08:28
hi,
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

amazoenli 02.01.2014 13:00
Hallo schrauber

Vielen Dank für Deine Antwort.
Hab alles gemäss Deiner Anleitung ausgeführt, anbei das log-file. Ich kann jetzt bei Norton den Browserschutz nicht mehr aktivieren, springt immer von selbst auf ausgeschaltet, ist das normal?

Code:
ComboFix 14-01-01.01 - Augustus Mobile 02.01.2014  11:35:19.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.41.1031.18.8108.5059 [GMT 1:00]
ausgeführt von:: c:\users\Augustus Mobile\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-12-02 bis 2014-01-02  ))))))))))))))))))))))))))))))
.
.
2014-01-02 10:44 . 2014-01-02 10:44        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-01-02 10:12 . 2011-04-26 03:14        125440        ----a-w-        c:\program files (x86)\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com\components\TrueSuite.WLOXPCOM.dll
2014-01-01 21:15 . 2014-01-01 21:15        --------        d-----w-        C:\FRST
2013-12-31 16:41 . 2013-12-31 16:41        --------        d-----w-        c:\programdata\Oracle
2013-12-31 16:41 . 2013-12-31 16:41        --------        d-----w-        c:\program files (x86)\Common Files\Java
2013-12-31 16:40 . 2013-12-31 16:40        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-31 16:40 . 2013-12-31 16:40        --------        d-----w-        c:\program files (x86)\Java
2013-12-18 22:49 . 2013-12-18 22:49        16386        ----a-w-        c:\windows\SysWow64\sibcs207.dll
2013-12-18 22:48 . 2013-12-18 22:48        --------        d-----w-        c:\users\Augustus Mobile\AppData\Roaming\Sigel
2013-12-18 22:48 . 2003-06-25 10:17        374272        ----a-w-        c:\windows\SysWow64\Dav3_32.dll
2013-12-18 22:48 . 2003-06-24 12:35        143360        ----a-w-        c:\windows\SysWow64\leon3_32.dll
2013-12-18 22:22 . 2013-12-18 22:48        --------        d-----w-        c:\program files (x86)\Sigel
2013-12-12 02:22 . 2013-12-12 02:22        0        ----a-w-        c:\windows\SysWow64\sho9CE9.tmp
2013-12-12 02:05 . 2013-05-10 04:30        167424        ----a-w-        c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 02:05 . 2013-05-10 03:48        164864        ----a-w-        c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 02:05 . 2013-05-10 05:56        12625920        ----a-w-        c:\windows\system32\wmploc.DLL
2013-12-12 02:05 . 2013-05-10 04:56        12625408        ----a-w-        c:\windows\SysWow64\wmploc.DLL
2013-12-12 02:05 . 2013-05-10 05:56        14631424        ----a-w-        c:\windows\system32\wmp.dll
2013-12-11 17:18 . 2013-10-30 02:32        335360        ----a-w-        c:\windows\system32\msieftp.dll
2013-12-11 17:18 . 2013-10-30 02:19        301568        ----a-w-        c:\windows\SysWow64\msieftp.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-29 10:12 . 2013-01-11 11:45        1833776        ----a-w-        c:\windows\system32\dmwu.exe
2013-12-29 10:08 . 2013-01-11 11:45        33792        ----a-w-        c:\windows\system32\ImHttpComm.dll
2013-12-10 22:14 . 2013-01-11 19:57        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-10 22:14 . 2011-09-11 04:27        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-27 02:03 . 2013-11-27 02:03        940032        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-27 02:03 . 2013-11-27 02:03        194048        ----a-w-        c:\windows\SysWow64\elshyph.dll
2013-11-27 02:02 . 2013-11-27 02:02        71680        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-27 02:02 . 2013-11-27 02:02        645120        ----a-w-        c:\windows\SysWow64\jsIntl.dll
2013-11-27 02:02 . 2013-11-27 02:02        62464        ----a-w-        c:\windows\SysWow64\tdc.ocx
2013-11-27 02:02 . 2013-11-27 02:02        61952        ----a-w-        c:\windows\SysWow64\iesetup.dll
2013-11-27 02:02 . 2013-11-27 02:02        34816        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-27 02:02 . 2013-11-27 02:02        337408        ----a-w-        c:\windows\SysWow64\html.iec
2013-11-27 02:02 . 2013-11-27 02:02        24576        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2013-11-27 02:02 . 2013-11-27 02:02        235008        ----a-w-        c:\windows\system32\elshyph.dll
2013-11-27 02:02 . 2013-11-27 02:02        182272        ----a-w-        c:\windows\SysWow64\msls31.dll
2013-11-27 02:02 . 2013-11-27 02:02        942592        ----a-w-        c:\windows\system32\jsIntl.dll
2013-11-27 02:02 . 2013-11-27 02:02        90112        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-11-27 02:02 . 2013-11-27 02:02        86016        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2013-11-27 02:02 . 2013-11-27 02:02        86016        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2013-11-27 02:02 . 2013-11-27 02:02        84992        ----a-w-        c:\windows\system32\mshtmled.dll
2013-11-27 02:02 . 2013-11-27 02:02        83968        ----a-w-        c:\windows\system32\MshtmlDac.dll
2013-11-27 02:02 . 2013-11-27 02:02        81408        ----a-w-        c:\windows\system32\icardie.dll
2013-11-27 02:02 . 2013-11-27 02:02        774144        ----a-w-        c:\windows\system32\jscript.dll
2013-11-27 02:02 . 2013-11-27 02:02        77312        ----a-w-        c:\windows\system32\tdc.ocx
2013-11-27 02:02 . 2013-11-27 02:02        74240        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-27 02:02 . 2013-11-27 02:02        626176        ----a-w-        c:\windows\system32\msfeeds.dll
2013-11-27 02:02 . 2013-11-27 02:02        62464        ----a-w-        c:\windows\system32\pngfilt.dll
2013-11-27 02:02 . 2013-11-27 02:02        61952        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll
2013-11-27 02:02 . 2013-11-27 02:02        616104        ----a-w-        c:\windows\system32\ieapfltr.dat
2013-11-27 02:02 . 2013-11-27 02:02        548352        ----a-w-        c:\windows\system32\vbscript.dll
2013-11-27 02:02 . 2013-11-27 02:02        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll
2013-11-27 02:02 . 2013-11-27 02:02        51200        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2013-11-27 02:02 . 2013-11-27 02:02        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2013-11-27 02:02 . 2013-11-27 02:02        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-11-27 02:02 . 2013-11-27 02:02        48128        ----a-w-        c:\windows\system32\imgutil.dll
2013-11-27 02:02 . 2013-11-27 02:02        454656        ----a-w-        c:\windows\SysWow64\vbscript.dll
2013-11-27 02:02 . 2013-11-27 02:02        453120        ----a-w-        c:\windows\system32\dxtmsft.dll
2013-11-27 02:02 . 2013-11-27 02:02        413696        ----a-w-        c:\windows\system32\html.iec
2013-11-27 02:02 . 2013-11-27 02:02        40448        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-27 02:02 . 2013-11-27 02:02        36352        ----a-w-        c:\windows\SysWow64\imgutil.dll
2013-11-27 02:02 . 2013-11-27 02:02        30208        ----a-w-        c:\windows\system32\licmgr10.dll
2013-11-27 02:02 . 2013-11-27 02:02        296960        ----a-w-        c:\windows\system32\dxtrans.dll
2013-11-27 02:02 . 2013-11-27 02:02        263376        ----a-w-        c:\windows\system32\iedkcs32.dll
2013-11-27 02:02 . 2013-11-27 02:02        247808        ----a-w-        c:\windows\system32\msls31.dll
2013-11-27 02:02 . 2013-11-27 02:02        243200        ----a-w-        c:\windows\system32\webcheck.dll
2013-11-27 02:02 . 2013-11-27 02:02        235520        ----a-w-        c:\windows\system32\url.dll
2013-11-27 02:02 . 2013-11-27 02:02        195584        ----a-w-        c:\windows\system32\msrating.dll
2013-11-27 02:02 . 2013-11-27 02:02        167424        ----a-w-        c:\windows\system32\iexpress.exe
2013-11-27 02:02 . 2013-11-27 02:02        151552        ----a-w-        c:\windows\SysWow64\iexpress.exe
2013-11-27 02:02 . 2013-11-27 02:02        147968        ----a-w-        c:\windows\system32\occache.dll
2013-11-27 02:02 . 2013-11-27 02:02        143872        ----a-w-        c:\windows\system32\wextract.exe
2013-11-27 02:02 . 2013-11-27 02:02        139264        ----a-w-        c:\windows\SysWow64\wextract.exe
2013-11-27 02:02 . 2013-11-27 02:02        13824        ----a-w-        c:\windows\system32\mshta.exe
2013-11-27 02:02 . 2013-11-27 02:02        135680        ----a-w-        c:\windows\system32\iepeers.dll
2013-11-27 02:02 . 2013-11-27 02:02        13312        ----a-w-        c:\windows\SysWow64\mshta.exe
2013-11-27 02:02 . 2013-11-27 02:02        13312        ----a-w-        c:\windows\system32\msfeedssync.exe
2013-11-27 02:02 . 2013-11-27 02:02        131072        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-11-27 02:02 . 2013-11-27 02:02        1228800        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-11-27 02:02 . 2013-11-27 02:02        112128        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2013-11-27 02:02 . 2013-11-27 02:02        111616        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2013-11-27 02:02 . 2013-11-27 02:02        105984        ----a-w-        c:\windows\system32\iesysprep.dll
2013-11-27 02:02 . 2013-11-27 02:02        1051136        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2013-11-27 02:02 . 2013-11-27 02:02        101376        ----a-w-        c:\windows\system32\inseng.dll
2013-11-13 18:05 . 2013-11-13 18:05        53248        ----a-r-        c:\users\Augustus Mobile\AppData\Roaming\Microsoft\Installer\{F5D84887-8A6F-4993-8560-B3AA44CB620D}\ARPPRODUCTICON.exe
2013-11-07 20:18 . 2013-11-07 20:18        177752        ----a-w-        c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-10-14 17:00 . 2013-11-27 02:08        28368        ----a-w-        c:\windows\system32\IEUDINIT.EXE
2013-10-12 02:30 . 2013-11-13 17:04        830464        ----a-w-        c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 17:04        859648        ----a-w-        c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 17:04        324096        ----a-w-        c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 17:04        656896        ----a-w-        c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 17:04        216576        ----a-w-        c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-13 17:05        1474048        ----a-w-        c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-13 17:05        1168384        ----a-w-        c:\windows\SysWow64\crypt32.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
2013-01-29 13:30        170840        ----a-w-        c:\program files\IB Updater\Extension32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-01 336384]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-05-31 2801288]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ModemListener"="c:\program files (x86)\HSPA USB MODEM\ModemListener.exe" [2012-12-10 110248]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Augustus Mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DeviceManager;DeviceManager;c:\program files (x86)\Common Files\DeviceHelper\DeviceManager.exe;c:\program files (x86)\Common Files\DeviceHelper\DeviceManager.exe [x]
R2 Internet Manager. RunOuc;Internet Manager. OUC;c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe;c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [x]
R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys;c:\windows\SYSNATIVE\DRIVERS\jrdusbser.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140101.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140101.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMNETS.SYS [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 FPLService;TrueSuiteService;c:\program files\TrueSuite\TrueSuite.Service.exe;c:\program files\TrueSuite\TrueSuite.Service.exe [x]
S2 GobiQDLService;Qualcomm Gobi Anywhere Download Service;c:\program files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe;c:\program files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IB Updater;IB Updater;c:\program files\IB Updater\ExtensionUpdaterService.exe;c:\program files\IB Updater\ExtensionUpdaterService.exe [x]
S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe;c:\windows\SYSNATIVE\dmwu.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys;c:\windows\SYSNATIVE\DRIVERS\ATSwpWDF.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 gobi3kfilter;Qualcomm Gobi 3000 USB Composite Device Filter Driver;c:\windows\system32\DRIVERS\gobi3kfilter.sys;c:\windows\SYSNATIVE\DRIVERS\gobi3kfilter.sys [x]
S3 gobi3kmbb;Qualcomm Gobi 3000 USB-NDIS 6.20 miniport;c:\windows\system32\DRIVERS\gobi3kmbb.sys;c:\windows\SYSNATIVE\DRIVERS\gobi3kmbb.sys [x]
S3 gobi3kserial;Qualcomm Gobi 3000 USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\gobi3kserial.sys;c:\windows\SYSNATIVE\DRIVERS\gobi3kserial.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe;c:\program files\Sony\VAIO Update Common\VUAgent.exe [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 09:42        1210320        ----a-w-        c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-11 22:14]
.
2014-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-29 16:07]
.
2014-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-29 16:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-16 11490408]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-16 2179688]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-07-12 10372368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-19 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-19 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-19 416024]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
"ClientAppLogon"="c:\program files\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2011-04-26 421192]
"ClientAppLogon32"="c:\program files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe" [2011-04-26 308040]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:Tabs
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{FE262FD0-69EB-46BC-B26C-F696DEA52046}: NameServer = 212.98.37.131 194.230.55.97
FF - ProfilePath - c:\users\Augustus Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\oryg7q42.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/?a=6OyZWYgSPg&loc=skw|https://mail.google.com/mail/?shva=1#all
FF - ExtSQL: 2013-11-07 13:34; websitelogon_toolbar@truesuite.com; c:\program files (x86)\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com
FF - ExtSQL: 2013-11-07 15:20; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF - ExtSQL: 2013-11-07 15:20; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyZWYgSPg
FF - user.js: extensions.incredibar_i.upn2n - 92262778294116226
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 6666660837
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyZWYgSPg&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - d4f9b0d200000000000088532e81054d
FF - user.js: extensions.incredibar_i.instlDay - 15716
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1412:45
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: browser.sessionstore.resume_session_once - true
FF - user.js: browser.sessionstore.resume_session_once - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file)
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
"ImagePath"="\SystemRoot\system32\drivers\NISx64\1501000.012\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18;c:\program files (x86)\Norton Internet Security\Engine64\21.1.0.18"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-01-02  11:47:17
ComboFix-quarantined-files.txt  2014-01-02 10:47
.
Vor Suchlauf: 14 Verzeichnis(se), 341'601'890'304 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 359'402'029'056 Bytes frei
.
- - End Of File - - 2A43CF3DA7D39C500A796A655DFF28C0
Besten Dank für Deine Bemühungen.
Liebe Grüsse
a.

Das Norton Problem hat sich nach 2-maligem Neustart gelöst.

schrauber 03.01.2014 09:58
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

amazoenli 03.01.2014 12:53
Hallo schrauber

Danke Dir.

Hier die Files:

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.02.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Augustus Mobile :: AUGUSTUSMOBILE [Administrator]

02.01.2014 21:26:58
mbam-log-2014-01-02 (21-26-58).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 221280
Laufzeit: 11 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Program Files\IB Updater\ExtensionUpdaterService.exe (PUP.Optional.SweetPacks.A) -> 2212 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 7
HKLM\SYSTEM\CurrentControlSet\Services\IB Updater (PUP.Optional.SweetPacks.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\WNLT (PUP.Optional.InstallBrain.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT (PUP.Optional.InstallBrain.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 6
HKCU\SOFTWARE\WNLT|URL (PUP.Optional.InstallBrain.A) -> Daten: MYSTART -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: 92262778294116226 -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Mozilla\Firefox\extensions|{336D0C35-8A85-403a-B9D2-65C292C39087} (PUP.Optional.Incredibar) -> Daten: C:\Program Files\IB Updater\Firefox -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Mozilla\Firefox\extensions|{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} (PUP.Optional.Incredibar) -> Daten: C:\Program Files\IB Updater\Firefox -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\IB Updater|ImagePath (PUP.Optional.IBUpdater) -> Daten: C:\Program Files\IB Updater\ExtensionUpdaterService.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: 92262778294116226 -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 11
C:\Windows\System32\WNLT\Installation (PUP.Optional.InstallBrain.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\WNLT\Installation\Uninstall (PUP.Optional.InstallBrain.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\SysWOW64\WNLT\Installation (PUP.Optional.InstallBrain.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\SysWOW64\WNLT\Installation\Uninstall (PUP.Optional.InstallBrain.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\IB Updater\Firefox (PUP.Optional.IBUpdater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\IB Updater\Firefox\chrome (PUP.Optional.IBUpdater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\IB Updater\Firefox\chrome\content (PUP.Optional.IBUpdater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\IB Updater\Firefox\chrome\content\libraries (PUP.Optional.IBUpdater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\IB Updater\Firefox\chrome\content\resources (PUP.Optional.IBUpdater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\IB Updater\Firefox\defaults (PUP.Optional.IBUpdater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\IB Updater\Firefox\defaults\preferences (PUP.Optional.IBUpdater) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 27
C:\Program Files\IB Updater\ExtensionUpdaterService.exe (PUP.Optional.SweetPacks.A) -> Löschen bei Neustart.
C:\Users\Augustus Mobile\Downloads\ZoomPlayer.exe (PUP.Optional.Installex) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\WNLT\Installation\Config.bin (PUP.Optional.InstallBrain.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\WNLT\Installation\HSChromeRegSetup.exe (PUP.Optional.InstallBrain.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\WNLT\Installation\NTSetup.exe (PUP.Optional.InstallBrain.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\WNLT\Installation\SKSetup.exe (PUP.Optional.InstallBrain.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\WNLT\Installation\uninstaller.exe (PUP.Optional.InstallBrain.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\WNLT\Installation\WSSetup.exe (PUP.Optional.InstallBrain.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\WNLT\Installation\Uninstall\msvcp100.dll (PUP.Optional.InstallBrain.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\WNLT\Installation\Uninstall\msvcr100.dll (PUP.Optional.InstallBrain.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\WNLT\Installation\Uninstall\uninstaller.exe (PUP.Optional.InstallBrain.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\WNLT\Installation\Uninstall\UninstallerLauncher.exe (PUP.Optional.InstallBrain.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\SysWOW64\WNLT\Installation\Config.bin (PUP.Optional.InstallBrain.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\SysWOW64\WNLT\Installation\HSChromeRegSetup.exe (PUP.Optional.InstallBrain.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\SysWOW64\WNLT\Installation\NTSetup.exe (PUP.Optional.InstallBrain.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\SysWOW64\WNLT\Installation\SKSetup.exe (PUP.Optional.InstallBrain.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\SysWOW64\WNLT\Installation\uninstaller.exe (PUP.Optional.InstallBrain.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\SysWOW64\WNLT\Installation\WSSetup.exe (PUP.Optional.InstallBrain.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\SysWOW64\WNLT\Installation\Uninstall\msvcp100.dll (PUP.Optional.InstallBrain.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\SysWOW64\WNLT\Installation\Uninstall\msvcr100.dll (PUP.Optional.InstallBrain.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\SysWOW64\WNLT\Installation\Uninstall\uninstaller.exe (PUP.Optional.InstallBrain.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\SysWOW64\WNLT\Installation\Uninstall\UninstallerLauncher.exe (PUP.Optional.InstallBrain.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\IB Updater\Firefox\chrome.manifest (PUP.Optional.IBUpdater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\IB Updater\Firefox\chrome\content\main.js (PUP.Optional.IBUpdater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\IB Updater\Firefox\chrome\content\libraries\DataExchangeScript.js (PUP.Optional.IBUpdater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\IB Updater\Firefox\chrome\content\resources\localscript.js (PUP.Optional.IBUpdater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\IB Updater\Firefox\defaults\preferences\defaults.js (PUP.Optional.IBUpdater) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.02.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Augustus Mobile :: AUGUSTUSMOBILE [Administrator]

02.01.2014 21:26:58
MBAM-log-2014-01-02 (21-40-40).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 221280
Laufzeit: 11 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Program Files\IB Updater\ExtensionUpdaterService.exe (PUP.Optional.SweetPacks.A) -> 2212 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 7
HKLM\SYSTEM\CurrentControlSet\Services\IB Updater (PUP.Optional.SweetPacks.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\WNLT (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt.
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Keine Aktion durchgeführt.
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (Adware.InstallBrain) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 6
HKCU\SOFTWARE\WNLT|URL (PUP.Optional.InstallBrain.A) -> Daten: MYSTART -> Keine Aktion durchgeführt.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: 92262778294116226 -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Mozilla\Firefox\extensions|{336D0C35-8A85-403a-B9D2-65C292C39087} (PUP.Optional.Incredibar) -> Daten: C:\Program Files\IB Updater\Firefox -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Mozilla\Firefox\extensions|{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} (PUP.Optional.Incredibar) -> Daten: C:\Program Files\IB Updater\Firefox -> Keine Aktion durchgeführt.
HKLM\SYSTEM\CurrentControlSet\Services\IB Updater|ImagePath (PUP.Optional.IBUpdater) -> Daten: C:\Program Files\IB Updater\ExtensionUpdaterService.exe -> Keine Aktion durchgeführt.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: 92262778294116226 -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 11
C:\Windows\System32\WNLT\Installation (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt.
C:\Windows\System32\WNLT\Installation\Uninstall (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt.
C:\Windows\SysWOW64\WNLT\Installation (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt.
C:\Windows\SysWOW64\WNLT\Installation\Uninstall (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt.
C:\Program Files\IB Updater\Firefox (PUP.Optional.IBUpdater) -> Keine Aktion durchgeführt.
C:\Program Files\IB Updater\Firefox\chrome (PUP.Optional.IBUpdater) -> Keine Aktion durchgeführt.
C:\Program Files\IB Updater\Firefox\chrome\content (PUP.Optional.IBUpdater) -> Keine Aktion durchgeführt.
C:\Program Files\IB Updater\Firefox\chrome\content\libraries (PUP.Optional.IBUpdater) -> Keine Aktion durchgeführt.
C:\Program Files\IB Updater\Firefox\chrome\content\resources (PUP.Optional.IBUpdater) -> Keine Aktion durchgeführt.
C:\Program Files\IB Updater\Firefox\defaults (PUP.Optional.IBUpdater) -> Keine Aktion durchgeführt.
C:\Program Files\IB Updater\Firefox\defaults\preferences (PUP.Optional.IBUpdater) -> Keine Aktion durchgeführt.

Infizierte Dateien: 27
C:\Program Files\IB Updater\ExtensionUpdaterService.exe (PUP.Optional.SweetPacks.A) -> Keine Aktion durchgeführt.
C:\Users\Augustus Mobile\Downloads\ZoomPlayer.exe (PUP.Optional.Installex) -> Keine Aktion durchgeführt.
C:\Windows\System32\WNLT\Installation\Config.bin (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt.
C:\Windows\System32\WNLT\Installation\HSChromeRegSetup.exe (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt.
C:\Windows\System32\WNLT\Installation\NTSetup.exe (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt.
C:\Windows\System32\WNLT\Installation\SKSetup.exe (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt.
C:\Windows\System32\WNLT\Installation\uninstaller.exe (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt.
C:\Windows\System32\WNLT\Installation\WSSetup.exe (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt.
C:\Windows\System32\WNLT\Installation\Uninstall\msvcp100.dll (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt.
C:\Windows\System32\WNLT\Installation\Uninstall\msvcr100.dll (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt.
C:\Windows\System32\WNLT\Installation\Uninstall\uninstaller.exe (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt.
C:\Windows\System32\WNLT\Installation\Uninstall\UninstallerLauncher.exe (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt.
C:\Windows\SysWOW64\WNLT\Installation\Config.bin (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt.
C:\Windows\SysWOW64\WNLT\Installation\HSChromeRegSetup.exe (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt.
C:\Windows\SysWOW64\WNLT\Installation\NTSetup.exe (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt.
C:\Windows\SysWOW64\WNLT\Installation\SKSetup.exe (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt.
C:\Windows\SysWOW64\WNLT\Installation\uninstaller.exe (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt.
C:\Windows\SysWOW64\WNLT\Installation\WSSetup.exe (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt.
C:\Windows\SysWOW64\WNLT\Installation\Uninstall\msvcp100.dll (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt.
C:\Windows\SysWOW64\WNLT\Installation\Uninstall\msvcr100.dll (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt.
C:\Windows\SysWOW64\WNLT\Installation\Uninstall\uninstaller.exe (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt.
C:\Windows\SysWOW64\WNLT\Installation\Uninstall\UninstallerLauncher.exe (PUP.Optional.InstallBrain.A) -> Keine Aktion durchgeführt.
C:\Program Files\IB Updater\Firefox\chrome.manifest (PUP.Optional.IBUpdater) -> Keine Aktion durchgeführt.
C:\Program Files\IB Updater\Firefox\chrome\content\main.js (PUP.Optional.IBUpdater) -> Keine Aktion durchgeführt.
C:\Program Files\IB Updater\Firefox\chrome\content\libraries\DataExchangeScript.js (PUP.Optional.IBUpdater) -> Keine Aktion durchgeführt.
C:\Program Files\IB Updater\Firefox\chrome\content\resources\localscript.js (PUP.Optional.IBUpdater) -> Keine Aktion durchgeführt.
C:\Program Files\IB Updater\Firefox\defaults\preferences\defaults.js (PUP.Optional.IBUpdater) -> Keine Aktion durchgeführt.

(Ende)

Code:
# AdwCleaner v3.016 - Bericht erstellt am 02/01/2014 um 23:06:40
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Augustus Mobile - AUGUSTUSMOBILE
# Gestartet von : C:\Users\Augustus Mobile\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Windows\SysWOW64\ARFC
Ordner Gelöscht : C:\Windows\SysWOW64\jmdp
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT
Ordner Gelöscht : C:\Program Files\IB Updater
Ordner Gelöscht : C:\Windows\System32\ARFC
Ordner Gelöscht : C:\Windows\System32\ljkb
Ordner Gelöscht : C:\Users\Augustus Mobile\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Augustus Mobile\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Augustus Mobile\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Ordner Gelöscht : C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Ordner Gelöscht : C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
[!] Ordner Gelöscht : C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Datei Gelöscht : C:\Windows\System32\dmwu.exe
Datei Gelöscht : C:\Windows\System32\ImhxxpComm.dll
Datei Gelöscht : C:\Users\Augustus Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\oryg7q42.default\searchplugins\MyStart Search.xml
Datei Gelöscht : C:\Users\Augustus Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\oryg7q42.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\Software\IB Updater
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DeviceVM
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\IB Updater
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\wnlt
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v12.0 (de)

[ Datei : C:\Users\Augustus Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\oryg7q42.default\prefs.js ]

Zeile gelöscht : user_pref("CT2851647.1000234.TWC_TMP_city", "ZURICH");
Zeile gelöscht : user_pref("CT2851647.1000234.TWC_TMP_country", "CH");
Zeile gelöscht : user_pref("CT2851647.1000234.TWC_locId", "USKS0698");
Zeile gelöscht : user_pref("CT2851647.1000234.TWC_location", "Zurich, KS");
Zeile gelöscht : user_pref("CT2851647.1000234.TWC_region", "OT");
Zeile gelöscht : user_pref("CT2851647.1000234.TWC_temp_dis", "c");
Zeile gelöscht : user_pref("CT2851647.1000234.TWC_wind_dis", "kmh");
Zeile gelöscht : user_pref("CT2851647.1000234.weatherData", "{\"icon\":\"34.png\",\"temperature\":\"21°C\",\"temperatureClear\":\"21°C\",\"highTemperature\":\"34°C\",\"lowTemperature\":\"19°C\",\"feelsLike\":\"21°C\",[...]
Zeile gelöscht : user_pref("CT2851647.CBOpenMAMSettings.enc", "MA==");
Zeile gelöscht : user_pref("CT2851647.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2851647.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2851647.FirstTime", "true");
Zeile gelöscht : user_pref("CT2851647.FirstTimeFF3", "true");
Zeile gelöscht : user_pref("CT2851647.LoginRevertSettingsEnabled", true);
Zeile gelöscht : user_pref("CT2851647.PG_ENABLE", "dHJ1ZQ==");
Zeile gelöscht : user_pref("CT2851647.PG_ENABLE.enc", "dHJ1ZQ==");
Zeile gelöscht : user_pref("CT2851647.RevertSettingsEnabled", true);
Zeile gelöscht : user_pref("CT2851647.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Zeile gelöscht : user_pref("CT2851647.SF_STATUS.enc", "RU5BQkxFRA==");
Zeile gelöscht : user_pref("CT2851647.SF_USER_ID.enc", "Y2lkXzE2NzIwMTM5MjI1NjM0NzI5ODM=");
Zeile gelöscht : user_pref("CT2851647.UserID", "UN14028221493351567");
Zeile gelöscht : user_pref("CT2851647.addressBarTakeOverEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT2851647.autoDisableScopes", 0);
Zeile gelöscht : user_pref("CT2851647.cb_experience_000.enc", "MTU2");
Zeile gelöscht : user_pref("CT2851647.cb_firstuse0100.enc", "MQ==");
Zeile gelöscht : user_pref("CT2851647.cb_user_id_000.enc", "Q0I5MDY1OTY0MDQ3NTJfMTM2MTI5MzAwMjUxMV9GaXJlZm94");
Zeile gelöscht : user_pref("CT2851647.cbcountry_001.enc", "Q0g=");
Zeile gelöscht : user_pref("CT2851647.cbfirsttime.enc", "U2F0IEphbiAxMiAyMDEzIDE2OjI1OjI5IEdNVCswMTAw");
Zeile gelöscht : user_pref("CT2851647.countryCode", "CH");
Zeile gelöscht : user_pref("CT2851647.defaultSearch", "false");
Zeile gelöscht : user_pref("CT2851647.embeddedsData", "[{\"appId\":\"129351532245275780\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Zeile gelöscht : user_pref("CT2851647.enableAlerts", "always");
Zeile gelöscht : user_pref("CT2851647.enableFix404ByUser", "FALSE");
Zeile gelöscht : user_pref("CT2851647.enableSearchFromAddressBar", "false");
Zeile gelöscht : user_pref("CT2851647.firstTimeDialogOpened", "true");
Zeile gelöscht : user_pref("CT2851647.fixPageNotFoundError", "true");
Zeile gelöscht : user_pref("CT2851647.fixPageNotFoundErrorByUser", "true");
Zeile gelöscht : user_pref("CT2851647.fixPageNotFoundErrorInHidden", "true");
Zeile gelöscht : user_pref("CT2851647.fixUrls", true);
Zeile gelöscht : user_pref("CT2851647.installType", "xpe");
Zeile gelöscht : user_pref("CT2851647.isCheckedStartAsHidden", true);
Zeile gelöscht : user_pref("CT2851647.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2851647.isFirstTimeToolbarLoading", "false");
Zeile gelöscht : user_pref("CT2851647.isNewTabEnabled", false);
Zeile gelöscht : user_pref("CT2851647.isPerformedSmartBarTransition", "true");
Zeile gelöscht : user_pref("CT2851647.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gelöscht : user_pref("CT2851647.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2851647.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2851647&octid=CT2851647&SearchSource=15&CUI=UN14028221493351567&SSPV=&Lay=1&UM=\"}");
Zeile gelöscht : user_pref("CT2851647.lastVersion", "10.16.9.506");
Zeile gelöscht : user_pref("CT2851647.mam_gk_appStateReportTime.enc", "MTM3ODQ2MjI3MTYwNw==");
Zeile gelöscht : user_pref("CT2851647.mam_gk_appState_CouponBuddy.enc", "b24=");
Zeile gelöscht : user_pref("CT2851647.mam_gk_appState_PriceGong.enc", "b24=");
Zeile gelöscht : user_pref("CT2851647.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFVybCI6bnVsbCwib3B0aW9uc0Rp[...]
Zeile gelöscht : user_pref("CT2851647.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Zeile gelöscht : user_pref("CT2851647.mam_gk_calledSetupService.enc", "MQ==");
Zeile gelöscht : user_pref("CT2851647.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGFyZ2V0ZWQiLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiI0ODZlM2RkOC0zZTNmLTQxYzctYmEwMi03ZTkyYTAyNGEyNTkiLCJ[...]
Zeile gelöscht : user_pref("CT2851647.mam_gk_currentVersion.enc", "MS4xMC40LjA=");
Zeile gelöscht : user_pref("CT2851647.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Zeile gelöscht : user_pref("CT2851647.mam_gk_first_time.enc", "MQ==");
Zeile gelöscht : user_pref("CT2851647.mam_gk_lastLoginTime.enc", "MTM3ODQ2MjI4MzI2NA==");
Zeile gelöscht : user_pref("CT2851647.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50LVJpY2h0bGluaWUifSwiZ2FkZ2V0RGVzY3JpcHRpb25QcmltYXJ5Ijp7IlRleHQiOiJWYWx1ZSBBcHBzIGJlcmVpY2hlcnQgSWhy[...]
Zeile gelöscht : user_pref("CT2851647.mam_gk_mamEnabled.enc", "ZmFsc2U=");
Zeile gelöscht : user_pref("CT2851647.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Zeile gelöscht : user_pref("CT2851647.mam_gk_settings1.10.2.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiQ0giLCJpc1dlbGNvbWVFeHBl[...]
Zeile gelöscht : user_pref("CT2851647.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiQ0giLCJpc1dlbGNvbWVFeHBl[...]
Zeile gelöscht : user_pref("CT2851647.mam_gk_settings1.4.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
Zeile gelöscht : user_pref("CT2851647.mam_gk_settings1.4.3.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
Zeile gelöscht : user_pref("CT2851647.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
Zeile gelöscht : user_pref("CT2851647.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1b[...]
Zeile gelöscht : user_pref("CT2851647.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1b[...]
Zeile gelöscht : user_pref("CT2851647.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNTRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiQ0giLCJpc1dlbGNvbWVFeHBlc[...]
Zeile gelöscht : user_pref("CT2851647.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiQ0giLCJpc1dlbGNvbWVFeHBlc[...]
Zeile gelöscht : user_pref("CT2851647.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Zeile gelöscht : user_pref("CT2851647.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Zeile gelöscht : user_pref("CT2851647.mam_gk_userId.enc", "NzE3ZDFjNGQtYjZkNy00MGIxLTg0MzMtOTYzNjJjMzM0M2Zh");
Zeile gelöscht : user_pref("CT2851647.mam_gk_user_approval_interacted.enc", "MQ==");
Zeile gelöscht : user_pref("CT2851647.mam_gk_user_apps_selection.enc", "");
Zeile gelöscht : user_pref("CT2851647.mam_gk_welcomeDialogMode.enc", "MQ==");
Zeile gelöscht : user_pref("CT2851647.migrateAppsAndComponents", true);
Zeile gelöscht : user_pref("CT2851647.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"******\",\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwebdl.symantec.com%2F%3FSASSERVER%3Dlcdls.symantec.com%26LNG%3Ddeu-DEU%26BINARY[...]
Zeile gelöscht : user_pref("CT2851647.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2851647.openThankYouPage", "true");
Zeile gelöscht : user_pref("CT2851647.openUninstallPage", "false");
Zeile gelöscht : user_pref("CT2851647.price-gong.isManagedApp", "true");
Zeile gelöscht : user_pref("CT2851647.revertSettingsEnabled", "false");
Zeile gelöscht : user_pref("CT2851647.scriptSource.enc", "aHR0cDovLzEyNy4wLjAuMToxMDAwMC9ndWkv");
Zeile gelöscht : user_pref("CT2851647.search.searchAppId", "129351532245275780");
Zeile gelöscht : user_pref("CT2851647.search.searchCount", "1");
Zeile gelöscht : user_pref("CT2851647.searchInNewTabEnabled", "false");
Zeile gelöscht : user_pref("CT2851647.searchInNewTabEnabledByUser", "false");
Zeile gelöscht : user_pref("CT2851647.searchInNewTabEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT2851647.searchSuggestEnabledByUser", "false");
Zeile gelöscht : user_pref("CT2851647.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2851647\"}");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentBarDE.OurToolbar.com//xpi\"}");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentBar_DE\"}");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"1\"}");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_Configuration_lastUpdate", "1378462367410");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1377689078160");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_appsMetadata_lastUpdate", "1378462367769");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1377689078161");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_location_lastUpdate", "1373959473874");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_login_10.13.40.15_lastUpdate", "1360016302461");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_login_10.14.42.7_lastUpdate", "1361291026216");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363729121495");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_login_10.15.0.562_lastUpdate", "1368800318108");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_login_10.16.2.509_lastUpdate", "1373959474500");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_login_10.16.4.519_lastUpdate", "1377689077271");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_login_10.16.9.506_lastUpdate", "1378462367470");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1377689078161");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_searchAPI_lastUpdate", "1378462367221");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_serviceMap_lastUpdate", "1378462366748");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_setupAPI_lastUpdate", "1363714724705");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_toolbarContextMenu_lastUpdate", "1377689078160");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_toolbarSettings_lastUpdate", "1378462367887");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_translation_lastUpdate", "1378462367641");
Zeile gelöscht : user_pref("CT2851647.settingsINI", true);
Zeile gelöscht : user_pref("CT2851647.shouldFirstTimeDialog", "false");
Zeile gelöscht : user_pref("CT2851647.showToolbarPermission", "false");
Zeile gelöscht : user_pref("CT2851647.smartbar.CTID", "CT2851647");
Zeile gelöscht : user_pref("CT2851647.smartbar.Uninstall", "0");
Zeile gelöscht : user_pref("CT2851647.smartbar.toolbarName", "uTorrentBar_DE ");
Zeile gelöscht : user_pref("CT2851647.startPage", "false");
Zeile gelöscht : user_pref("CT2851647.toolbarBornServerTime", "12-1-2013");
Zeile gelöscht : user_pref("CT2851647.toolbarCurrentServerTime", "6-9-2013");
Zeile gelöscht : user_pref("CT2851647.toolbarLoginClientTime", "Wed Mar 27 2013 17:21:46 GMT+0100");
Zeile gelöscht : user_pref("CT2851647.url_history0001.enc", "aHR0cDovL2xjZGxzLnN5bWFudGVjLmNvbS83NjcyNjY5MTIvRFEvRDdIMEdTODFSUEI5N1VSMUFML3YrKyt2QUFBUzhETHczRHcvbnN0WDhWUlFCb2owMnQvTklTRG93bmxvYWRlci5leGU/TE5HPWRldS1E[...]
Zeile gelöscht : user_pref("CT2851647_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1378462242562,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/?a=6OyZWYgSPg&loc=skw");
Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "MyStart Search");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://mystart.incredibar.com/?a=6OyZWYgSPg&loc=skw|hxxps://mail.google.com/mail/?shva=1#all");
Zeile gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
Zeile gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
Zeile gelöscht : user_pref("extensions.incredibar_i.did", "10643");
Zeile gelöscht : user_pref("extensions.incredibar_i.excTlbr", false);
Zeile gelöscht : user_pref("extensions.incredibar_i.id", "d4f9b0d200000000000088532e81054d");
Zeile gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
Zeile gelöscht : user_pref("extensions.incredibar_i.instlDay", "15716");
Zeile gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
Zeile gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
Zeile gelöscht : user_pref("extensions.incredibar_i.newTab", false);
Zeile gelöscht : user_pref("extensions.incredibar_i.ppd", "6666660837");
Zeile gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
Zeile gelöscht : user_pref("extensions.incredibar_i.productid", "26");
Zeile gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Zeile gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyZWYgSPg&loc=IB_TB&i=26&search=");
Zeile gelöscht : user_pref("extensions.incredibar_i.upn2", "6OyZWYgSPg");
Zeile gelöscht : user_pref("extensions.incredibar_i.upn2n", "92262778294116226");
Zeile gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Zeile gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1412:45:33");
Zeile gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/?a=6OyZWYgSPg&loc=skw&search=");
Zeile gelöscht : user_pref("smartbar.machineId", "/KXV5KQIBWERL/GANBWSMDAZHTL2T9SDRS4ZCKWDOIFNMAZ4VIGGRX7UOFB6ZPGWVK4RI7H8ZBA0GDIT3L5YDG");
Zeile gelöscht : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic[...]
Zeile gelöscht : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searc[...]

-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [23174 octets] - [02/01/2014 22:57:01]
AdwCleaner[R1].txt - [23235 octets] - [02/01/2014 23:04:37]
AdwCleaner[S0].txt - [22643 octets] - [02/01/2014 23:06:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22704 octets] ##########
jrt:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Professional x64
Ran by Augustus Mobile on 02.01.2014 at 23:21:55.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3188538806-3583078880-1473993125-1000\Software\ib updater
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3188538806-3583078880-1473993125-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{14FCC6E1-CD4E-4D4F-9259-A6FA8CD62FC4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{593AF9D1-ACDC-4068-A6D2-4AFFFDA196F4}



~~~ Files

Successfully deleted: [File] "C:\Users\Augustus Mobile\appdata\locallow\SkwConfig.bin"
Successfully deleted: [File] C:\Windows\syswow64\sho9CE9.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Augustus Mobile\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\Augustus Mobile\appdata\local\{21667ED7-7853-45C1-96F7-515256B557B6}
Successfully deleted: [Empty Folder] C:\Users\Augustus Mobile\appdata\local\{2DBE91F4-7174-4265-8643-5434E9BF6F56}
Successfully deleted: [Empty Folder] C:\Users\Augustus Mobile\appdata\local\{4227F241-3D01-4AFA-9DF3-E5C1FF71DAE6}
Successfully deleted: [Empty Folder] C:\Users\Augustus Mobile\appdata\local\{72B0D948-3CB9-4FDA-BE13-1347435F02AC}
Successfully deleted: [Empty Folder] C:\Users\Augustus Mobile\appdata\local\{749395FC-FC53-4067-BC67-FAE72FFE59A3}
Successfully deleted: [Empty Folder] C:\Users\Augustus Mobile\appdata\local\{87494E65-E707-4BD5-8284-8A1A2CAC7733}
Successfully deleted: [Empty Folder] C:\Users\Augustus Mobile\appdata\local\{94FE8EE1-8953-4D90-926C-557E57513AA8}
Successfully deleted: [Empty Folder] C:\Users\Augustus Mobile\appdata\local\{95970879-F4B2-45BB-B865-A70691288B92}
Successfully deleted: [Empty Folder] C:\Users\Augustus Mobile\appdata\local\{9A652279-18CB-4753-9E22-465E146D282F}
Successfully deleted: [Empty Folder] C:\Users\Augustus Mobile\appdata\local\{A09957AC-9D11-447A-B80E-2ECD2A88E053}
Successfully deleted: [Empty Folder] C:\Users\Augustus Mobile\appdata\local\{ACBD6186-E588-49F3-BE93-0BE4143C1EE1}
Successfully deleted: [Empty Folder] C:\Users\Augustus Mobile\appdata\local\{B083089F-15B4-464A-B42B-6BEEF0891A23}
Successfully deleted: [Empty Folder] C:\Users\Augustus Mobile\appdata\local\{DA2B1848-F773-4D9B-8E02-445C01C37282}
Successfully deleted: [Empty Folder] C:\Users\Augustus Mobile\appdata\local\{E36C974E-E1BB-4D03-B6CD-D1B158B968EC}
Successfully deleted: [Empty Folder] C:\Users\Augustus Mobile\appdata\local\{EEE82869-E460-4957-AA5C-D94D8EF54944}
Successfully deleted: [Empty Folder] C:\Users\Augustus Mobile\appdata\local\{F4FE62F3-33C9-4852-B23C-C1E9EF3A0D65}
Successfully deleted: [Empty Folder] C:\Users\Augustus Mobile\appdata\local\{FEB7A0F8-28CA-4A41-B66D-3F61688E2557}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted the following from C:\Users\Augustus Mobile\AppData\Roaming\mozilla\firefox\profiles\oryg7q42.default\prefs.js

user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://www.oliorivieraligure.it
user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://www.oliorivieraligur
Emptied folder: C:\Users\Augustus Mobile\AppData\Roaming\mozilla\firefox\profiles\oryg7q42.default\minidumps [3 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Augustus Mobile\appdata\local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.01.2014 at 23:47:06.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-01-2014
Ran by Augustus Mobile (administrator) on AUGUSTUSMOBILE on 03-01-2014 00:01:44
Running from C:\Users\Augustus Mobile\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AuthenTec, Inc) C:\Program Files\TrueSuite\TrueSuite.Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
() C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(HUAWEI Technologies Co., Ltd.) C:\Program Files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(AuthenTec, Inc.) C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe
(AuthenTec, Inc.) C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
() C:\Program Files (x86)\HSPA USB MODEM\ModemListener.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AuthenTec Inc.) C:\Program Files\TrueSuite\TrueSuite.TouchControl.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11490408 2011-06-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2179688 2011-06-16] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [226672 2011-06-15] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [497648 2010-09-16] (Adobe Systems Incorporated)
HKLM\...\Run: [ClientAppLogon] - C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe [421192 2011-04-26] (AuthenTec, Inc.)
HKLM\...\Run: [ClientAppLogon32] - C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe [308040 2011-04-26] (AuthenTec, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2801288 2011-05-31] (Sony Corporation)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation)
HKLM-x32\...\Run: [ModemListener] - C:\Program Files (x86)\HSPA USB MODEM\ModemListener.exe [110248 2012-12-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\Augustus Mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {B16D9DD4-EBF5-4713-9702-2B0CD66987DE} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKCU - {BA63F8F2-0DD5-499C-92DB-E26D5BCC060B} URL = hxxp://rover.ebay.com/rover/1/5222-42442-16445-29/4?mpre=hxxp://shop.ebay.ch/?oemInLn=ieSrch-Q311&_nkw={searchTerms}
BHO: TrueSuite WebStore - {5cb2b77d-c8ca-44db-af20-a7a4df462a12} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TrueSuite WebStore - {5cb2b77d-c8ca-44db-af20-a7a4df462a12} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\ipsbho.dll (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll (AuthenTec Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FE262FD0-69EB-46BC-B26C-F696DEA52046}: [NameServer]212.98.37.131 194.230.55.97

FireFox:
========
FF ProfilePath: C:\Users\Augustus Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\oryg7q42.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: TrueSuite Website Log On - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\

Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "hxxp://mystart.incredibar.com/?a=6OyZWYgSPg&loc=skw", "hxxp://mystart.incredibar.com/mb201?a=6OyZWYgSPg&loc=skw", "", "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (TrueSuite) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokdoppleiafjmfmggefbkghfblaplo\1.0_0\npwebsitelogon.dll (AuthenTec, Inc)
CHR Plugin: (Injovo Extension Plugin) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.557_0\npbrowserext.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.13.20.29_0\plugins/np-cwmp.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (Media Go Detector) - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Extension: (Google Docs) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Norton Identity Protection) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.2.3_0
CHR Extension: (Google Wallet) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Website Logon) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokdoppleiafjmfmggefbkghfblaplo\1.0_0
CHR Extension: (Gmail) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [oiokdoppleiafjmfmggefbkghfblaplo] - C:\Program Files\TrueSuite\x86\tschrome.crx

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 DeviceManager; C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe [40960 2012-10-12] ()
R2 FPLService; C:\Program Files\TrueSuite\TrueSuite.Service.exe [294216 2011-04-26] (AuthenTec, Inc)
R2 GobiQDLService; C:\Program Files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe [318464 2011-03-04] (HUAWEI Technologies Co., Ltd.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [671744 2013-02-05] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-11-30] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R3 gobi3kfilter; C:\Windows\System32\DRIVERS\gobi3kfilter.sys [34304 2010-12-13] (QUALCOMM Incorporated)
R3 gobi3kmbb; C:\Windows\System32\DRIVERS\gobi3kmbb.sys [399872 2011-04-21] (QUALCOMM Incorporated)
R3 gobi3kserial; C:\Windows\System32\DRIVERS\gobi3kserial.sys [233984 2010-12-13] (QUALCOMM Incorporated)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [241152 2012-12-03] (Huawei Technologies Co., Ltd.)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140101.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation)
S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [123776 2012-03-31] (TCT International Mobile Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140102.001\ENG64.SYS [126040 2013-11-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140102.001\EX64.SYS [2099288 2013-11-27] (Symantec Corporation)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-07] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [132608 2009-02-17] (Huawei Technologies Co., Ltd.)
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-03 00:01 - 2014-01-03 00:01 - 00000000 ____D C:\Users\Augustus Mobile\Downloads\FRST-OlderVersion
2014-01-02 23:47 - 2014-01-02 23:47 - 00004347 _____ C:\Users\Augustus Mobile\Desktop\JRT.txt
2014-01-02 23:21 - 2014-01-02 23:21 - 01036305 _____ (Thisisu) C:\Users\Augustus Mobile\Downloads\JRT.exe
2014-01-02 23:21 - 2014-01-02 23:21 - 00000000 ____D C:\Windows\ERUNT
2014-01-02 22:56 - 2014-01-02 23:48 - 00000000 ____D C:\AdwCleaner
2014-01-02 22:55 - 2014-01-02 22:56 - 01233962 _____ C:\Users\Augustus Mobile\Desktop\adwcleaner.exe
2014-01-02 22:51 - 2014-01-02 22:51 - 00017241 _____ C:\Users\Augustus Mobile\Downloads\2013 - Augustus für TAO'S (28).xlsx
2014-01-02 21:23 - 2014-01-02 21:23 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-02 21:23 - 2014-01-02 21:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-02 21:23 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-02 21:16 - 2014-01-02 21:16 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Augustus Mobile\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-02 12:30 - 2014-01-02 21:42 - 00000000 ____D C:\Users\Augustus Mobile\Desktop\privat
2014-01-02 11:48 - 2014-01-02 11:48 - 00035862 _____ C:\Users\Augustus Mobile\Desktop\combofix.txt
2014-01-02 11:47 - 2014-01-02 11:47 - 00035862 _____ C:\ComboFix.txt
2014-01-02 11:31 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-02 11:31 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-02 11:31 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-02 11:31 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-02 11:31 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-02 11:31 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-02 11:31 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-02 11:31 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-02 11:28 - 2014-01-02 11:47 - 00000000 ____D C:\Qoobox
2014-01-02 11:27 - 2014-01-02 11:45 - 00000000 ____D C:\Windows\erdnt
2014-01-02 11:26 - 2014-01-02 11:26 - 05160282 _____ (Swearware) C:\Users\Augustus Mobile\Downloads\ComboFix (1).exe
2014-01-02 11:25 - 2014-01-02 11:25 - 05160282 ____R (Swearware) C:\Users\Augustus Mobile\Desktop\ComboFix.exe
2014-01-02 09:24 - 2014-01-02 09:25 - 00527592 _____ C:\Windows\Minidump\010214-38735-01.dmp
2014-01-02 09:24 - 2014-01-02 09:24 - 772273299 _____ C:\Windows\MEMORY.DMP
2014-01-02 09:24 - 2014-01-02 09:24 - 00000000 ____D C:\Windows\Minidump
2014-01-01 22:46 - 2014-01-01 22:46 - 00005109 _____ C:\Users\Augustus Mobile\Downloads\gmer.log
2014-01-01 22:26 - 2014-01-01 22:26 - 00377856 _____ C:\Users\Augustus Mobile\Downloads\gmer_2.1.19163.exe
2014-01-01 22:16 - 2014-01-01 22:17 - 00042844 _____ C:\Users\Augustus Mobile\Downloads\Addition.txt
2014-01-01 22:15 - 2014-01-03 00:01 - 00024884 _____ C:\Users\Augustus Mobile\Downloads\FRST.txt
2014-01-01 22:15 - 2014-01-03 00:01 - 00000000 ____D C:\FRST
2014-01-01 22:13 - 2014-01-01 22:13 - 00020318 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2014_ 1_ 1.csv
2014-01-01 22:02 - 2014-01-03 00:01 - 01931498 _____ (Farbar) C:\Users\Augustus Mobile\Downloads\FRST64.exe
2014-01-01 22:01 - 2014-01-01 22:01 - 00000492 _____ C:\Users\Augustus Mobile\Downloads\defogger_disable.log
2014-01-01 22:01 - 2014-01-01 22:01 - 00000000 _____ C:\Users\Augustus Mobile\defogger_reenable
2014-01-01 22:00 - 2014-01-01 22:00 - 00050477 _____ C:\Users\Augustus Mobile\Downloads\Defogger.exe
2013-12-31 17:41 - 2013-12-31 17:41 - 00000000 ____D C:\ProgramData\Oracle
2013-12-31 17:41 - 2013-12-31 17:40 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-31 17:40 - 2013-12-31 17:40 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-31 17:40 - 2013-12-31 17:40 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-31 17:40 - 2013-12-31 17:40 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-31 17:40 - 2013-12-31 17:40 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-31 17:37 - 2013-12-31 17:37 - 00915368 _____ (Oracle Corporation) C:\Users\Augustus Mobile\Downloads\chromeinstall-7u45.exe
2013-12-29 20:21 - 2013-12-29 20:21 - 00020351 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_29.csv
2013-12-26 13:25 - 2013-12-26 13:25 - 00020351 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_26.csv
2013-12-25 00:20 - 2013-12-25 00:20 - 05183143 _____ (Kigosoft Inc.                                              ) C:\Users\Augustus Mobile\Downloads\PhotoCardMaker.exe
2013-12-22 22:49 - 2013-12-22 22:49 - 01094246 _____ C:\Users\Augustus Mobile\Downloads\libera esportazione augustus 22 dicembre.bmp
2013-12-22 20:18 - 2013-12-22 20:18 - 00020351 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_22.csv
2013-12-22 00:12 - 2014-01-01 22:15 - 00155648 ___SH C:\Users\Augustus Mobile\Desktop\Thumbs.db
2013-12-19 07:23 - 2013-12-19 07:23 - 00020318 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_19.csv
2013-12-18 23:49 - 2013-12-18 23:49 - 00016386 _____ C:\Windows\SysWOW64\sibcs207.dll
2013-12-18 23:49 - 2013-12-18 23:49 - 00003248 _____ C:\Windows\System32\Tasks\{2497518A-D03B-45DB-AFCC-057807A54C5F}
2013-12-18 23:48 - 2013-12-18 23:48 - 00001106 _____ C:\Users\Augustus Mobile\Desktop\BusinessCard Software Demo.lnk
2013-12-18 23:48 - 2013-12-18 23:48 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Roaming\Sigel
2013-12-18 23:48 - 2003-06-25 11:17 - 00374272 _____ (Herd Software Entwicklung/ Ketteler Str. 35/ D-68642 Bürstadt/ hxxp://www.herdsoft.com/ Telefon:+49-6206-707775/ Telefax:+49-6206-707776) C:\Windows\SysWOW64\Dav3_32.dll
2013-12-18 23:48 - 2003-06-24 13:35 - 00143360 _____ (Herd Software Entwicklung/ Ketteler Str.35/ D-68642 Bürstadt/ hxxp://www.herdsoft.com/ eMail:info@herdsoft.com/ Telefon:+49-6206-707775/ Telefax:+49-6206-707776) C:\Windows\SysWOW64\leon3_32.dll
2013-12-18 23:47 - 2013-12-18 23:47 - 09895012 _____ C:\Users\Augustus Mobile\Downloads\Sigel_BusinessCard_Demo.zip
2013-12-18 23:47 - 2013-12-18 23:47 - 00000000 ____D C:\Users\Augustus Mobile\Downloads\Sigel_BusinessCard_Demo
2013-12-18 23:22 - 2013-12-18 23:48 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sigel
2013-12-18 23:22 - 2013-12-18 23:48 - 00000000 ____D C:\Program Files (x86)\Sigel
2013-12-18 23:22 - 2013-12-18 23:22 - 00001151 _____ C:\Users\Augustus Mobile\Desktop\Visitenkarten In 2 Minuten.lnk
2013-12-18 23:21 - 2013-12-18 23:21 - 03714404 _____ C:\Users\Augustus Mobile\Downloads\Sigel_Visitenkarten_In_2_Minuten.zip
2013-12-17 18:42 - 2013-12-17 18:48 - 499830816 _____ C:\Users\Augustus Mobile\Downloads\kptg-monat1.zip
2013-12-15 21:19 - 2013-12-15 21:19 - 00020425 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_15.csv
2013-12-12 03:05 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 03:05 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 03:05 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 03:05 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 03:02 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 03:02 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 03:02 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 03:02 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 03:02 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 03:02 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 03:02 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 03:02 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 03:02 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 03:02 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 03:02 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 03:02 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 03:02 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 03:02 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 03:02 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 03:02 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 03:02 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 03:02 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 03:02 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 03:02 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 03:02 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 03:02 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 03:02 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 03:02 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 03:02 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 03:02 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 03:02 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 03:02 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 03:02 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 03:02 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 03:02 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 18:18 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 18:18 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 18:17 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 18:17 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 18:17 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 18:17 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 18:17 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 18:17 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 18:17 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 18:17 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 18:17 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 18:17 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 18:17 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 18:17 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 18:17 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 18:17 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 18:17 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 18:17 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 18:17 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-10 14:34 - 2013-12-10 14:34 - 00020285 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_10.csv
2013-12-08 12:06 - 2013-12-08 12:06 - 00020425 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_ 8.csv

==================== One Month Modified Files and Folders =======

2014-01-03 00:02 - 2014-01-01 22:15 - 00024884 _____ C:\Users\Augustus Mobile\Downloads\FRST.txt
2014-01-03 00:01 - 2014-01-03 00:01 - 00000000 ____D C:\Users\Augustus Mobile\Downloads\FRST-OlderVersion
2014-01-03 00:01 - 2014-01-01 22:15 - 00000000 ____D C:\FRST
2014-01-03 00:01 - 2014-01-01 22:02 - 01931498 _____ (Farbar) C:\Users\Augustus Mobile\Downloads\FRST64.exe
2014-01-03 00:00 - 2012-01-31 10:27 - 01776640 _____ C:\Windows\WindowsUpdate.log
2014-01-03 00:00 - 2011-09-11 04:50 - 00697534 _____ C:\Windows\system32\perfh007.dat
2014-01-03 00:00 - 2011-09-11 04:50 - 00148540 _____ C:\Windows\system32\perfc007.dat
2014-01-03 00:00 - 2009-07-14 06:13 - 01614892 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-02 23:57 - 2013-01-29 17:07 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-02 23:54 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-02 23:54 - 2009-07-14 05:51 - 00125070 _____ C:\Windows\setupact.log
2014-01-02 23:48 - 2014-01-02 22:56 - 00000000 ____D C:\AdwCleaner
2014-01-02 23:47 - 2014-01-02 23:47 - 00004347 _____ C:\Users\Augustus Mobile\Desktop\JRT.txt
2014-01-02 23:21 - 2014-01-02 23:21 - 01036305 _____ (Thisisu) C:\Users\Augustus Mobile\Downloads\JRT.exe
2014-01-02 23:21 - 2014-01-02 23:21 - 00000000 ____D C:\Windows\ERUNT
2014-01-02 23:18 - 2009-07-14 05:45 - 00020944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-02 23:18 - 2009-07-14 05:45 - 00020944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-02 23:14 - 2013-06-11 10:52 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-02 23:04 - 2013-01-29 17:07 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-02 22:56 - 2014-01-02 22:55 - 01233962 _____ C:\Users\Augustus Mobile\Desktop\adwcleaner.exe
2014-01-02 22:51 - 2014-01-02 22:51 - 00017241 _____ C:\Users\Augustus Mobile\Downloads\2013 - Augustus für TAO'S (28).xlsx
2014-01-02 22:12 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2014-01-02 21:43 - 2010-11-21 04:47 - 00089312 _____ C:\Windows\PFRO.log
2014-01-02 21:42 - 2014-01-02 12:30 - 00000000 ____D C:\Users\Augustus Mobile\Desktop\privat
2014-01-02 21:23 - 2014-01-02 21:23 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-02 21:23 - 2014-01-02 21:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-02 21:16 - 2014-01-02 21:16 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Augustus Mobile\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-02 11:48 - 2014-01-02 11:48 - 00035862 _____ C:\Users\Augustus Mobile\Desktop\combofix.txt
2014-01-02 11:47 - 2014-01-02 11:47 - 00035862 _____ C:\ComboFix.txt
2014-01-02 11:47 - 2014-01-02 11:28 - 00000000 ____D C:\Qoobox
2014-01-02 11:45 - 2014-01-02 11:27 - 00000000 ____D C:\Windows\erdnt
2014-01-02 11:44 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-02 11:26 - 2014-01-02 11:26 - 05160282 _____ (Swearware) C:\Users\Augustus Mobile\Downloads\ComboFix (1).exe
2014-01-02 11:25 - 2014-01-02 11:25 - 05160282 ____R (Swearware) C:\Users\Augustus Mobile\Desktop\ComboFix.exe
2014-01-02 09:25 - 2014-01-02 09:24 - 00527592 _____ C:\Windows\Minidump\010214-38735-01.dmp
2014-01-02 09:24 - 2014-01-02 09:24 - 772273299 _____ C:\Windows\MEMORY.DMP
2014-01-02 09:24 - 2014-01-02 09:24 - 00000000 ____D C:\Windows\Minidump
2014-01-01 22:46 - 2014-01-01 22:46 - 00005109 _____ C:\Users\Augustus Mobile\Downloads\gmer.log
2014-01-01 22:26 - 2014-01-01 22:26 - 00377856 _____ C:\Users\Augustus Mobile\Downloads\gmer_2.1.19163.exe
2014-01-01 22:17 - 2014-01-01 22:16 - 00042844 _____ C:\Users\Augustus Mobile\Downloads\Addition.txt
2014-01-01 22:15 - 2013-12-22 00:12 - 00155648 ___SH C:\Users\Augustus Mobile\Desktop\Thumbs.db
2014-01-01 22:13 - 2014-01-01 22:13 - 00020318 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2014_ 1_ 1.csv
2014-01-01 22:13 - 2013-01-13 09:32 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Roaming\SoftGrid Client
2014-01-01 22:01 - 2014-01-01 22:01 - 00000492 _____ C:\Users\Augustus Mobile\Downloads\defogger_disable.log
2014-01-01 22:01 - 2014-01-01 22:01 - 00000000 _____ C:\Users\Augustus Mobile\defogger_reenable
2014-01-01 22:01 - 2012-01-31 10:27 - 00000000 ____D C:\Users\Augustus Mobile
2014-01-01 22:00 - 2014-01-01 22:00 - 00050477 _____ C:\Users\Augustus Mobile\Downloads\Defogger.exe
2013-12-31 17:41 - 2013-12-31 17:41 - 00000000 ____D C:\ProgramData\Oracle
2013-12-31 17:40 - 2013-12-31 17:41 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-31 17:40 - 2013-12-31 17:40 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-31 17:40 - 2013-12-31 17:40 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-31 17:40 - 2013-12-31 17:40 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-31 17:40 - 2013-12-31 17:40 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-31 17:37 - 2013-12-31 17:37 - 00915368 _____ (Oracle Corporation) C:\Users\Augustus Mobile\Downloads\chromeinstall-7u45.exe
2013-12-31 17:13 - 2013-11-26 00:50 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Roaming\Wuala
2013-12-31 08:02 - 2012-05-16 19:53 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Roaming\vlc
2013-12-31 00:24 - 2012-06-08 23:50 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Roaming\dvdcss
2013-12-29 20:21 - 2013-12-29 20:21 - 00020351 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_29.csv
2013-12-27 21:53 - 2013-05-17 12:30 - 00000000 ____D C:\Users\Augustus Mobile\Desktop\Augustus
2013-12-26 13:25 - 2013-12-26 13:25 - 00020351 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_26.csv
2013-12-25 00:22 - 2013-06-21 10:15 - 00343552 ___SH C:\Users\Augustus Mobile\Downloads\Thumbs.db
2013-12-25 00:20 - 2013-12-25 00:20 - 05183143 _____ (Kigosoft Inc.                                              ) C:\Users\Augustus Mobile\Downloads\PhotoCardMaker.exe
2013-12-22 22:49 - 2013-12-22 22:49 - 01094246 _____ C:\Users\Augustus Mobile\Downloads\libera esportazione augustus 22 dicembre.bmp
2013-12-22 20:18 - 2013-12-22 20:18 - 00020351 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_22.csv
2013-12-21 00:29 - 2013-02-11 15:33 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Local\Microsoft Help
2013-12-19 07:23 - 2013-12-19 07:23 - 00020318 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_19.csv
2013-12-18 23:49 - 2013-12-18 23:49 - 00016386 _____ C:\Windows\SysWOW64\sibcs207.dll
2013-12-18 23:49 - 2013-12-18 23:49 - 00003248 _____ C:\Windows\System32\Tasks\{2497518A-D03B-45DB-AFCC-057807A54C5F}
2013-12-18 23:49 - 2012-01-31 15:49 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Local\CrashDumps
2013-12-18 23:48 - 2013-12-18 23:48 - 00001106 _____ C:\Users\Augustus Mobile\Desktop\BusinessCard Software Demo.lnk
2013-12-18 23:48 - 2013-12-18 23:48 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Roaming\Sigel
2013-12-18 23:48 - 2013-12-18 23:22 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sigel
2013-12-18 23:48 - 2013-12-18 23:22 - 00000000 ____D C:\Program Files (x86)\Sigel
2013-12-18 23:47 - 2013-12-18 23:47 - 09895012 _____ C:\Users\Augustus Mobile\Downloads\Sigel_BusinessCard_Demo.zip
2013-12-18 23:47 - 2013-12-18 23:47 - 00000000 ____D C:\Users\Augustus Mobile\Downloads\Sigel_BusinessCard_Demo
2013-12-18 23:22 - 2013-12-18 23:22 - 00001151 _____ C:\Users\Augustus Mobile\Desktop\Visitenkarten In 2 Minuten.lnk
2013-12-18 23:21 - 2013-12-18 23:21 - 03714404 _____ C:\Users\Augustus Mobile\Downloads\Sigel_Visitenkarten_In_2_Minuten.zip
2013-12-17 18:48 - 2013-12-17 18:42 - 499830816 _____ C:\Users\Augustus Mobile\Downloads\kptg-monat1.zip
2013-12-15 21:19 - 2013-12-15 21:19 - 00020425 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_15.csv
2013-12-12 17:15 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-12 03:24 - 2009-07-14 05:45 - 00444288 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-10 23:14 - 2013-06-11 10:52 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 23:14 - 2013-01-11 20:57 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 23:14 - 2011-09-11 05:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-10 14:34 - 2013-12-10 14:34 - 00020285 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_10.csv
2013-12-08 12:06 - 2013-12-08 12:06 - 00020425 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_ 8.csv
2013-12-06 10:45 - 2013-01-29 17:08 - 00002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-04 01:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF

Some content of TEMP:
====================
C:\Users\Augustus Mobile\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-21 10:11

==================== End Of Log ============================
--- --- ---


Besten Dank. Ist mein Laptop nun sauber?
LG
amazoenli

schrauber 04.01.2014 09:29

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

amazoenli 11.01.2014 01:25
Nochmals Danke, das ESET hat Stunden gedauert, ist das normal???

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a078c5274f358f43b467f1c228897bef
# engine=16601
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-10 11:58:30
# local_time=2014-01-11 12:58:30 (+0100, Mitteleuropäische Zeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 88 196207 151994895 0 0
# compatibility_mode=5893 16776574 100 94 15765212 141028160 0 0
# scanned=213209
# found=1
# cleaned=0
# scan_time=40612
sh=5A97FFA1B66E9B9BB7088D840BCA0C41FC27741E ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.OBX trojan" ac=I fn="C:\Users\Augustus Mobile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\1bce26dc-6290d021"
Code:
Results of screen317's Security Check version 0.99.78 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Norton Internet Security 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Java 7 Update 45 
 Adobe Flash Player 11.9.900.170 
 Mozilla Firefox 12.0 Firefox out of Date! 
 Google Chrome 31.0.1650.57 
 Google Chrome 31.0.1650.63 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe 
 Internet Manager OnlineUpdate ouc.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-01-2014
Ran by Augustus Mobile (administrator) on AUGUSTUSMOBILE on 11-01-2014 01:22:30
Running from C:\Users\Augustus Mobile\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AuthenTec, Inc) C:\Program Files\TrueSuite\TrueSuite.Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
() C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(HUAWEI Technologies Co., Ltd.) C:\Program Files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(AuthenTec, Inc.) C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe
(AuthenTec, Inc.) C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
() C:\Program Files (x86)\HSPA USB MODEM\ModemListener.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AuthenTec Inc.) C:\Program Files\TrueSuite\TrueSuite.TouchControl.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(LaCie) C:\Users\Augustus Mobile\AppData\Roaming\Wuala\Wuala.exe
(AuthenTec, Inc.) C:\Program Files\TrueSuite\TrueSuite.WebLogOnHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Augustus Mobile\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11490408 2011-06-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2179688 2011-06-16] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [226672 2011-06-15] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [497648 2010-09-16] (Adobe Systems Incorporated)
HKLM\...\Run: [ClientAppLogon] - C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe [421192 2011-04-26] (AuthenTec, Inc.)
HKLM\...\Run: [ClientAppLogon32] - C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe [308040 2011-04-26] (AuthenTec, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2801288 2011-05-31] (Sony Corporation)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation)
HKLM-x32\...\Run: [ModemListener] - C:\Program Files (x86)\HSPA USB MODEM\ModemListener.exe [110248 2012-12-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\Augustus Mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {B16D9DD4-EBF5-4713-9702-2B0CD66987DE} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKCU - {BA63F8F2-0DD5-499C-92DB-E26D5BCC060B} URL = hxxp://rover.ebay.com/rover/1/5222-42442-16445-29/4?mpre=hxxp://shop.ebay.ch/?oemInLn=ieSrch-Q311&_nkw={searchTerms}
BHO: TrueSuite WebStore - {5cb2b77d-c8ca-44db-af20-a7a4df462a12} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TrueSuite WebStore - {5cb2b77d-c8ca-44db-af20-a7a4df462a12} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\ipsbho.dll (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll (AuthenTec Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FE262FD0-69EB-46BC-B26C-F696DEA52046}: [NameServer]212.98.37.131 194.230.55.97

FireFox:
========
FF ProfilePath: C:\Users\Augustus Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\oryg7q42.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: TrueSuite Website Log On - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\

Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "hxxp://mystart.incredibar.com/?a=6OyZWYgSPg&loc=skw", "hxxp://mystart.incredibar.com/mb201?a=6OyZWYgSPg&loc=skw", "", "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (TrueSuite) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokdoppleiafjmfmggefbkghfblaplo\1.0_0\npwebsitelogon.dll (AuthenTec, Inc)
CHR Plugin: (Injovo Extension Plugin) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.557_0\npbrowserext.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.13.20.29_0\plugins/np-cwmp.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (Media Go Detector) - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Extension: (Google Docs) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Norton Identity Protection) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.2.3_0
CHR Extension: (Google Wallet) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Website Logon) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokdoppleiafjmfmggefbkghfblaplo\1.0_0
CHR Extension: (Gmail) - C:\Users\Augustus Mobile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [oiokdoppleiafjmfmggefbkghfblaplo] - C:\Program Files\TrueSuite\x86\tschrome.crx

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 DeviceManager; C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe [40960 2012-10-12] ()
R2 FPLService; C:\Program Files\TrueSuite\TrueSuite.Service.exe [294216 2011-04-26] (AuthenTec, Inc)
R2 GobiQDLService; C:\Program Files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe [318464 2011-03-04] (HUAWEI Technologies Co., Ltd.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [671744 2013-02-05] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-11-30] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131218.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R3 gobi3kfilter; C:\Windows\System32\DRIVERS\gobi3kfilter.sys [34304 2010-12-13] (QUALCOMM Incorporated)
R3 gobi3kmbb; C:\Windows\System32\DRIVERS\gobi3kmbb.sys [399872 2011-04-21] (QUALCOMM Incorporated)
R3 gobi3kserial; C:\Windows\System32\DRIVERS\gobi3kserial.sys [233984 2010-12-13] (QUALCOMM Incorporated)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [241152 2012-12-03] (Huawei Technologies Co., Ltd.)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140109.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation)
S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [123776 2012-03-31] (TCT International Mobile Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140110.002\ENG64.SYS [126040 2013-11-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140110.002\EX64.SYS [2099288 2013-11-27] (Symantec Corporation)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-07] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [132608 2009-02-17] (Huawei Technologies Co., Ltd.)
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-11 01:21 - 2014-01-11 01:21 - 01932166 _____ (Farbar) C:\Users\Augustus Mobile\Downloads\FRST64 (1).exe
2014-01-11 01:06 - 2014-01-11 01:06 - 00987410 _____ C:\Users\Augustus Mobile\Downloads\SecurityCheck.exe
2014-01-10 12:41 - 2014-01-10 12:42 - 02347384 _____ (ESET) C:\Users\Augustus Mobile\Downloads\esetsmartinstaller_enu.exe
2014-01-10 12:39 - 2014-01-10 12:44 - 499830816 _____ C:\Users\Augustus Mobile\Downloads\kptg-monat1 (1).zip
2014-01-09 20:09 - 2014-01-09 20:09 - 00020333 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2014_ 1_ 9.csv
2014-01-07 15:17 - 2014-01-07 15:17 - 00020252 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2014_ 1_ 7.csv
2014-01-06 16:56 - 2014-01-06 16:56 - 00061463 _____ C:\Users\Augustus Mobile\Downloads\Stundenraport_Augustus_Dezember.xlsx
2014-01-06 16:51 - 2014-01-06 16:51 - 00010652 _____ C:\Users\Augustus Mobile\Downloads\Arbeitszeit_Kaja (2).xlsx
2014-01-05 21:05 - 2014-01-05 21:05 - 00020392 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2014_ 1_ 5.csv
2014-01-05 17:03 - 2014-01-05 17:03 - 00017215 _____ C:\Users\Augustus Mobile\Downloads\2013 - Augustus für TAO'S (29).xlsx
2014-01-05 17:02 - 2014-01-05 17:02 - 00016432 _____ C:\Users\Augustus Mobile\Downloads\2013 - Augustus für AURA (8).xlsx
2014-01-05 17:02 - 2014-01-05 17:02 - 00016432 _____ C:\Users\Augustus Mobile\Downloads\2013 - Augustus für AURA (7).xlsx
2014-01-03 22:50 - 2014-01-03 22:50 - 00016376 _____ C:\Users\Augustus Mobile\Downloads\2013 - Augustus für AURA (6).xlsx
2014-01-03 16:14 - 2014-01-03 16:14 - 00000196 _____ C:\Users\Augustus Mobile\Desktop\201401031614238763.vcf
2014-01-03 00:04 - 2014-01-03 00:04 - 00048601 _____ C:\Users\Augustus Mobile\Downloads\FRST_01.txt
2014-01-03 00:01 - 2014-01-03 00:01 - 00000000 ____D C:\Users\Augustus Mobile\Downloads\FRST-OlderVersion
2014-01-02 23:47 - 2014-01-02 23:47 - 00004347 _____ C:\Users\Augustus Mobile\Desktop\JRT.txt
2014-01-02 23:21 - 2014-01-02 23:21 - 01036305 _____ (Thisisu) C:\Users\Augustus Mobile\Downloads\JRT.exe
2014-01-02 23:21 - 2014-01-02 23:21 - 00000000 ____D C:\Windows\ERUNT
2014-01-02 22:56 - 2014-01-02 23:48 - 00000000 ____D C:\AdwCleaner
2014-01-02 22:55 - 2014-01-02 22:56 - 01233962 _____ C:\Users\Augustus Mobile\Desktop\adwcleaner.exe
2014-01-02 22:51 - 2014-01-02 22:51 - 00017241 _____ C:\Users\Augustus Mobile\Downloads\2013 - Augustus für TAO'S (28).xlsx
2014-01-02 21:23 - 2014-01-02 21:23 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-02 21:23 - 2014-01-02 21:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-02 21:23 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-02 21:16 - 2014-01-02 21:16 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Augustus Mobile\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-02 12:30 - 2014-01-06 10:13 - 00000000 ____D C:\Users\Augustus Mobile\Desktop\privat
2014-01-02 11:48 - 2014-01-02 11:48 - 00035862 _____ C:\Users\Augustus Mobile\Desktop\combofix.txt
2014-01-02 11:47 - 2014-01-02 11:47 - 00035862 _____ C:\ComboFix.txt
2014-01-02 11:31 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-02 11:31 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-02 11:31 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-02 11:31 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-02 11:31 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-02 11:31 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-02 11:31 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-02 11:31 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-02 11:28 - 2014-01-02 11:47 - 00000000 ____D C:\Qoobox
2014-01-02 11:27 - 2014-01-02 11:45 - 00000000 ____D C:\Windows\erdnt
2014-01-02 11:26 - 2014-01-02 11:26 - 05160282 _____ (Swearware) C:\Users\Augustus Mobile\Downloads\ComboFix (1).exe
2014-01-02 11:25 - 2014-01-02 11:25 - 05160282 ____R (Swearware) C:\Users\Augustus Mobile\Desktop\ComboFix.exe
2014-01-02 09:24 - 2014-01-02 09:25 - 00527592 _____ C:\Windows\Minidump\010214-38735-01.dmp
2014-01-02 09:24 - 2014-01-02 09:24 - 772273299 _____ C:\Windows\MEMORY.DMP
2014-01-02 09:24 - 2014-01-02 09:24 - 00000000 ____D C:\Windows\Minidump
2014-01-01 22:46 - 2014-01-01 22:46 - 00005109 _____ C:\Users\Augustus Mobile\Downloads\gmer.log
2014-01-01 22:26 - 2014-01-01 22:26 - 00377856 _____ C:\Users\Augustus Mobile\Downloads\gmer_2.1.19163.exe
2014-01-01 22:16 - 2014-01-01 22:17 - 00042844 _____ C:\Users\Augustus Mobile\Downloads\Addition.txt
2014-01-01 22:15 - 2014-01-11 01:22 - 00025898 _____ C:\Users\Augustus Mobile\Downloads\FRST.txt
2014-01-01 22:15 - 2014-01-03 00:01 - 00000000 ____D C:\FRST
2014-01-01 22:13 - 2014-01-01 22:13 - 00020318 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2014_ 1_ 1.csv
2014-01-01 22:02 - 2014-01-03 00:01 - 01931498 _____ (Farbar) C:\Users\Augustus Mobile\Downloads\FRST64.exe
2014-01-01 22:01 - 2014-01-01 22:01 - 00000492 _____ C:\Users\Augustus Mobile\Downloads\defogger_disable.log
2014-01-01 22:01 - 2014-01-01 22:01 - 00000000 _____ C:\Users\Augustus Mobile\defogger_reenable
2014-01-01 22:00 - 2014-01-01 22:00 - 00050477 _____ C:\Users\Augustus Mobile\Downloads\Defogger.exe
2013-12-31 17:41 - 2013-12-31 17:41 - 00000000 ____D C:\ProgramData\Oracle
2013-12-31 17:41 - 2013-12-31 17:40 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-31 17:40 - 2013-12-31 17:40 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-31 17:40 - 2013-12-31 17:40 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-31 17:40 - 2013-12-31 17:40 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-31 17:40 - 2013-12-31 17:40 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-31 17:37 - 2013-12-31 17:37 - 00915368 _____ (Oracle Corporation) C:\Users\Augustus Mobile\Downloads\chromeinstall-7u45.exe
2013-12-29 20:21 - 2013-12-29 20:21 - 00020351 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_29.csv
2013-12-26 13:25 - 2013-12-26 13:25 - 00020351 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_26.csv
2013-12-25 00:20 - 2013-12-25 00:20 - 05183143 _____ (Kigosoft Inc.                                              ) C:\Users\Augustus Mobile\Downloads\PhotoCardMaker.exe
2013-12-22 22:49 - 2013-12-22 22:49 - 01094246 _____ C:\Users\Augustus Mobile\Downloads\libera esportazione augustus 22 dicembre.bmp
2013-12-22 20:18 - 2013-12-22 20:18 - 00020351 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_22.csv
2013-12-22 00:12 - 2014-01-01 22:15 - 00155648 ___SH C:\Users\Augustus Mobile\Desktop\Thumbs.db
2013-12-19 07:23 - 2013-12-19 07:23 - 00020318 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_19.csv
2013-12-18 23:49 - 2013-12-18 23:49 - 00016386 _____ C:\Windows\SysWOW64\sibcs207.dll
2013-12-18 23:49 - 2013-12-18 23:49 - 00003248 _____ C:\Windows\System32\Tasks\{2497518A-D03B-45DB-AFCC-057807A54C5F}
2013-12-18 23:48 - 2013-12-18 23:48 - 00001106 _____ C:\Users\Augustus Mobile\Desktop\BusinessCard Software Demo.lnk
2013-12-18 23:48 - 2013-12-18 23:48 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Roaming\Sigel
2013-12-18 23:48 - 2003-06-25 11:17 - 00374272 _____ (Herd Software Entwicklung/ Ketteler Str. 35/ D-68642 Bürstadt/ hxxp://www.herdsoft.com/ Telefon:+49-6206-707775/ Telefax:+49-6206-707776) C:\Windows\SysWOW64\Dav3_32.dll
2013-12-18 23:48 - 2003-06-24 13:35 - 00143360 _____ (Herd Software Entwicklung/ Ketteler Str.35/ D-68642 Bürstadt/ hxxp://www.herdsoft.com/ eMail:info@herdsoft.com/ Telefon:+49-6206-707775/ Telefax:+49-6206-707776) C:\Windows\SysWOW64\leon3_32.dll
2013-12-18 23:47 - 2013-12-18 23:47 - 09895012 _____ C:\Users\Augustus Mobile\Downloads\Sigel_BusinessCard_Demo.zip
2013-12-18 23:47 - 2013-12-18 23:47 - 00000000 ____D C:\Users\Augustus Mobile\Downloads\Sigel_BusinessCard_Demo
2013-12-18 23:22 - 2013-12-18 23:48 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sigel
2013-12-18 23:22 - 2013-12-18 23:48 - 00000000 ____D C:\Program Files (x86)\Sigel
2013-12-18 23:22 - 2013-12-18 23:22 - 00001151 _____ C:\Users\Augustus Mobile\Desktop\Visitenkarten In 2 Minuten.lnk
2013-12-18 23:21 - 2013-12-18 23:21 - 03714404 _____ C:\Users\Augustus Mobile\Downloads\Sigel_Visitenkarten_In_2_Minuten.zip
2013-12-17 18:42 - 2013-12-17 18:48 - 499830816 _____ C:\Users\Augustus Mobile\Downloads\kptg-monat1.zip
2013-12-15 21:19 - 2013-12-15 21:19 - 00020425 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_15.csv
2013-12-12 03:05 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 03:05 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 03:05 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 03:05 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 03:02 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 03:02 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 03:02 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 03:02 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 03:02 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 03:02 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 03:02 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 03:02 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 03:02 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 03:02 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 03:02 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 03:02 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 03:02 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 03:02 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 03:02 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 03:02 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 03:02 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 03:02 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 03:02 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 03:02 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 03:02 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 03:02 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 03:02 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 03:02 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 03:02 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 03:02 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 03:02 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 03:02 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 03:02 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 03:02 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 03:02 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

==================== One Month Modified Files and Folders =======

2014-01-11 01:23 - 2014-01-01 22:15 - 00025898 _____ C:\Users\Augustus Mobile\Downloads\FRST.txt
2014-01-11 01:21 - 2014-01-11 01:21 - 01932166 _____ (Farbar) C:\Users\Augustus Mobile\Downloads\FRST64 (1).exe
2014-01-11 01:18 - 2013-11-26 00:50 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Roaming\Wuala
2014-01-11 01:14 - 2013-06-11 10:52 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-11 01:06 - 2014-01-11 01:06 - 00987410 _____ C:\Users\Augustus Mobile\Downloads\SecurityCheck.exe
2014-01-11 01:04 - 2013-01-29 17:07 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-11 00:59 - 2012-01-31 10:27 - 02036792 _____ C:\Windows\WindowsUpdate.log
2014-01-10 21:41 - 2013-01-29 17:07 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-10 13:32 - 2012-05-16 19:53 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Roaming\vlc
2014-01-10 12:44 - 2014-01-10 12:39 - 499830816 _____ C:\Users\Augustus Mobile\Downloads\kptg-monat1 (1).zip
2014-01-10 12:42 - 2014-01-10 12:41 - 02347384 _____ (ESET) C:\Users\Augustus Mobile\Downloads\esetsmartinstaller_enu.exe
2014-01-10 08:58 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2014-01-10 07:28 - 2009-07-14 05:51 - 00125518 _____ C:\Windows\setupact.log
2014-01-09 21:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\LiveKernelReports
2014-01-09 20:09 - 2014-01-09 20:09 - 00020333 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2014_ 1_ 9.csv
2014-01-07 15:17 - 2014-01-07 15:17 - 00020252 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2014_ 1_ 7.csv
2014-01-06 16:56 - 2014-01-06 16:56 - 00061463 _____ C:\Users\Augustus Mobile\Downloads\Stundenraport_Augustus_Dezember.xlsx
2014-01-06 16:51 - 2014-01-06 16:51 - 00010652 _____ C:\Users\Augustus Mobile\Downloads\Arbeitszeit_Kaja (2).xlsx
2014-01-06 11:54 - 2013-05-17 12:30 - 00000000 ____D C:\Users\Augustus Mobile\Desktop\Augustus
2014-01-06 10:13 - 2014-01-02 12:30 - 00000000 ____D C:\Users\Augustus Mobile\Desktop\privat
2014-01-05 21:05 - 2014-01-05 21:05 - 00020392 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2014_ 1_ 5.csv
2014-01-05 17:03 - 2014-01-05 17:03 - 00017215 _____ C:\Users\Augustus Mobile\Downloads\2013 - Augustus für TAO'S (29).xlsx
2014-01-05 17:02 - 2014-01-05 17:02 - 00016432 _____ C:\Users\Augustus Mobile\Downloads\2013 - Augustus für AURA (8).xlsx
2014-01-05 17:02 - 2014-01-05 17:02 - 00016432 _____ C:\Users\Augustus Mobile\Downloads\2013 - Augustus für AURA (7).xlsx
2014-01-04 13:28 - 2009-07-14 05:45 - 00020944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-04 13:28 - 2009-07-14 05:45 - 00020944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-03 22:50 - 2014-01-03 22:50 - 00016376 _____ C:\Users\Augustus Mobile\Downloads\2013 - Augustus für AURA (6).xlsx
2014-01-03 16:14 - 2014-01-03 16:14 - 00000196 _____ C:\Users\Augustus Mobile\Desktop\201401031614238763.vcf
2014-01-03 00:04 - 2014-01-03 00:04 - 00048601 _____ C:\Users\Augustus Mobile\Downloads\FRST_01.txt
2014-01-03 00:01 - 2014-01-03 00:01 - 00000000 ____D C:\Users\Augustus Mobile\Downloads\FRST-OlderVersion
2014-01-03 00:01 - 2014-01-01 22:15 - 00000000 ____D C:\FRST
2014-01-03 00:01 - 2014-01-01 22:02 - 01931498 _____ (Farbar) C:\Users\Augustus Mobile\Downloads\FRST64.exe
2014-01-03 00:00 - 2011-09-11 04:50 - 00697534 _____ C:\Windows\system32\perfh007.dat
2014-01-03 00:00 - 2011-09-11 04:50 - 00148540 _____ C:\Windows\system32\perfc007.dat
2014-01-03 00:00 - 2009-07-14 06:13 - 01614892 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-02 23:54 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-02 23:48 - 2014-01-02 22:56 - 00000000 ____D C:\AdwCleaner
2014-01-02 23:47 - 2014-01-02 23:47 - 00004347 _____ C:\Users\Augustus Mobile\Desktop\JRT.txt
2014-01-02 23:21 - 2014-01-02 23:21 - 01036305 _____ (Thisisu) C:\Users\Augustus Mobile\Downloads\JRT.exe
2014-01-02 23:21 - 2014-01-02 23:21 - 00000000 ____D C:\Windows\ERUNT
2014-01-02 22:56 - 2014-01-02 22:55 - 01233962 _____ C:\Users\Augustus Mobile\Desktop\adwcleaner.exe
2014-01-02 22:51 - 2014-01-02 22:51 - 00017241 _____ C:\Users\Augustus Mobile\Downloads\2013 - Augustus für TAO'S (28).xlsx
2014-01-02 21:43 - 2010-11-21 04:47 - 00089312 _____ C:\Windows\PFRO.log
2014-01-02 21:23 - 2014-01-02 21:23 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-02 21:23 - 2014-01-02 21:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-02 21:16 - 2014-01-02 21:16 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Augustus Mobile\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-02 11:48 - 2014-01-02 11:48 - 00035862 _____ C:\Users\Augustus Mobile\Desktop\combofix.txt
2014-01-02 11:47 - 2014-01-02 11:47 - 00035862 _____ C:\ComboFix.txt
2014-01-02 11:47 - 2014-01-02 11:28 - 00000000 ____D C:\Qoobox
2014-01-02 11:45 - 2014-01-02 11:27 - 00000000 ____D C:\Windows\erdnt
2014-01-02 11:44 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-02 11:26 - 2014-01-02 11:26 - 05160282 _____ (Swearware) C:\Users\Augustus Mobile\Downloads\ComboFix (1).exe
2014-01-02 11:25 - 2014-01-02 11:25 - 05160282 ____R (Swearware) C:\Users\Augustus Mobile\Desktop\ComboFix.exe
2014-01-02 09:25 - 2014-01-02 09:24 - 00527592 _____ C:\Windows\Minidump\010214-38735-01.dmp
2014-01-02 09:24 - 2014-01-02 09:24 - 772273299 _____ C:\Windows\MEMORY.DMP
2014-01-02 09:24 - 2014-01-02 09:24 - 00000000 ____D C:\Windows\Minidump
2014-01-01 22:46 - 2014-01-01 22:46 - 00005109 _____ C:\Users\Augustus Mobile\Downloads\gmer.log
2014-01-01 22:26 - 2014-01-01 22:26 - 00377856 _____ C:\Users\Augustus Mobile\Downloads\gmer_2.1.19163.exe
2014-01-01 22:17 - 2014-01-01 22:16 - 00042844 _____ C:\Users\Augustus Mobile\Downloads\Addition.txt
2014-01-01 22:15 - 2013-12-22 00:12 - 00155648 ___SH C:\Users\Augustus Mobile\Desktop\Thumbs.db
2014-01-01 22:13 - 2014-01-01 22:13 - 00020318 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2014_ 1_ 1.csv
2014-01-01 22:13 - 2013-01-13 09:32 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Roaming\SoftGrid Client
2014-01-01 22:01 - 2014-01-01 22:01 - 00000492 _____ C:\Users\Augustus Mobile\Downloads\defogger_disable.log
2014-01-01 22:01 - 2014-01-01 22:01 - 00000000 _____ C:\Users\Augustus Mobile\defogger_reenable
2014-01-01 22:01 - 2012-01-31 10:27 - 00000000 ____D C:\Users\Augustus Mobile
2014-01-01 22:00 - 2014-01-01 22:00 - 00050477 _____ C:\Users\Augustus Mobile\Downloads\Defogger.exe
2013-12-31 17:41 - 2013-12-31 17:41 - 00000000 ____D C:\ProgramData\Oracle
2013-12-31 17:40 - 2013-12-31 17:41 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-31 17:40 - 2013-12-31 17:40 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-31 17:40 - 2013-12-31 17:40 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-31 17:40 - 2013-12-31 17:40 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-31 17:40 - 2013-12-31 17:40 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-31 17:37 - 2013-12-31 17:37 - 00915368 _____ (Oracle Corporation) C:\Users\Augustus Mobile\Downloads\chromeinstall-7u45.exe
2013-12-31 00:24 - 2012-06-08 23:50 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Roaming\dvdcss
2013-12-29 20:21 - 2013-12-29 20:21 - 00020351 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_29.csv
2013-12-26 13:25 - 2013-12-26 13:25 - 00020351 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_26.csv
2013-12-25 00:22 - 2013-06-21 10:15 - 00343552 ___SH C:\Users\Augustus Mobile\Downloads\Thumbs.db
2013-12-25 00:20 - 2013-12-25 00:20 - 05183143 _____ (Kigosoft Inc.                                              ) C:\Users\Augustus Mobile\Downloads\PhotoCardMaker.exe
2013-12-22 22:49 - 2013-12-22 22:49 - 01094246 _____ C:\Users\Augustus Mobile\Downloads\libera esportazione augustus 22 dicembre.bmp
2013-12-22 20:18 - 2013-12-22 20:18 - 00020351 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_22.csv
2013-12-21 00:29 - 2013-02-11 15:33 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Local\Microsoft Help
2013-12-19 07:23 - 2013-12-19 07:23 - 00020318 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_19.csv
2013-12-18 23:49 - 2013-12-18 23:49 - 00016386 _____ C:\Windows\SysWOW64\sibcs207.dll
2013-12-18 23:49 - 2013-12-18 23:49 - 00003248 _____ C:\Windows\System32\Tasks\{2497518A-D03B-45DB-AFCC-057807A54C5F}
2013-12-18 23:49 - 2012-01-31 15:49 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Local\CrashDumps
2013-12-18 23:48 - 2013-12-18 23:48 - 00001106 _____ C:\Users\Augustus Mobile\Desktop\BusinessCard Software Demo.lnk
2013-12-18 23:48 - 2013-12-18 23:48 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Roaming\Sigel
2013-12-18 23:48 - 2013-12-18 23:22 - 00000000 ____D C:\Users\Augustus Mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sigel
2013-12-18 23:48 - 2013-12-18 23:22 - 00000000 ____D C:\Program Files (x86)\Sigel
2013-12-18 23:47 - 2013-12-18 23:47 - 09895012 _____ C:\Users\Augustus Mobile\Downloads\Sigel_BusinessCard_Demo.zip
2013-12-18 23:47 - 2013-12-18 23:47 - 00000000 ____D C:\Users\Augustus Mobile\Downloads\Sigel_BusinessCard_Demo
2013-12-18 23:22 - 2013-12-18 23:22 - 00001151 _____ C:\Users\Augustus Mobile\Desktop\Visitenkarten In 2 Minuten.lnk
2013-12-18 23:21 - 2013-12-18 23:21 - 03714404 _____ C:\Users\Augustus Mobile\Downloads\Sigel_Visitenkarten_In_2_Minuten.zip
2013-12-17 18:48 - 2013-12-17 18:42 - 499830816 _____ C:\Users\Augustus Mobile\Downloads\kptg-monat1.zip
2013-12-15 21:19 - 2013-12-15 21:19 - 00020425 _____ C:\Users\Augustus Mobile\Documents\AUGUSTUSMOBILE_Augustus Mobile_2013_12_15.csv
2013-12-12 17:15 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-12 03:24 - 2009-07-14 05:45 - 00444288 _____ C:\Windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\Augustus Mobile\AppData\Local\Temp\proxy_util_w32.dll
C:\Users\Augustus Mobile\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-03 10:33

==================== End Of Log ============================
--- --- ---


Vielen Dank und Grüsse

schrauber 11.01.2014 15:28
Firefox updaten.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Fertig :)

Falls Du Lob oder Kritik loswerden möchtest kannst Du das hier tun :)


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:25 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131