Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: SaveSenseLive - Trend Micro brachte Bedrohung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 10.09.2014, 20:54   #1
Tormann16
 
SaveSenseLive - Trend Micro brachte Bedrohung - Standard

SaveSenseLive - Trend Micro brachte Bedrohung



Hallo, mein "Trend Micro Titanium Internet Security" Schutz hat Alarm geschlagen und SaveSenseLive als Bedrohung aufgeführt.

Leider habe ich nur noch die Meldung der Internet-Bedrohung.

Website-Adresse: hxxp://www.411-spyware.com/de/savesense-entfernen
Bewertung: Gefährliche Seite (49)
Maßnahme: Gesperrt
Entdeckt von: Web Reputation

Habe diesen Ordner auf dem Rechner unter:
C:\Program Files (x86)\SaveSenseLive

Rechner:
Windows 7 Professional
64 Bit Betriebssystem

Könntet Ihr mir bitte helfen, den Schädling wieder los zu werden?

Grüße tormann16

Alt 10.09.2014, 20:56   #2
schrauber
/// the machine
/// TB-Ausbilder
 

SaveSenseLive - Trend Micro brachte Bedrohung - Standard

SaveSenseLive - Trend Micro brachte Bedrohung



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 10.09.2014, 20:58   #3
Tormann16
 
SaveSenseLive - Trend Micro brachte Bedrohung - Standard

SaveSenseLive - Trend Micro brachte Bedrohung



Zitat:
Zitat von schrauber Beitrag anzeigen
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Jens Sautter (administrator) on JENSSAUTTER-PC on 10-09-2014 21:40:38
Running from C:\Users\Jens Sautter\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Dell) C:\Users\Jens Sautter\AppData\Local\Apps\2.0\NL3HVCE4.MG6\GNPRBXRG.3LD\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [229824 2013-10-09] (Trend Micro Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-10-01] ()
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-23] (DivX, LLC)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-15] ()
HKLM-x32\...\Run: [Hercules DJ Series] => C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe [3413912 2012-11-26] (Hercules®)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-05-09] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1120836754-3475043211-1147216431-1000\...\Run: [GoogleChromeAutoLaunch_53B3C4CC59B8616E962F22306390EABF] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-08-30] (Google Inc.)
HKU\S-1-5-21-1120836754-3475043211-1147216431-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-1120836754-3475043211-1147216431-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1120836754-3475043211-1147216431-1000\...\Run: [DellSystemDetect] => C:\Users\Jens Sautter\AppData\Local\Apps\2.0\NL3HVCE4.MG6\GNPRBXRG.3LD\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-04-18] (Dell)
HKU\S-1-5-21-1120836754-3475043211-1147216431-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1120836754-3475043211-1147216431-1000\...\MountPoints2: {27920a48-7e07-11e3-b791-806e6f6e6963} - D:\autoRcd.exe
HKU\S-1-5-21-1120836754-3475043211-1147216431-1000\...\MountPoints2: {9b9e3322-c958-11e3-9d55-642737dab57a} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\start.exe
Startup: C:\Users\Jens Sautter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WSCHandler.exe (Trend Micro Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: MediaPlayer+ -> {11111111-1111-1111-1111-110511801124} -> C:\Program Files (x86)\MediaPlayer+\MediaPlayer+-bho64.dll No File
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MediaPlayer+ -> {11111111-1111-1111-1111-110511801124} -> C:\Program Files (x86)\MediaPlayer+\MediaPlayer+-bho.dll No File
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=3 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=9 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension [2014-08-26]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-01-20]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-01-22]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-04-26]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSearchKeyword: Default -> 73AB56B8BABEDAAB60294DC34F9922BCC146A85B165273E51C00413AF202CBDC
CHR DefaultSearchURL: Default -> 3774FCD06BB141B0A4CA5367E01C1CC739DA48EAD43CAE188422AAB9FC20D3F2
CHR Profile: C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-17]
CHR Extension: (Google Drive) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-17]
CHR Extension: (Google-Suche) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-17]
CHR Extension: (Google Kalender) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-06-06]
CHR Extension: (Google Maps) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-06-21]
CHR Extension: (Pic and Click San Francisco) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkpmjmcgjoidcjgdfmeaajknmjcecdii [2014-01-24]
CHR Extension: (Google Wallet) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-17]
CHR Extension: (Google Mail) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-17]
CHR Profile: C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-17]
CHR Extension: (Google Drive) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (YouTube) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-17]
CHR Extension: (Google-Suche) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-17]
CHR Extension: (MediaPlayer+) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dejnaecmjmpnajcpbhkelomfdnjdfgfe [2014-05-26]
CHR Extension: (Wall E) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mcemheplgccbimaplmppfdofjghnpmmn [2014-01-24]
CHR Extension: (Google Wallet) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-17]
CHR Extension: (Google Mail) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-17]
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\chrome_tmbep.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HerculesDJControlMP3; C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [18944 2012-09-06] (Hercules®) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [47504 2014-05-12] (Synaptics Incorporated)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-05-09] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [295800 2014-05-09] (Western Digital Technologies, Inc.)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]
S2 NewPlayerUpdaterService; "C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [238960 2012-10-30] (© Guillemot R&D, 2012. All rights reserved.)
S3 HDJAsioK; C:\Windows\System32\Drivers\HDJAsioK.sys [306032 2012-10-30] (© Guillemot R&D, 2012. All rights reserved.)
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [342528 2013-11-06] (Intel(R) Corporation) [File not signed]
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [117312 2013-12-03] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [283160 2013-12-03] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [100640 2013-06-13] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [85936 2013-12-03] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [303392 2013-05-15] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-08-22] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 21:40 - 2014-09-10 21:42 - 00023094 _____ () C:\Users\Jens Sautter\Downloads\FRST.txt
2014-09-10 21:40 - 2014-09-10 21:40 - 00000000 ____D () C:\FRST
2014-09-10 21:36 - 2014-09-10 21:37 - 02105856 _____ (Farbar) C:\Users\Jens Sautter\Downloads\FRST64.exe
2014-09-10 15:10 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 15:10 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 15:10 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 15:10 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 15:10 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 15:10 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 15:10 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 15:10 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 15:10 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 15:10 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 15:10 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 15:10 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 15:10 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 15:10 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 15:10 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 15:10 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 15:10 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 15:10 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 15:10 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 15:10 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 15:10 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 15:10 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 15:10 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 15:10 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 15:10 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 15:10 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 15:10 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 15:10 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 15:10 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 15:10 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 15:10 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 15:10 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 15:10 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 15:10 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 15:10 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 15:10 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 15:10 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 15:10 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 15:10 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 15:10 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 15:10 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 15:10 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 15:10 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 15:10 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 15:10 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 15:10 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 15:10 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 15:10 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 15:10 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 15:10 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 15:10 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 15:10 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 15:10 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 15:10 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 15:10 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 15:10 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 15:01 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 15:01 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 14:36 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 14:36 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 14:36 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 14:36 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 14:35 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 14:35 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 14:35 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 14:35 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 14:35 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 10:53 - 2014-09-10 10:55 - 48876453 _____ () C:\Users\Jens Sautter\Downloads\sk-savg.rar
2014-09-10 08:14 - 2014-09-10 21:04 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-09-08 19:39 - 2014-09-08 19:41 - 00000000 ____D () C:\Users\Jens Sautter\Documents\Hochzeit Bettina und Simon
2014-08-31 16:18 - 2014-08-31 16:18 - 00001147 _____ () C:\Users\Public\Desktop\Meine CEWE FOTOWELT.lnk
2014-08-31 16:18 - 2014-08-31 16:18 - 00001122 _____ () C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
2014-08-28 12:57 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 12:57 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 12:57 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 21:51 - 2014-08-20 21:51 - 00001245 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-08-20 21:51 - 2014-08-20 21:51 - 00000000 ____D () C:\Users\Jens Sautter\AppData\Roaming\OpenCandy
2014-08-20 21:51 - 2014-08-20 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-08-20 21:51 - 2014-08-20 21:51 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-08-20 21:50 - 2014-08-20 21:51 - 00000000 ____D () C:\Users\Jens Sautter\AppData\Roaming\DVDVideoSoft
2014-08-20 06:33 - 2014-08-20 06:34 - 00000000 ____D () C:\Users\Jens Sautter\Documents\Telefon
2014-08-13 06:46 - 2014-08-13 06:46 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-13 06:46 - 2014-08-13 06:46 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-13 06:46 - 2014-08-13 06:46 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-13 06:46 - 2014-08-13 06:46 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-13 06:46 - 2014-08-13 06:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-13 06:46 - 2014-08-13 06:46 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-12 21:17 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-12 21:17 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-12 21:17 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-12 21:17 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-12 21:17 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-12 21:17 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-12 21:16 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-12 21:16 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-12 21:14 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-12 21:14 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-12 21:14 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-12 21:14 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-12 21:14 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-12 21:14 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-12 21:14 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 21:13 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-12 21:13 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-12 21:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-12 21:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-12 21:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-12 21:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-12 21:13 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-12 21:13 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-12 21:13 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-12 21:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-12 21:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-12 21:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-12 21:13 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-12 21:13 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-12 21:12 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-12 21:12 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-12 21:12 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-12 21:10 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-12 21:10 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 21:42 - 2014-09-10 21:40 - 00023094 _____ () C:\Users\Jens Sautter\Downloads\FRST.txt
2014-09-10 21:40 - 2014-09-10 21:40 - 00000000 ____D () C:\FRST
2014-09-10 21:37 - 2014-09-10 21:36 - 02105856 _____ (Farbar) C:\Users\Jens Sautter\Downloads\FRST64.exe
2014-09-10 21:36 - 2014-01-15 19:08 - 01899443 _____ () C:\Windows\WindowsUpdate.log
2014-09-10 21:16 - 2014-01-25 00:16 - 00000308 _____ () C:\Windows\Tasks\FoxTab.job
2014-09-10 21:09 - 2009-07-14 06:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-10 21:09 - 2009-07-14 06:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-10 21:06 - 2014-06-21 16:51 - 00000000 ___RD () C:\Users\Jens Sautter\Google Drive
2014-09-10 21:05 - 2014-01-17 20:13 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-10 21:04 - 2014-09-10 08:14 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-09-10 21:04 - 2014-05-31 11:48 - 00011738 _____ () C:\Windows\setupact.log
2014-09-10 21:04 - 2014-05-26 22:46 - 00001538 _____ () C:\Windows\Tasks\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-5.job
2014-09-10 21:04 - 2014-05-26 22:46 - 00001440 _____ () C:\Windows\Tasks\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-2.job
2014-09-10 21:04 - 2014-05-26 22:45 - 00003806 _____ () C:\Windows\Tasks\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-3.job
2014-09-10 21:04 - 2014-05-26 22:45 - 00002248 _____ () C:\Windows\Tasks\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-4.job
2014-09-10 21:04 - 2014-05-26 22:45 - 00001456 _____ () C:\Windows\Tasks\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-6.job
2014-09-10 21:04 - 2014-05-26 22:45 - 00001454 _____ () C:\Windows\Tasks\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-1.job
2014-09-10 21:04 - 2014-05-26 22:45 - 00001390 _____ () C:\Windows\Tasks\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-7.job
2014-09-10 21:04 - 2014-05-26 22:45 - 00000916 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-09-10 21:04 - 2014-05-26 22:45 - 00000912 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-09-10 21:04 - 2014-05-26 21:38 - 00000000 ____D () C:\ProgramData\Validity
2014-09-10 21:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-10 15:09 - 2014-01-18 18:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 15:08 - 2014-01-22 23:12 - 01622184 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 15:08 - 2014-01-18 19:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 15:08 - 2014-01-16 04:03 - 00710154 _____ () C:\Windows\system32\perfh007.dat
2014-09-10 15:08 - 2014-01-16 04:03 - 00152750 _____ () C:\Windows\system32\perfc007.dat
2014-09-10 15:08 - 2009-07-14 07:13 - 01622184 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 15:02 - 2014-01-18 19:33 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 14:46 - 2014-01-17 20:13 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-10 10:55 - 2014-09-10 10:53 - 48876453 _____ () C:\Users\Jens Sautter\Downloads\sk-savg.rar
2014-09-08 19:41 - 2014-09-08 19:39 - 00000000 ____D () C:\Users\Jens Sautter\Documents\Hochzeit Bettina und Simon
2014-09-06 10:56 - 2014-03-14 16:38 - 00000000 ____D () C:\Users\Jens Sautter\Documents\Briefe
2014-09-02 18:08 - 2014-02-18 09:04 - 00000000 ____D () C:\Users\Jens Sautter\Citrix
2014-09-02 11:22 - 2014-03-04 22:08 - 00000592 _____ () C:\Windows\wiso.ini
2014-09-02 11:22 - 2014-03-04 22:02 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-09-02 11:21 - 2014-03-04 22:03 - 00000000 ____D () C:\Program Files (x86)\Steuer 2013
2014-08-31 21:48 - 2014-01-24 10:38 - 00000000 ____D () C:\ProgramData\tmp
2014-08-31 16:18 - 2014-08-31 16:18 - 00001147 _____ () C:\Users\Public\Desktop\Meine CEWE FOTOWELT.lnk
2014-08-31 16:18 - 2014-08-31 16:18 - 00001122 _____ () C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
2014-08-31 15:22 - 2014-04-30 19:25 - 00000000 ____D () C:\Users\Jens Sautter\Documents\DJUCED 18
2014-08-29 03:17 - 2009-07-14 06:45 - 00370480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 21:23 - 2014-01-19 21:09 - 00000000 ____D () C:\Users\Jens Sautter\AppData\Roaming\Adobe
2014-08-27 11:39 - 2014-01-20 23:13 - 00000000 ____D () C:\Users\Jens Sautter\Documents\Betriebswirt
2014-08-26 06:30 - 2014-05-20 18:09 - 00000000 ___RD () C:\Users\Jens Sautter\Dropbox
2014-08-24 18:13 - 2014-05-20 17:39 - 00000000 ____D () C:\Users\Jens Sautter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-24 18:13 - 2014-05-20 17:38 - 00000000 ____D () C:\Users\Jens Sautter\AppData\Roaming\Dropbox
2014-08-23 04:07 - 2014-08-28 12:57 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 12:57 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 12:57 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 14:49 - 2014-06-21 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-21 09:24 - 2014-06-01 17:27 - 00921570 _____ () C:\Windows\PFRO.log
2014-08-21 09:24 - 2014-03-28 12:01 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-08-20 21:51 - 2014-08-20 21:51 - 00001245 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-08-20 21:51 - 2014-08-20 21:51 - 00000000 ____D () C:\Users\Jens Sautter\AppData\Roaming\OpenCandy
2014-08-20 21:51 - 2014-08-20 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-08-20 21:51 - 2014-08-20 21:51 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-08-20 21:51 - 2014-08-20 21:50 - 00000000 ____D () C:\Users\Jens Sautter\AppData\Roaming\DVDVideoSoft
2014-08-20 21:34 - 2014-03-28 12:01 - 00001905 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2014-08-20 06:34 - 2014-08-20 06:33 - 00000000 ____D () C:\Users\Jens Sautter\Documents\Telefon
2014-08-19 20:05 - 2014-09-10 15:10 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-10 15:10 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 01:01 - 2014-09-10 15:10 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-10 15:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-10 15:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-10 15:10 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-10 15:10 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-10 15:10 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-10 15:10 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-10 15:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-10 15:10 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-10 15:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-10 15:10 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:08 - 2014-09-10 15:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-10 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:05 - 2014-09-10 15:10 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-10 15:10 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-10 15:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-10 15:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-10 15:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-10 15:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-10 15:10 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-10 15:10 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-10 15:10 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-10 15:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-10 15:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-10 15:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-10 15:10 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-10 15:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-10 15:10 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-10 15:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-10 15:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-10 15:10 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-10 15:10 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-10 15:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-10 15:10 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-10 15:10 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-10 15:10 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-10 15:10 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-10 15:10 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:23 - 2014-09-10 15:10 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 23:22 - 2014-09-10 15:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-10 15:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-10 15:10 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-10 15:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-10 15:10 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-10 15:10 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 23:15 - 2014-09-10 15:10 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 23:09 - 2014-09-10 15:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-10 15:10 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-10 15:10 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-10 15:10 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-10 15:10 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-10 15:10 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 22:38 - 2014-09-10 15:10 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 22:36 - 2014-09-10 15:10 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 06:50 - 2014-02-18 09:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-13 06:46 - 2014-08-13 06:46 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-13 06:46 - 2014-08-13 06:46 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-13 06:46 - 2014-08-13 06:46 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-13 06:46 - 2014-08-13 06:46 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-13 06:46 - 2014-08-13 06:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-13 06:46 - 2014-08-13 06:46 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-12 23:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-12 21:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

Some content of TEMP:
====================
C:\Users\Jens Sautter\AppData\Local\Temp\61014uninstall.exe
C:\Users\Jens Sautter\AppData\Local\Temp\92592uninstall.exe
C:\Users\Jens Sautter\AppData\Local\Temp\96833uninstall.exe
C:\Users\Jens Sautter\AppData\Local\Temp\BackupSetup.exe
C:\Users\Jens Sautter\AppData\Local\Temp\djuced.exe
C:\Users\Jens Sautter\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvrn7t0.dll
C:\Users\Jens Sautter\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Jens Sautter\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Jens Sautter\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Jens Sautter\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Jens Sautter\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Jens Sautter\AppData\Local\Temp\lly_webssearches.exe
C:\Users\Jens Sautter\AppData\Local\Temp\media.exe
C:\Users\Jens Sautter\AppData\Local\Temp\newvideoplayersetup.exe
C:\Users\Jens Sautter\AppData\Local\Temp\ose00000.exe
C:\Users\Jens Sautter\AppData\Local\Temp\setup.exe
C:\Users\Jens Sautter\AppData\Local\Temp\Sqlite3.dll
C:\Users\Jens Sautter\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Jens Sautter\AppData\Local\Temp\_is79E.exe
C:\Users\Jens Sautter\AppData\Local\Temp\_is8F73.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 12:16

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 10.09.2014, 20:58   #4
Tormann16
 
SaveSenseLive - Trend Micro brachte Bedrohung - Standard

SaveSenseLive - Trend Micro brachte Bedrohung



Zitat:
Zitat von Tormann16 Beitrag anzeigen
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Jens Sautter (administrator) on JENSSAUTTER-PC on 10-09-2014 21:40:38
Running from C:\Users\Jens Sautter\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Dell) C:\Users\Jens Sautter\AppData\Local\Apps\2.0\NL3HVCE4.MG6\GNPRBXRG.3LD\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [229824 2013-10-09] (Trend Micro Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-10-01] ()
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-23] (DivX, LLC)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-15] ()
HKLM-x32\...\Run: [Hercules DJ Series] => C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe [3413912 2012-11-26] (Hercules®)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-05-09] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1120836754-3475043211-1147216431-1000\...\Run: [GoogleChromeAutoLaunch_53B3C4CC59B8616E962F22306390EABF] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-08-30] (Google Inc.)
HKU\S-1-5-21-1120836754-3475043211-1147216431-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-1120836754-3475043211-1147216431-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1120836754-3475043211-1147216431-1000\...\Run: [DellSystemDetect] => C:\Users\Jens Sautter\AppData\Local\Apps\2.0\NL3HVCE4.MG6\GNPRBXRG.3LD\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-04-18] (Dell)
HKU\S-1-5-21-1120836754-3475043211-1147216431-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1120836754-3475043211-1147216431-1000\...\MountPoints2: {27920a48-7e07-11e3-b791-806e6f6e6963} - D:\autoRcd.exe
HKU\S-1-5-21-1120836754-3475043211-1147216431-1000\...\MountPoints2: {9b9e3322-c958-11e3-9d55-642737dab57a} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\start.exe
Startup: C:\Users\Jens Sautter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WSCHandler.exe (Trend Micro Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: MediaPlayer+ -> {11111111-1111-1111-1111-110511801124} -> C:\Program Files (x86)\MediaPlayer+\MediaPlayer+-bho64.dll No File
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MediaPlayer+ -> {11111111-1111-1111-1111-110511801124} -> C:\Program Files (x86)\MediaPlayer+\MediaPlayer+-bho.dll No File
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=3 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=9 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension [2014-08-26]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-01-20]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-01-22]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-04-26]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSearchKeyword: Default -> 73AB56B8BABEDAAB60294DC34F9922BCC146A85B165273E51C00413AF202CBDC
CHR DefaultSearchURL: Default -> 3774FCD06BB141B0A4CA5367E01C1CC739DA48EAD43CAE188422AAB9FC20D3F2
CHR Profile: C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-17]
CHR Extension: (Google Drive) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-17]
CHR Extension: (Google-Suche) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-17]
CHR Extension: (Google Kalender) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-06-06]
CHR Extension: (Google Maps) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-06-21]
CHR Extension: (Pic and Click San Francisco) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkpmjmcgjoidcjgdfmeaajknmjcecdii [2014-01-24]
CHR Extension: (Google Wallet) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-17]
CHR Extension: (Google Mail) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-17]
CHR Profile: C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-17]
CHR Extension: (Google Drive) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (YouTube) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-17]
CHR Extension: (Google-Suche) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-17]
CHR Extension: (MediaPlayer+) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dejnaecmjmpnajcpbhkelomfdnjdfgfe [2014-05-26]
CHR Extension: (Wall E) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mcemheplgccbimaplmppfdofjghnpmmn [2014-01-24]
CHR Extension: (Google Wallet) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-17]
CHR Extension: (Google Mail) - C:\Users\Jens Sautter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-17]
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\chrome_tmbep.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HerculesDJControlMP3; C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [18944 2012-09-06] (Hercules®) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [47504 2014-05-12] (Synaptics Incorporated)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-05-09] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [295800 2014-05-09] (Western Digital Technologies, Inc.)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]
S2 NewPlayerUpdaterService; "C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [238960 2012-10-30] (© Guillemot R&D, 2012. All rights reserved.)
S3 HDJAsioK; C:\Windows\System32\Drivers\HDJAsioK.sys [306032 2012-10-30] (© Guillemot R&D, 2012. All rights reserved.)
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [342528 2013-11-06] (Intel(R) Corporation) [File not signed]
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [117312 2013-12-03] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [283160 2013-12-03] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [100640 2013-06-13] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [85936 2013-12-03] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [303392 2013-05-15] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-08-22] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 21:40 - 2014-09-10 21:42 - 00023094 _____ () C:\Users\Jens Sautter\Downloads\FRST.txt
2014-09-10 21:40 - 2014-09-10 21:40 - 00000000 ____D () C:\FRST
2014-09-10 21:36 - 2014-09-10 21:37 - 02105856 _____ (Farbar) C:\Users\Jens Sautter\Downloads\FRST64.exe
2014-09-10 15:10 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 15:10 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 15:10 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 15:10 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 15:10 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 15:10 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 15:10 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 15:10 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 15:10 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 15:10 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 15:10 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 15:10 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 15:10 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 15:10 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 15:10 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 15:10 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 15:10 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 15:10 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 15:10 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 15:10 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 15:10 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 15:10 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 15:10 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 15:10 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 15:10 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 15:10 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 15:10 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 15:10 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 15:10 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 15:10 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 15:10 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 15:10 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 15:10 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 15:10 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 15:10 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 15:10 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 15:10 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 15:10 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 15:10 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 15:10 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 15:10 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 15:10 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 15:10 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 15:10 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 15:10 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 15:10 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 15:10 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 15:10 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 15:10 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 15:10 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 15:10 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 15:10 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 15:10 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 15:10 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 15:10 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 15:10 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 15:01 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 15:01 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 14:36 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 14:36 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 14:36 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 14:36 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 14:35 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 14:35 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 14:35 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 14:35 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 14:35 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 10:53 - 2014-09-10 10:55 - 48876453 _____ () C:\Users\Jens Sautter\Downloads\sk-savg.rar
2014-09-10 08:14 - 2014-09-10 21:04 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-09-08 19:39 - 2014-09-08 19:41 - 00000000 ____D () C:\Users\Jens Sautter\Documents\Hochzeit Bettina und Simon
2014-08-31 16:18 - 2014-08-31 16:18 - 00001147 _____ () C:\Users\Public\Desktop\Meine CEWE FOTOWELT.lnk
2014-08-31 16:18 - 2014-08-31 16:18 - 00001122 _____ () C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
2014-08-28 12:57 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 12:57 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 12:57 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 21:51 - 2014-08-20 21:51 - 00001245 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-08-20 21:51 - 2014-08-20 21:51 - 00000000 ____D () C:\Users\Jens Sautter\AppData\Roaming\OpenCandy
2014-08-20 21:51 - 2014-08-20 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-08-20 21:51 - 2014-08-20 21:51 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-08-20 21:50 - 2014-08-20 21:51 - 00000000 ____D () C:\Users\Jens Sautter\AppData\Roaming\DVDVideoSoft
2014-08-20 06:33 - 2014-08-20 06:34 - 00000000 ____D () C:\Users\Jens Sautter\Documents\Telefon
2014-08-13 06:46 - 2014-08-13 06:46 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-13 06:46 - 2014-08-13 06:46 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-13 06:46 - 2014-08-13 06:46 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-13 06:46 - 2014-08-13 06:46 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-13 06:46 - 2014-08-13 06:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-13 06:46 - 2014-08-13 06:46 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-12 21:17 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-12 21:17 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-12 21:17 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-12 21:17 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-12 21:17 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-12 21:17 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-12 21:16 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-12 21:16 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-12 21:14 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-12 21:14 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-12 21:14 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-12 21:14 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-12 21:14 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-12 21:14 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-12 21:14 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 21:13 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-12 21:13 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-12 21:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-12 21:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-12 21:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-12 21:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-12 21:13 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-12 21:13 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-12 21:13 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-12 21:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-12 21:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-12 21:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-12 21:13 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-12 21:13 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-12 21:12 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-12 21:12 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-12 21:12 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-12 21:10 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-12 21:10 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 21:42 - 2014-09-10 21:40 - 00023094 _____ () C:\Users\Jens Sautter\Downloads\FRST.txt
2014-09-10 21:40 - 2014-09-10 21:40 - 00000000 ____D () C:\FRST
2014-09-10 21:37 - 2014-09-10 21:36 - 02105856 _____ (Farbar) C:\Users\Jens Sautter\Downloads\FRST64.exe
2014-09-10 21:36 - 2014-01-15 19:08 - 01899443 _____ () C:\Windows\WindowsUpdate.log
2014-09-10 21:16 - 2014-01-25 00:16 - 00000308 _____ () C:\Windows\Tasks\FoxTab.job
2014-09-10 21:09 - 2009-07-14 06:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-10 21:09 - 2009-07-14 06:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-10 21:06 - 2014-06-21 16:51 - 00000000 ___RD () C:\Users\Jens Sautter\Google Drive
2014-09-10 21:05 - 2014-01-17 20:13 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-10 21:04 - 2014-09-10 08:14 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-09-10 21:04 - 2014-05-31 11:48 - 00011738 _____ () C:\Windows\setupact.log
2014-09-10 21:04 - 2014-05-26 22:46 - 00001538 _____ () C:\Windows\Tasks\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-5.job
2014-09-10 21:04 - 2014-05-26 22:46 - 00001440 _____ () C:\Windows\Tasks\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-2.job
2014-09-10 21:04 - 2014-05-26 22:45 - 00003806 _____ () C:\Windows\Tasks\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-3.job
2014-09-10 21:04 - 2014-05-26 22:45 - 00002248 _____ () C:\Windows\Tasks\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-4.job
2014-09-10 21:04 - 2014-05-26 22:45 - 00001456 _____ () C:\Windows\Tasks\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-6.job
2014-09-10 21:04 - 2014-05-26 22:45 - 00001454 _____ () C:\Windows\Tasks\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-1.job
2014-09-10 21:04 - 2014-05-26 22:45 - 00001390 _____ () C:\Windows\Tasks\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-7.job
2014-09-10 21:04 - 2014-05-26 22:45 - 00000916 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-09-10 21:04 - 2014-05-26 22:45 - 00000912 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-09-10 21:04 - 2014-05-26 21:38 - 00000000 ____D () C:\ProgramData\Validity
2014-09-10 21:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-10 15:09 - 2014-01-18 18:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 15:08 - 2014-01-22 23:12 - 01622184 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 15:08 - 2014-01-18 19:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 15:08 - 2014-01-16 04:03 - 00710154 _____ () C:\Windows\system32\perfh007.dat
2014-09-10 15:08 - 2014-01-16 04:03 - 00152750 _____ () C:\Windows\system32\perfc007.dat
2014-09-10 15:08 - 2009-07-14 07:13 - 01622184 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 15:02 - 2014-01-18 19:33 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 14:46 - 2014-01-17 20:13 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-10 10:55 - 2014-09-10 10:53 - 48876453 _____ () C:\Users\Jens Sautter\Downloads\sk-savg.rar
2014-09-08 19:41 - 2014-09-08 19:39 - 00000000 ____D () C:\Users\Jens Sautter\Documents\Hochzeit Bettina und Simon
2014-09-06 10:56 - 2014-03-14 16:38 - 00000000 ____D () C:\Users\Jens Sautter\Documents\Briefe
2014-09-02 18:08 - 2014-02-18 09:04 - 00000000 ____D () C:\Users\Jens Sautter\Citrix
2014-09-02 11:22 - 2014-03-04 22:08 - 00000592 _____ () C:\Windows\wiso.ini
2014-09-02 11:22 - 2014-03-04 22:02 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-09-02 11:21 - 2014-03-04 22:03 - 00000000 ____D () C:\Program Files (x86)\Steuer 2013
2014-08-31 21:48 - 2014-01-24 10:38 - 00000000 ____D () C:\ProgramData\tmp
2014-08-31 16:18 - 2014-08-31 16:18 - 00001147 _____ () C:\Users\Public\Desktop\Meine CEWE FOTOWELT.lnk
2014-08-31 16:18 - 2014-08-31 16:18 - 00001122 _____ () C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
2014-08-31 15:22 - 2014-04-30 19:25 - 00000000 ____D () C:\Users\Jens Sautter\Documents\DJUCED 18
2014-08-29 03:17 - 2009-07-14 06:45 - 00370480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 21:23 - 2014-01-19 21:09 - 00000000 ____D () C:\Users\Jens Sautter\AppData\Roaming\Adobe
2014-08-27 11:39 - 2014-01-20 23:13 - 00000000 ____D () C:\Users\Jens Sautter\Documents\Betriebswirt
2014-08-26 06:30 - 2014-05-20 18:09 - 00000000 ___RD () C:\Users\Jens Sautter\Dropbox
2014-08-24 18:13 - 2014-05-20 17:39 - 00000000 ____D () C:\Users\Jens Sautter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-24 18:13 - 2014-05-20 17:38 - 00000000 ____D () C:\Users\Jens Sautter\AppData\Roaming\Dropbox
2014-08-23 04:07 - 2014-08-28 12:57 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 12:57 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 12:57 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 14:49 - 2014-06-21 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-21 09:24 - 2014-06-01 17:27 - 00921570 _____ () C:\Windows\PFRO.log
2014-08-21 09:24 - 2014-03-28 12:01 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-08-20 21:51 - 2014-08-20 21:51 - 00001245 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-08-20 21:51 - 2014-08-20 21:51 - 00000000 ____D () C:\Users\Jens Sautter\AppData\Roaming\OpenCandy
2014-08-20 21:51 - 2014-08-20 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-08-20 21:51 - 2014-08-20 21:51 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-08-20 21:51 - 2014-08-20 21:50 - 00000000 ____D () C:\Users\Jens Sautter\AppData\Roaming\DVDVideoSoft
2014-08-20 21:34 - 2014-03-28 12:01 - 00001905 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2014-08-20 06:34 - 2014-08-20 06:33 - 00000000 ____D () C:\Users\Jens Sautter\Documents\Telefon
2014-08-19 20:05 - 2014-09-10 15:10 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-10 15:10 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 01:01 - 2014-09-10 15:10 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-10 15:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-10 15:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-10 15:10 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-10 15:10 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-10 15:10 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-10 15:10 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-10 15:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-10 15:10 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-10 15:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-10 15:10 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:08 - 2014-09-10 15:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-10 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:05 - 2014-09-10 15:10 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-10 15:10 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-10 15:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-10 15:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-10 15:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-10 15:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-10 15:10 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-10 15:10 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-10 15:10 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-10 15:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-10 15:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-10 15:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-10 15:10 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-10 15:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-10 15:10 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-10 15:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-10 15:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-10 15:10 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-10 15:10 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-10 15:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-10 15:10 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-10 15:10 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-10 15:10 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-10 15:10 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-10 15:10 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:23 - 2014-09-10 15:10 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 23:22 - 2014-09-10 15:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-10 15:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-10 15:10 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-10 15:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-10 15:10 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-10 15:10 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 23:15 - 2014-09-10 15:10 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 23:09 - 2014-09-10 15:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-10 15:10 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-10 15:10 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-10 15:10 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-10 15:10 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-10 15:10 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 22:38 - 2014-09-10 15:10 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 22:36 - 2014-09-10 15:10 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 06:50 - 2014-02-18 09:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-13 06:46 - 2014-08-13 06:46 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-13 06:46 - 2014-08-13 06:46 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-13 06:46 - 2014-08-13 06:46 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-13 06:46 - 2014-08-13 06:46 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-13 06:46 - 2014-08-13 06:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-13 06:46 - 2014-08-13 06:46 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-12 23:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-12 21:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

Some content of TEMP:
====================
C:\Users\Jens Sautter\AppData\Local\Temp\61014uninstall.exe
C:\Users\Jens Sautter\AppData\Local\Temp\92592uninstall.exe
C:\Users\Jens Sautter\AppData\Local\Temp\96833uninstall.exe
C:\Users\Jens Sautter\AppData\Local\Temp\BackupSetup.exe
C:\Users\Jens Sautter\AppData\Local\Temp\djuced.exe
C:\Users\Jens Sautter\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvrn7t0.dll
C:\Users\Jens Sautter\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Jens Sautter\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Jens Sautter\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Jens Sautter\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Jens Sautter\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Jens Sautter\AppData\Local\Temp\lly_webssearches.exe
C:\Users\Jens Sautter\AppData\Local\Temp\media.exe
C:\Users\Jens Sautter\AppData\Local\Temp\newvideoplayersetup.exe
C:\Users\Jens Sautter\AppData\Local\Temp\ose00000.exe
C:\Users\Jens Sautter\AppData\Local\Temp\setup.exe
C:\Users\Jens Sautter\AppData\Local\Temp\Sqlite3.dll
C:\Users\Jens Sautter\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Jens Sautter\AppData\Local\Temp\_is79E.exe
C:\Users\Jens Sautter\AppData\Local\Temp\_is8F73.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 12:16

==================== End Of Log ============================
         
--- --- ---

--- --- ---

FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by Jens Sautter at 2014-09-10 21:42:35
Running from C:\Users\Jens Sautter\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Titanium Internet Security (Enabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Titanium Internet Security (Enabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.17 - STMicroelectronics)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{922E8525-AC7E-4294-ACAA-43712D4423C0}) (Version: 10.0.22.87 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 2.5.775.2 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO64 Codecs (Version: 11.7.0.11105 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5AF0B1A8-1EF7-0FF7-5504-4983FB76F914}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4600 (x32 Version: 130.0.425.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2011.1105.2338.40591 - Ihr Firmenname) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.1105.2338.40591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.1105.2338.40591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.1105.2338.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.1105.2337.40591 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.1105.2338.40591 - Advanced Micro Devices, Inc.) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5000 - CDBurnerXP)
Codec Pack Packages (HKCU\...\Codec Pack Packages) (Version:  - ) <==== ATTENTION
Contents (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
Corel VideoStudio Ultimate X6 (HKLM-x32\...\_{6688A246-F6E8-48AD-9806-8D5832E9F15D}) (Version: 16.0.0.106 - Corel Corporation)
DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Dell Backup and Recovery Manager (HKLM-x32\...\{B7FB9195-E9FC-4316-930E-D799D5D712F7}) (Version: 1.3.1 - Dell Inc.)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Ihr Firmenname)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DirectVobSub 2.40.4209 (HKLM-x32\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
DJUCED 18° (HKLM-x32\...\{34F730A3-77BA-4741-A02A-D40762FEF274}) (Version: 1.0.91 - Guillemot)
DriverTuner 3.1.0.1 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.1 - LionSea SoftWare)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.100.82.88 - Dell Inc.)
ffdshow v1.1.4399 [2012-03-22] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4399.0 - )
FLAC To MP3 V4.0.5 (HKLM-x32\...\FLAC To MP3_is1) (Version:  - FLAC To MP3, Inc.)
Free Audio Converter version 5.0.45.806 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.45.806 - DVDVideoSoft Ltd.)
FreeFileSync 6.5 (HKLM-x32\...\FreeFileSync) (Version: 6.5 - Zenju)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Hercules DJ Products Series drivers (HKLM-x32\...\{33999F1F-EA46-4E55-A239-1BA803235396}) (Version: 6.HDJS.2012 - Hercules)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5 (HKLM\...\{44C81D1A-0520-49BB-B510-98B8DD414EA1}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
ICA (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
IPM_VS_Pro (x32 Version: 16.0 - Corel Corporation) Hidden
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
KONZ-Steuer-2014 (HKLM-x32\...\InstallShield_{20F1078B-E3B6-4DA1-9570-003DE110890A}) (Version: 1.00.0000 - USM)
KONZ-Steuer-2014 (x32 Version: 1.00.0000 - USM) Hidden
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Meine CEWE FOTOWELT (HKLM-x32\...\Meine CEWE FOTOWELT) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenSource Flash Video Splitter 1.0.0.5 (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
PowerXpressHybrid (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden
PS_AIO_05_C4600_Software_Min (x32 Version: 130.0.425.000 - Hewlett-Packard) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
SaveSense (HKCU\...\SaveSense) (Version: 6.4.0.0 - SaveSense) <==== ATTENTION
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Setup (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
Share (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
Share64 (Version: 16.0.0.106 - Corel Corporation) Hidden
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.6 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.6 - SmartSound Software Inc.) Hidden
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Steuer 2013 (HKLM-x32\...\{05AEF487-8926-48A9-B5BA-9BED72BC6B1C}) (Version: 21.00.8480 - Buhl Data Service GmbH)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}) (Version: 1.12.14.0 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.14.0 - Texas Instruments Inc.) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Trend Micro Titanium (Version: 7.0 - Trend Micro Inc.) Hidden
Trend Micro Titanium Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 7.0 - Trend Micro Inc.)
Update for Codec Pack (HKCU\...\Digital Sites) (Version:  - Update for Codec Pack) <==== ATTENTION
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual DJ Pro Basic - Atomix Productions (HKLM-x32\...\Virtual DJ Pro Basic - Atomix Productions) (Version:  - )
VirtualDJ PRO Basic (HKLM-x32\...\{16555F51-23FD-4405-96F3-285AA5FC3CFA}) (Version: 7.4.1 - Atomix Productions)
VSClassic (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
VSHelp (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
VSUltimate (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
WD Quick View (HKLM-x32\...\{9A265E7E-5602-44DB-8B4D-A25C58D02489}) (Version: 2.4.0.39 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{0CADB637-714E-4F47-83C7-F11FEFC930D6}) (Version: 2.4.0.39 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{9af08980-8d36-4304-a8d0-53dc0c7d93a5}) (Version: 2.4.0.39 - Western Digital Technologies, Inc.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7600 - Broadcom Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1120836754-3475043211-1147216431-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jens Sautter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1120836754-3475043211-1147216431-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jens Sautter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1120836754-3475043211-1147216431-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jens Sautter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1120836754-3475043211-1147216431-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jens Sautter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1120836754-3475043211-1147216431-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jens Sautter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1120836754-3475043211-1147216431-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jens Sautter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1120836754-3475043211-1147216431-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jens Sautter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1120836754-3475043211-1147216431-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jens Sautter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1120836754-3475043211-1147216431-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jens Sautter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

10-09-2014 10:06:32 Geplanter Prüfpunkt
10-09-2014 13:00:36 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {047E4550-991B-4279-8201-83D85473FDF5} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {052BD1DC-7BA6-43EF-B46D-B71029AC5100} - System32\Tasks\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-5 => C:\Program Files (x86)\MediaPlayer+\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-5.exe <==== ATTENTION
Task: {0628DE63-5B07-4596-BB98-6ABB5EA2B927} - System32\Tasks\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-6 => C:\Program Files (x86)\MediaPlayer+\MediaPlayer+-novainstaller.exe <==== ATTENTION
Task: {492A35D5-15F0-4FEF-B698-477FB74968D5} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {4AB8E75C-E87C-4094-A62C-6F88DD4B4F24} - System32\Tasks\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-3 => C:\Program Files (x86)\MediaPlayer+\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-3.exe <==== ATTENTION
Task: {6E016B10-944A-4722-A1F4-7757405526CA} - System32\Tasks\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-4 => C:\Program Files (x86)\MediaPlayer+\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-4.exe <==== ATTENTION
Task: {94A56900-E1FE-4DC0-B558-5BFB5E8BF502} - System32\Tasks\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-2 => C:\Program Files (x86)\MediaPlayer+\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-2.exe <==== ATTENTION
Task: {AB3781E0-87F5-4A71-A8C9-EF34FFFAEBD9} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {BE78F1DF-B876-431E-9FCE-C8C9AE12A18B} - System32\Tasks\Titanium BTC => C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe [2014-08-06] (Trend Micro Inc.)
Task: {CD9F57B1-3F0D-4A79-9FE6-B5613DB88FFA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-17] (Google Inc.)
Task: {E1DC2960-C11C-4572-A1E9-E8A3BECA70B0} - System32\Tasks\FoxTab => C:\Users\JENSSA~1\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {E511DF73-C9AE-4C66-BDF4-7669D3896722} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-17] (Google Inc.)
Task: {F2263D6C-D59C-4176-B8BC-70A2A6B0C923} - System32\Tasks\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-7 => C:\Program Files (x86)\MediaPlayer+\MediaPlayer+-nova.exe <==== ATTENTION
Task: {F9C6D4C0-76B2-44FD-9726-9260680ED36A} - System32\Tasks\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-1 => C:\Program Files (x86)\MediaPlayer+\MediaPlayer+-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-1.job => C:\Program Files (x86)\MediaPlayer+\MediaPlayer+-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-2.job => C:\Program Files (x86)\MediaPlayer+\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-3.job => C:\Program Files (x86)\MediaPlayer+\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-4.job => C:\Program Files (x86)\MediaPlayer+\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-5.job => C:\Program Files (x86)\MediaPlayer+\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-6.job => C:\Program Files (x86)\MediaPlayer+\MediaPlayer+-novainstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\d5fddb9b-73ad-4d2b-84bf-dac5fb77096a-7.job => C:\Program Files (x86)\MediaPlayer+\MediaPlayer+-nova.exe <==== ATTENTION
Task: C:\Windows\Tasks\FoxTab.job => C:\Users\JENSSA~1\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-22 21:26 - 2013-01-16 04:19 - 00048128 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_49.dll
2014-01-22 21:26 - 2013-04-02 06:25 - 00675840 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2014-01-22 21:26 - 2013-01-16 04:23 - 00058368 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_49.dll
2014-01-22 21:26 - 2012-12-18 22:06 - 01300480 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2014-01-22 21:26 - 2013-01-16 04:19 - 00018944 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_49.dll
2014-01-22 21:21 - 2013-07-23 17:28 - 00247352 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2014-01-22 21:42 - 2013-12-18 15:33 - 00057584 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll
2014-01-24 23:57 - 2010-10-01 10:48 - 00727664 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2014-01-17 19:49 - 2011-09-25 18:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-15 02:48 - 2013-11-15 02:48 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-04 22:50 - 2014-08-30 04:49 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-04 22:50 - 2014-08-30 04:49 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll
2013-11-15 02:49 - 2013-11-15 02:49 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-09-10 21:05 - 2014-09-10 21:05 - 00098816 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\win32api.pyd
2014-09-10 21:05 - 2014-09-10 21:05 - 00110080 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\pywintypes27.dll
2014-09-10 21:05 - 2014-09-10 21:05 - 00364544 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\pythoncom27.dll
2014-09-10 21:05 - 2014-09-10 21:05 - 00045568 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\_socket.pyd
2014-09-10 21:05 - 2014-09-10 21:05 - 01160704 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\_ssl.pyd
2014-09-10 21:05 - 2014-09-10 21:05 - 00320512 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\win32com.shell.shell.pyd
2014-09-10 21:05 - 2014-09-10 21:05 - 00713216 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\_hashlib.pyd
2014-09-10 21:05 - 2014-09-10 21:05 - 01175040 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\wx._core_.pyd
2014-09-10 21:05 - 2014-09-10 21:05 - 00805888 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\wx._gdi_.pyd
2014-09-10 21:05 - 2014-09-10 21:05 - 00811008 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\wx._windows_.pyd
2014-09-10 21:05 - 2014-09-10 21:05 - 01062400 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\wx._controls_.pyd
2014-09-10 21:04 - 2014-09-10 21:04 - 00735232 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\wx._misc_.pyd
2014-09-10 21:05 - 2014-09-10 21:05 - 00128512 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\_elementtree.pyd
2014-09-10 21:05 - 2014-09-10 21:05 - 00127488 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\pyexpat.pyd
2014-09-10 21:05 - 2014-09-10 21:05 - 00557056 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\pysqlite2._sqlite.pyd
2014-09-10 21:05 - 2014-09-10 21:05 - 00007168 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\hashobjs_ext.pyd
2014-09-10 21:05 - 2014-09-10 21:05 - 00087552 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\_ctypes.pyd
2014-09-10 21:05 - 2014-09-10 21:05 - 00119808 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\win32file.pyd
2014-09-10 21:05 - 2014-09-10 21:05 - 00108544 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\win32security.pyd
2014-09-10 21:05 - 2014-09-10 21:05 - 00018432 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\win32event.pyd
2014-09-10 21:05 - 2014-09-10 21:05 - 00038912 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\win32inet.pyd
2014-09-10 21:05 - 2014-09-10 21:05 - 00070656 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\wx._html2.pyd
2014-09-10 21:05 - 2014-09-10 21:05 - 00167936 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\win32gui.pyd
2014-09-10 21:04 - 2014-09-10 21:04 - 00011264 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\win32crypt.pyd
2014-09-10 21:05 - 2014-09-10 21:05 - 00027136 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\_multiprocessing.pyd
2014-09-10 21:05 - 2014-09-10 21:05 - 00686080 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\unicodedata.pyd
2014-09-10 21:04 - 2014-09-10 21:04 - 00122368 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\wx._wizard.pyd
2014-09-10 21:05 - 2014-09-10 21:05 - 00010240 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\select.pyd
2014-09-10 21:05 - 2014-09-10 21:05 - 00024064 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\win32pipe.pyd
2014-09-10 21:05 - 2014-09-10 21:05 - 00025600 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\win32pdh.pyd
2014-09-10 21:05 - 2014-09-10 21:05 - 00525640 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\windows._lib_cacheinvalidation.pyd
2014-09-10 21:04 - 2014-09-10 21:04 - 00035840 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\win32process.pyd
2014-09-10 21:05 - 2014-09-10 21:05 - 00017408 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\win32profile.pyd
2014-09-10 21:05 - 2014-09-10 21:05 - 00022528 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\win32ts.pyd
2014-09-10 21:04 - 2014-09-10 21:04 - 00078336 _____ () C:\Users\Jens Sautter\AppData\Local\Temp\_MEI38122\wx._animate.pyd
2014-01-18 17:53 - 2010-11-06 00:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-09-04 22:50 - 2014-08-30 04:49 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-04 22:50 - 2014-08-30 04:49 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-04 22:50 - 2014-08-30 04:49 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
2014-01-22 21:21 - 2013-07-23 17:28 - 00039424 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc110-mt-1_49.dll
2014-01-22 21:21 - 2013-07-23 17:28 - 00049152 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc110-mt-1_49.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2014 09:05:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2014 11:12:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 24741

Error: (09/10/2014 11:12:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 24741

Error: (09/10/2014 11:12:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/10/2014 11:12:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6084

Error: (09/10/2014 11:12:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6084

Error: (09/10/2014 11:12:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/10/2014 11:12:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5070

Error: (09/10/2014 11:12:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5070

Error: (09/10/2014 11:12:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (09/10/2014 09:11:31 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (09/10/2014 09:08:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Search" wurde nicht richtig gestartet.

Error: (09/10/2014 09:06:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "globalUpdate Update Service (globalUpdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/10/2014 09:05:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (09/10/2014 09:05:50 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/10/2014 09:05:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (09/10/2014 09:04:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NewPlayer Updater Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/10/2014 03:00:47 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/10/2014 08:19:38 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (09/10/2014 08:16:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "globalUpdate Update Service (globalUpdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (09/10/2014 09:05:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2014 11:12:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 24741

Error: (09/10/2014 11:12:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 24741

Error: (09/10/2014 11:12:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/10/2014 11:12:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6084

Error: (09/10/2014 11:12:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6084

Error: (09/10/2014 11:12:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/10/2014 11:12:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5070

Error: (09/10/2014 11:12:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5070

Error: (09/10/2014 11:12:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 58%
Total physical RAM: 4002.05 MB
Available physical RAM: 1643.1 MB
Total Pagefile: 8002.27 MB
Available Pagefile: 5165.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:285.33 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:14.65 GB) (Free:5.96 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 43E6A7B5)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---

Alt 11.09.2014, 19:10   #5
schrauber
/// the machine
/// TB-Ausbilder
 

SaveSenseLive - Trend Micro brachte Bedrohung - Standard

SaveSenseLive - Trend Micro brachte Bedrohung



Adware & Co. deinstallieren
  • Lade Dir bitte von hier Revo Uninstaller herunter.
  • Installiere und starte das Programm.
  • Suche im Uninstallerfeld nach den Programmen, die unter:

    diesen Zusatz haben:
  • Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.09.2014, 21:45   #6
Tormann16
 
SaveSenseLive - Trend Micro brachte Bedrohung - Standard

SaveSenseLive - Trend Micro brachte Bedrohung



Hallo Schrauber,

danke Dir für die ersten Maßnahmen.

Was mache ich, wenn mir keine Dateien mit Attention vom Revo Uninstaller angezeigt werden?

Alt 16.09.2014, 14:26   #7
schrauber
/// the machine
/// TB-Ausbilder
 

SaveSenseLive - Trend Micro brachte Bedrohung - Standard

SaveSenseLive - Trend Micro brachte Bedrohung



Du musst in die Addition.txt von FRST schauen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu SaveSenseLive - Trend Micro brachte Bedrohung
alarm, bedrohung, files, inter, interne, internet, internet security, meldung, micro, ordner, program, rechner, savesenselive, schutz, schädling, security, seite, trend, trend micro




Ähnliche Themen: SaveSenseLive - Trend Micro brachte Bedrohung


  1. Trend Micro kauft Tipping Point
    Nachrichten - 21.10.2015 (0)
  2. Trend Micro Mobile Security & Antivirus
    Smartphone, Tablet & Handy Security - 10.10.2013 (0)
  3. TREND MICRO Office Scan meldet Bedrohungen
    Plagegeister aller Art und deren Bekämpfung - 07.10.2013 (23)
  4. Trend Micro öffnet nicht
    Log-Analyse und Auswertung - 09.06.2013 (10)
  5. Trend Micro findet JAVA_BLACOLE.SMO
    Plagegeister aller Art und deren Bekämpfung - 09.01.2013 (16)
  6. SQL Injection bei Trend Micro Control Manager
    Nachrichten - 01.10.2012 (0)
  7. [2x] Logfile of Trend Micro HijackThis v2.0.2
    Mülltonne - 12.02.2012 (1)
  8. Trend Micro Internet Security 2008
    Antiviren-, Firewall- und andere Schutzprogramme - 23.01.2012 (42)
  9. Trend Micro - Hijack This -Log Files
    Log-Analyse und Auswertung - 14.01.2011 (1)
  10. Erfahrung mit Trend Micro Internet Security?
    Antiviren-, Firewall- und andere Schutzprogramme - 11.10.2009 (4)
  11. Problem mit Trend Micro Internet Security 2009
    Antiviren-, Firewall- und andere Schutzprogramme - 04.03.2009 (0)
  12. Erfahrungen mit Trend Micro IS 2009
    Antiviren-, Firewall- und andere Schutzprogramme - 17.11.2008 (1)
  13. NetWorm-i.Virus@fp_Logfile of Trend Micro HijackThis
    Log-Analyse und Auswertung - 03.05.2008 (1)
  14. Warnung vor angeblichem Antispywareprogramm von Trend Micro!
    Plagegeister aller Art und deren Bekämpfung - 05.09.2007 (0)
  15. Info: Trend Micro HijackThis 2.00 Beta
    Antiviren-, Firewall- und andere Schutzprogramme - 12.03.2007 (1)
  16. Trend Micro
    Antiviren-, Firewall- und andere Schutzprogramme - 03.06.2003 (27)
  17. trend micro
    Antiviren-, Firewall- und andere Schutzprogramme - 30.03.2003 (6)

Zum Thema SaveSenseLive - Trend Micro brachte Bedrohung - Hallo, mein "Trend Micro Titanium Internet Security" Schutz hat Alarm geschlagen und SaveSenseLive als Bedrohung aufgeführt. Leider habe ich nur noch die Meldung der Internet-Bedrohung. Website-Adresse: hxxp://www.411-spyware.com/de/savesense-entfernen Bewertung: Gefährliche Seite - SaveSenseLive - Trend Micro brachte Bedrohung...
Archiv
Du betrachtest: SaveSenseLive - Trend Micro brachte Bedrohung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.