Guten Tag,

in den letzten Tagen häufen sich Trojaner Meldungen von Mc Afee. Ich kann in Mc Afee nicht einsehen, wo sich der Fundort dieser befindet. Es sind dll Dateien. Ich benötige hierfür eine weitere Hilfe. Ich führte eure Anweisungen für Hilfesuchende aus.
GMER kann ich nicht ausführen. Es erscheint dies hier: "C:\WINDOWS\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Programm verwendet wird.""

Ebenso wurde mir bei FRST keine Addition.txt ausgegeben.

Danke im voraus für eure Zeit.

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Jennifer (administrator) on MIETZIROCKZ on 12-09-2014 15:31:21
Running from C:\Users\Jennifer\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
() C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Users\Jennifer\AppData\Roaming\HTThread\hb.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Schomäcker GmbH) C:\Program Files (x86)\Q Pilot - Client\Service\QPilot-Client-Service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(Dropbox, Inc.) C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Schomäcker GmbH) C:\Program Files (x86)\Q Pilot - Client\GUI\QPilot-Client-GUI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
() C:\Users\Jennifer\Desktop\Defogger.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
() C:\Program Files (x86)\SmarterPower\bin\utilSmarterPower.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\SmarterPower\updateSmarterPower.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565472 2013-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-04-19] (Alcor Micro Corp.)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [467360 2013-03-08] (TOSHIBA)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [QPilotClientGUI] => C:\Program Files (x86)\Q Pilot - Client\GUI\QPilot-Client-GUI.exe [32194048 2012-07-16] (Schomäcker GmbH)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1448665676-453751460-3676031160-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-1448665676-453751460-3676031160-1002\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Jennifer\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-1448665676-453751460-3676031160-1002\...\Run: [Google Update] => C:\Users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-16] (Google Inc.)
HKU\S-1-5-21-1448665676-453751460-3676031160-1002\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [467680 2014-07-30] (Sony)
HKU\S-1-5-21-1448665676-453751460-3676031160-1002\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-1448665676-453751460-3676031160-1002\...\MountPoints2: {57799c1d-bbf1-11e3-8250-54bef705b90a} - "D:\Startme.exe" 
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [224728 2014-09-02] (Client Connect LTD)
AppInit_DLLs:  C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [184048 2013-12-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [181720 2014-09-02] (Client Connect LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
GroupPolicyUsers\S-1-5-21-1448665676-453751460-3676031160-1006\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1448665676-453751460-3676031160-1002\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=25bd7933-5f41-0596-0fe1-a93f7fb06363&searchtype=ds&q={searchTerms}&installDate=25/09/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=25bd7933-5f41-0596-0fe1-a93f7fb06363&searchtype=ds&q={searchTerms}&installDate=25/09/2013
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1410214106&from=cor&uid=TOSHIBAXMQ01ABD075_63AJFLX3SXX63AJFLX3S&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1410214106&from=cor&uid=TOSHIBAXMQ01ABD075_63AJFLX3SXX63AJFLX3S&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1410214106&from=cor&uid=TOSHIBAXMQ01ABD075_63AJFLX3SXX63AJFLX3S&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1410214106&from=cor&uid=TOSHIBAXMQ01ABD075_63AJFLX3SXX63AJFLX3S&q={searchTerms}
SearchScopes: HKLM - {B290E1C1-786D-4A54-B201-42524BE44F8D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=25bd7933-5f41-0596-0fe1-a93f7fb06363&searchtype=ds&q={searchTerms}&installDate=25/09/2013
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=25bd7933-5f41-0596-0fe1-a93f7fb06363&searchtype=ds&q={searchTerms}&installDate=25/09/2013
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKCU - {9F6A4239-DCD2-465A-8479-0A17A90E8523} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: SmarterPower -> {bd7c9b62-a7d9-4405-be51-7fd633f08791} -> C:\Program Files (x86)\SmarterPower\SmarterPowerbho.dll (SmarterPower)
BHO-x32: No Name -> {C32F5BF7-6918-4F78-A97A-53CDF7D07C8C} -> C:\Users\Jennifer\AppData\LocalLow\IE-BHO\bho.dll ()
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\4b01311n.default-1410264320319
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Jennifer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Jennifer\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Jennifer\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Jennifer\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Jennifer\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Jennifer\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jennifer\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-08-27]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-03-29]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-03-29]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-08-06]
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Jennifer\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-02-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2998232 2014-09-02] (Client Connect LTD)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-05-09] ()
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HTService; C:\Users\Jennifer\AppData\Roaming\HTThread\hb.exe [628736 2014-08-28] () [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-09-09] (Cherished Technololgy LIMITED)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 QPilotClientService; C:\Program Files (x86)\Q Pilot - Client\Service\QPilot-Client-Service.exe [29488640 2012-07-16] (Schomäcker GmbH) [File not signed]
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-25] (IDT, Inc.) [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH)
R2 Update SmarterPower; C:\Program Files (x86)\SmarterPower\updateSmarterPower.exe [323320 2014-09-12] ()
R2 Util SmarterPower; C:\Program Files (x86)\SmarterPower\bin\utilSmarterPower.exe [323320 2014-09-12] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [528896 2014-09-09] (Fuyu LIMITED) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 bthav; C:\Windows\system32\drivers\bthav.sys [40448 2008-07-10] (CSR, plc) [File not signed]
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R1 {5eeb83d0-96ea-4249-942c-beead6847053}Gw64; C:\Windows\System32\drivers\{5eeb83d0-96ea-4249-942c-beead6847053}Gw64.sys [61080 2014-09-08] (StdLib)
R3 SPPD; \??\C:\WINDOWS\system32\drivers\SPPD.sys [X]
U3 kxryyaow; \??\C:\Users\Jennifer\AppData\Local\Temp\kxryyaow.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-12 15:20 - 2014-09-12 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-09-12 15:19 - 2014-09-12 15:19 - 00000000 _____ () C:\Users\Jennifer\Desktop\Neues Textdokument.txt
2014-09-12 15:17 - 2014-09-12 15:31 - 00026793 _____ () C:\Users\Jennifer\Desktop\FRST.txt
2014-09-12 15:16 - 2014-09-12 15:16 - 00000478 _____ () C:\Users\Jennifer\Desktop\defogger_disable.log
2014-09-12 15:16 - 2014-09-12 15:16 - 00000000 _____ () C:\Users\Jennifer\defogger_reenable
2014-09-12 15:07 - 2014-09-12 15:07 - 00000000 ____D () C:\Users\Jennifer\.appwork
2014-09-12 14:54 - 2014-09-12 14:54 - 00000478 _____ () C:\Users\Jennifer\Downloads\defogger_disable.log
2014-09-12 14:47 - 2014-09-12 14:47 - 00380416 _____ () C:\Users\Jennifer\Downloads\oko0c7h8.exe
2014-09-12 14:30 - 2014-09-12 15:31 - 00000000 ____D () C:\FRST
2014-09-12 14:26 - 2014-09-12 14:26 - 00380416 _____ () C:\Users\Jennifer\Desktop\Gmer-19357.exe
2014-09-12 14:25 - 2014-09-12 14:26 - 02105856 _____ (Farbar) C:\Users\Jennifer\Desktop\FRST64.exe
2014-09-12 14:25 - 2014-09-12 14:25 - 00050477 _____ () C:\Users\Jennifer\Desktop\Defogger.exe
2014-09-12 09:34 - 2014-09-05 04:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-09-12 09:34 - 2014-09-05 04:31 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-09-12 09:34 - 2014-09-05 02:48 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-09-12 08:20 - 2014-08-02 02:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-11 13:19 - 2014-08-16 04:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-11 13:19 - 2014-08-16 04:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-11 13:19 - 2014-08-16 04:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-11 13:19 - 2014-08-16 04:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-11 13:19 - 2014-08-16 03:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-09-11 13:19 - 2014-08-16 03:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-09-11 13:19 - 2014-08-16 03:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-11 13:19 - 2014-08-16 03:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-09-11 13:19 - 2014-08-16 03:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-11 13:19 - 2014-08-16 03:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-09-11 13:19 - 2014-08-16 03:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-09-11 13:19 - 2014-08-16 03:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-09-11 13:19 - 2014-08-16 03:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-11 13:19 - 2014-08-16 03:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-11 13:19 - 2014-08-16 03:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-11 13:19 - 2014-08-16 03:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-09-11 13:19 - 2014-08-16 03:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-11 13:19 - 2014-08-16 03:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-11 13:19 - 2014-08-16 03:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-11 13:19 - 2014-08-16 03:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-11 13:19 - 2014-08-16 03:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-11 13:19 - 2014-08-16 02:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 13:19 - 2014-08-16 02:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-11 13:19 - 2014-08-16 02:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-11 13:19 - 2014-08-16 02:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-11 13:19 - 2014-08-16 02:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-11 13:19 - 2014-08-16 02:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-11 13:19 - 2014-08-16 02:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-11 13:19 - 2014-08-16 02:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-11 13:19 - 2014-08-16 02:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-11 13:19 - 2014-08-16 02:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-11 13:19 - 2014-08-16 02:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-11 13:19 - 2014-08-16 02:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-09-11 13:19 - 2014-08-16 02:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-11 13:19 - 2014-08-16 02:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-09-11 13:19 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-11 13:19 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-11 13:19 - 2014-02-06 13:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-11 13:19 - 2014-02-06 13:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-11 13:19 - 2014-02-06 13:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-11 13:19 - 2014-02-06 13:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-11 13:19 - 2014-02-06 12:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-11 13:19 - 2014-02-06 12:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-11 13:19 - 2014-02-06 12:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-11 13:19 - 2014-02-06 12:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-11 13:19 - 2014-02-06 12:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-11 13:19 - 2014-02-06 12:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-11 13:19 - 2014-02-06 11:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-11 13:19 - 2014-02-06 11:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-11 13:19 - 2014-02-06 11:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-11 13:19 - 2014-02-06 11:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-11 11:16 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-11 11:16 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-10 14:27 - 2014-09-10 14:34 - 00000000 ____D () C:\Users\Jennifer\Desktop\Dan Brown
2014-09-09 14:05 - 2014-09-09 14:05 - 00000000 ____D () C:\Users\Jennifer\Desktop\Alte Firefox-Daten
2014-09-09 00:33 - 2014-09-08 13:23 - 00061080 _____ (StdLib) C:\WINDOWS\system32\Drivers\{5eeb83d0-96ea-4249-942c-beead6847053}Gw64.sys
2014-09-09 00:09 - 2014-09-09 00:09 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-09-09 00:08 - 2014-09-12 15:11 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-09-09 00:08 - 2014-09-12 15:11 - 00000000 ____D () C:\Program Files (x86)\SmarterPower
2014-09-09 00:08 - 2014-09-09 13:55 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\sweet-page
2014-09-09 00:08 - 2014-09-09 00:08 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-09-09 00:06 - 2014-09-10 12:49 - 00000000 ____D () C:\Users\Jennifer\Desktop\Kreativ
2014-09-09 00:05 - 2014-09-09 00:06 - 00000000 ____D () C:\Users\Jennifer\Desktop\Buch ASP
2014-09-08 23:28 - 2014-01-11 23:11 - 117329210 _____ () C:\Users\Jennifer\Desktop\X-Men 02 (Panini)(1997)RE.cbr
2014-09-08 23:25 - 2012-09-08 19:52 - 255017137 _____ () C:\Users\Jennifer\Desktop\Marvel Exklusiv (Panini) 07 - Spiderman - Verlorene Jahre.cbr
2014-09-08 23:23 - 2014-09-10 14:33 - 00000000 ____D () C:\Users\Jennifer\Desktop\Neuer Ordner
2014-09-08 19:09 - 2014-09-08 19:09 - 00006045 _____ () C:\Users\Jennifer\AppData\Local\recently-used.xbel
2014-09-07 01:09 - 2014-09-07 01:09 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Security Systems
2014-09-07 01:09 - 2014-09-07 01:09 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\HTThread
2014-09-07 01:09 - 2014-09-07 01:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDailyDiary
2014-09-07 01:08 - 2014-09-07 01:09 - 00000000 ____D () C:\Program Files (x86)\iDailyDiary
2014-09-07 01:07 - 2014-09-07 01:07 - 00367456 _____ () C:\Users\Jennifer\Desktop\SoftonicDownloader_fuer_idailydiary.exe
2014-09-05 22:03 - 2014-09-05 22:03 - 00685967 _____ () C:\Users\Jennifer\Documents\stundenplan.xcf
2014-08-28 12:23 - 2014-08-28 12:23 - 00000233 _____ () C:\Users\Jennifer\Desktop\Minecraft Wiki - Die offizielle Quelle für Informationen über Minecraft..URL
2014-08-28 12:17 - 2014-08-28 12:17 - 00002523 _____ () C:\Users\Public\Desktop\Evernote.lnk
2014-08-28 11:10 - 2014-08-23 02:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-27 22:31 - 2014-08-27 22:31 - 00033628 _____ () C:\Users\Jennifer\Documents\Unbenannt.xcf
2014-08-27 11:35 - 2014-09-11 13:58 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\.minecraft
2014-08-27 11:34 - 2014-08-27 11:34 - 00675988 _____ () C:\Users\Jennifer\Desktop\Minecraft.exe
2014-08-24 19:14 - 2014-08-24 19:14 - 00000000 ____D () C:\Users\Jennifer\Daedalic
2014-08-24 17:31 - 2014-08-24 17:31 - 00002380 _____ () C:\Users\Public\Desktop\Edna Bricht Aus - Sammler Edition.lnk
2014-08-24 17:27 - 2014-08-24 17:27 - 00750488 _____ (Oracle Corporation) C:\WINDOWS\system32\npdeployJava1.dll
2014-08-24 17:27 - 2014-08-24 17:27 - 00660368 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2014-08-24 17:27 - 2014-08-24 17:27 - 00263560 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-08-24 17:27 - 2014-08-24 17:27 - 00188808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-08-24 17:27 - 2014-08-24 17:27 - 00188808 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-08-24 17:27 - 2014-08-24 17:27 - 00000000 ____D () C:\Program Files\Java
2014-08-22 01:06 - 2014-08-22 01:06 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\Daedalic Entertainment
2014-08-22 01:05 - 2014-08-24 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daedalic Entertainment
2014-08-22 01:00 - 2014-08-24 17:29 - 00000000 ____D () C:\Program Files (x86)\Daedalic Entertainment
2014-08-21 23:14 - 2014-08-21 23:17 - 61056873 _____ () C:\Users\Jennifer\Downloads\lego.7z
2014-08-21 23:13 - 2014-08-22 00:46 - 2261147555 _____ (Igor Pavlov + Paraglider) C:\Users\Jennifer\Downloads\harveysneweyes_win_1383805789.exe
2014-08-13 01:14 - 2014-06-20 03:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-13 01:14 - 2014-06-20 01:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-13 01:14 - 2014-06-13 03:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-08-13 01:14 - 2014-06-13 03:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-13 01:14 - 2014-06-13 02:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-13 01:14 - 2014-06-06 13:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-08-13 01:13 - 2014-07-15 20:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-08-13 01:13 - 2014-07-15 10:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-08-13 01:13 - 2014-07-15 10:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-08-13 01:13 - 2014-07-15 10:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-08-13 01:13 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-13 01:13 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-13 01:12 - 2014-07-10 06:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-08-13 01:12 - 2014-07-10 06:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-08-13 01:12 - 2014-07-10 05:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-08-13 01:12 - 2014-05-31 08:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-08-13 01:12 - 2014-05-13 09:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-08-13 01:12 - 2014-05-13 07:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-08-13 01:12 - 2014-05-13 06:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-08-13 01:12 - 2014-05-13 06:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-08-13 01:12 - 2014-05-13 05:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-13 01:12 - 2014-05-13 05:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-08-13 01:12 - 2014-05-03 13:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-08-13 01:12 - 2014-05-03 11:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-08-13 01:12 - 2014-05-03 07:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-08-13 01:12 - 2014-05-03 07:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-08-13 01:12 - 2014-05-03 07:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-08-13 01:12 - 2014-05-03 07:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-08-13 01:12 - 2014-05-03 06:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-08-13 01:12 - 2014-05-03 06:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-08-13 01:12 - 2014-05-03 06:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-08-13 01:12 - 2014-05-03 01:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-08-13 01:12 - 2014-05-01 07:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-08-13 01:12 - 2014-04-30 08:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-08-13 01:12 - 2014-04-30 08:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-08-13 01:12 - 2014-04-30 08:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-08-13 01:12 - 2014-04-30 08:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-08-13 01:12 - 2014-04-30 07:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-08-13 01:12 - 2014-04-30 06:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-08-13 01:12 - 2014-04-30 06:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-08-13 01:12 - 2014-04-30 06:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-08-13 01:12 - 2014-04-30 06:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-08-13 01:12 - 2014-04-30 06:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-08-13 01:12 - 2014-04-30 06:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-08-13 01:12 - 2014-04-30 05:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-08-13 01:12 - 2014-04-30 05:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-08-13 01:12 - 2014-04-30 05:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-08-13 01:12 - 2014-04-30 05:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-08-13 01:12 - 2014-04-30 05:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-08-13 01:12 - 2014-04-30 05:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-08-13 01:12 - 2014-04-29 00:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-08-13 01:12 - 2014-04-27 00:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-08-13 01:12 - 2014-04-26 22:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-08-13 01:12 - 2014-04-26 18:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-08-13 01:12 - 2014-04-14 11:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-08-13 01:12 - 2014-04-14 10:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-08-13 01:12 - 2014-04-14 07:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-08-13 01:12 - 2014-04-09 08:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-08-13 01:12 - 2014-04-09 07:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-08-13 01:11 - 2014-08-07 04:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-13 01:11 - 2014-08-02 05:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-13 01:11 - 2014-08-02 05:11 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-13 01:11 - 2014-07-12 06:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-08-13 01:11 - 2014-06-05 16:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-08-13 01:11 - 2014-06-05 15:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-08-13 01:11 - 2014-06-04 11:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-08-13 01:11 - 2014-06-04 07:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-08-13 01:11 - 2014-06-04 07:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-08-13 01:11 - 2014-06-04 06:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-13 01:11 - 2014-06-04 06:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-08-13 01:11 - 2014-06-04 04:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-08-13 01:11 - 2014-06-04 04:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-08-13 01:11 - 2014-06-02 04:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-08-13 01:11 - 2014-05-31 12:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-08-13 01:11 - 2014-05-31 12:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-08-13 01:11 - 2014-05-31 12:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-08-13 01:11 - 2014-05-31 12:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-08-13 01:11 - 2014-05-31 12:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-08-13 01:11 - 2014-05-31 08:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-08-13 01:11 - 2014-05-31 08:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-08-13 01:11 - 2014-05-31 08:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-08-13 01:11 - 2014-05-31 06:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-08-13 01:11 - 2014-05-31 06:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-08-13 01:11 - 2014-05-31 06:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-08-13 01:11 - 2014-05-27 17:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-08-13 01:11 - 2014-05-27 11:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-08-13 01:11 - 2014-05-27 11:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-08-13 01:11 - 2014-05-17 06:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-08-13 01:11 - 2014-05-17 06:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-12 15:31 - 2014-09-12 15:17 - 00026793 _____ () C:\Users\Jennifer\Desktop\FRST.txt
2014-09-12 15:31 - 2014-09-12 14:30 - 00000000 ____D () C:\FRST
2014-09-12 15:25 - 2013-08-27 19:55 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1448665676-453751460-3676031160-1002
2014-09-12 15:23 - 2014-04-04 19:01 - 00000000 ___RD () C:\Users\Jennifer\Dropbox
2014-09-12 15:23 - 2014-04-04 18:53 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Dropbox
2014-09-12 15:23 - 2012-07-26 07:26 - 00000226 _____ () C:\WINDOWS\win.ini
2014-09-12 15:22 - 2014-08-06 23:31 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DF0681BB-C5AE-4CEC-87F9-9F1C9D00E4C3}
2014-09-12 15:22 - 2014-04-04 14:32 - 00000000 ___DO () C:\Users\Jennifer\SkyDrive
2014-09-12 15:20 - 2014-09-12 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-09-12 15:19 - 2014-09-12 15:19 - 00000000 _____ () C:\Users\Jennifer\Desktop\Neues Textdokument.txt
2014-09-12 15:16 - 2014-09-12 15:16 - 00000478 _____ () C:\Users\Jennifer\Desktop\defogger_disable.log
2014-09-12 15:16 - 2014-09-12 15:16 - 00000000 _____ () C:\Users\Jennifer\defogger_reenable
2014-09-12 15:16 - 2014-04-04 13:56 - 00000000 ____D () C:\Users\Jennifer
2014-09-12 15:11 - 2014-09-09 00:08 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-09-12 15:11 - 2014-09-09 00:08 - 00000000 ____D () C:\Program Files (x86)\SmarterPower
2014-09-12 15:11 - 2013-11-14 00:18 - 00083266 _____ () C:\WINDOWS\PFRO.log
2014-09-12 15:11 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-12 15:11 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-12 15:09 - 2014-07-14 16:12 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-09-12 15:09 - 2014-04-04 13:48 - 01270428 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-12 15:07 - 2014-09-12 15:07 - 00000000 ____D () C:\Users\Jennifer\.appwork
2014-09-12 15:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-12 14:54 - 2014-09-12 14:54 - 00000478 _____ () C:\Users\Jennifer\Downloads\defogger_disable.log
2014-09-12 14:48 - 2013-09-16 21:12 - 00001156 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1448665676-453751460-3676031160-1002UA.job
2014-09-12 14:47 - 2014-09-12 14:47 - 00380416 _____ () C:\Users\Jennifer\Downloads\oko0c7h8.exe
2014-09-12 14:44 - 2013-08-27 21:59 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-12 14:26 - 2014-09-12 14:26 - 00380416 _____ () C:\Users\Jennifer\Desktop\Gmer-19357.exe
2014-09-12 14:26 - 2014-09-12 14:25 - 02105856 _____ (Farbar) C:\Users\Jennifer\Desktop\FRST64.exe
2014-09-12 14:25 - 2014-09-12 14:25 - 00050477 _____ () C:\Users\Jennifer\Desktop\Defogger.exe
2014-09-12 13:40 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-12 10:59 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-11 13:58 - 2014-08-27 11:35 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\.minecraft
2014-09-10 18:53 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\tracing
2014-09-10 14:35 - 2013-10-18 23:19 - 00000000 ____D () C:\Users\Jennifer\Documents\Calibre-Bibliothek
2014-09-10 14:34 - 2014-09-10 14:27 - 00000000 ____D () C:\Users\Jennifer\Desktop\Dan Brown
2014-09-10 14:33 - 2014-09-08 23:23 - 00000000 ____D () C:\Users\Jennifer\Desktop\Neuer Ordner
2014-09-10 12:49 - 2014-09-09 00:06 - 00000000 ____D () C:\Users\Jennifer\Desktop\Kreativ
2014-09-10 12:49 - 2013-09-25 14:38 - 01809408 ___SH () C:\Users\Jennifer\Desktop\Thumbs.db
2014-09-10 12:17 - 2014-08-09 22:23 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Tor
2014-09-09 19:44 - 2013-08-27 21:59 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-09-09 14:05 - 2014-09-09 14:05 - 00000000 ____D () C:\Users\Jennifer\Desktop\Alte Firefox-Daten
2014-09-09 13:55 - 2014-09-09 00:08 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\sweet-page
2014-09-09 01:49 - 2013-10-18 23:18 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\calibre
2014-09-09 00:56 - 2013-08-27 19:47 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\Packages
2014-09-09 00:09 - 2014-09-09 00:09 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-09-09 00:08 - 2014-09-09 00:08 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-09-09 00:08 - 2014-07-21 12:48 - 00000000 ____D () C:\Users\Jennifer\Desktop\erol
2014-09-09 00:06 - 2014-09-09 00:05 - 00000000 ____D () C:\Users\Jennifer\Desktop\Buch ASP
2014-09-08 22:47 - 2014-04-01 14:53 - 00000000 ____D () C:\Users\Jennifer\.gimp-2.8
2014-09-08 19:09 - 2014-09-08 19:09 - 00006045 _____ () C:\Users\Jennifer\AppData\Local\recently-used.xbel
2014-09-08 19:09 - 2014-04-01 14:55 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\gtk-2.0
2014-09-08 13:23 - 2014-09-09 00:33 - 00061080 _____ (StdLib) C:\WINDOWS\system32\Drivers\{5eeb83d0-96ea-4249-942c-beead6847053}Gw64.sys
2014-09-08 04:05 - 2013-10-17 22:53 - 00083240 _____ () C:\Users\Jennifer\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-08 04:01 - 2014-03-29 17:50 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-09-08 04:01 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-09-07 01:09 - 2014-09-07 01:09 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Security Systems
2014-09-07 01:09 - 2014-09-07 01:09 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\HTThread
2014-09-07 01:09 - 2014-09-07 01:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDailyDiary
2014-09-07 01:09 - 2014-09-07 01:08 - 00000000 ____D () C:\Program Files (x86)\iDailyDiary
2014-09-07 01:07 - 2014-09-07 01:07 - 00367456 _____ () C:\Users\Jennifer\Desktop\SoftonicDownloader_fuer_idailydiary.exe
2014-09-05 22:03 - 2014-09-05 22:03 - 00685967 _____ () C:\Users\Jennifer\Documents\stundenplan.xcf
2014-09-05 04:36 - 2014-09-12 09:34 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-09-05 04:31 - 2014-09-12 09:34 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-09-05 02:48 - 2014-09-12 09:34 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-09-04 09:48 - 2013-09-16 21:12 - 00001104 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1448665676-453751460-3676031160-1002Core.job
2014-09-04 09:44 - 2014-04-02 20:08 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-09-02 22:06 - 2013-08-22 17:38 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-02 22:06 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-31 19:48 - 2013-08-22 16:44 - 00387816 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-28 12:23 - 2014-08-28 12:23 - 00000233 _____ () C:\Users\Jennifer\Desktop\Minecraft Wiki - Die offizielle Quelle für Informationen über Minecraft..URL
2014-08-28 12:17 - 2014-08-28 12:17 - 00002523 _____ () C:\Users\Public\Desktop\Evernote.lnk
2014-08-28 12:17 - 2014-06-12 09:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-08-27 22:31 - 2014-08-27 22:31 - 00033628 _____ () C:\Users\Jennifer\Documents\Unbenannt.xcf
2014-08-27 13:04 - 2014-03-29 17:42 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-08-27 11:34 - 2014-08-27 11:34 - 00675988 _____ () C:\Users\Jennifer\Desktop\Minecraft.exe
2014-08-27 11:09 - 2013-08-22 16:46 - 00378267 _____ () C:\WINDOWS\setupact.log
2014-08-26 22:05 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-08-26 20:57 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-26 20:57 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-08-26 20:57 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-08-24 19:59 - 2013-07-18 06:32 - 00445288 _____ () C:\WINDOWS\DPINST.LOG
2014-08-24 19:58 - 2014-04-04 14:58 - 00002053 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-08-24 19:58 - 2014-04-04 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-08-24 19:57 - 2013-05-29 19:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-24 19:14 - 2014-08-24 19:14 - 00000000 ____D () C:\Users\Jennifer\Daedalic
2014-08-24 17:31 - 2014-08-24 17:31 - 00002380 _____ () C:\Users\Public\Desktop\Edna Bricht Aus - Sammler Edition.lnk
2014-08-24 17:31 - 2014-08-22 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daedalic Entertainment
2014-08-24 17:29 - 2014-08-22 01:00 - 00000000 ____D () C:\Program Files (x86)\Daedalic Entertainment
2014-08-24 17:27 - 2014-08-24 17:27 - 00750488 _____ (Oracle Corporation) C:\WINDOWS\system32\npdeployJava1.dll
2014-08-24 17:27 - 2014-08-24 17:27 - 00660368 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2014-08-24 17:27 - 2014-08-24 17:27 - 00263560 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-08-24 17:27 - 2014-08-24 17:27 - 00188808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-08-24 17:27 - 2014-08-24 17:27 - 00188808 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-08-24 17:27 - 2014-08-24 17:27 - 00000000 ____D () C:\Program Files\Java
2014-08-23 02:42 - 2014-08-28 11:10 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-22 19:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-22 01:06 - 2014-08-22 01:06 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\Daedalic Entertainment
2014-08-22 00:46 - 2014-08-21 23:13 - 2261147555 _____ (Igor Pavlov + Paraglider) C:\Users\Jennifer\Downloads\harveysneweyes_win_1383805789.exe
2014-08-21 23:17 - 2014-08-21 23:14 - 61056873 _____ () C:\Users\Jennifer\Downloads\lego.7z
2014-08-21 22:58 - 2014-04-04 19:01 - 00001091 _____ () C:\Users\Jennifer\Desktop\Dropbox.lnk
2014-08-21 22:58 - 2014-04-04 18:55 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-16 04:40 - 2014-09-11 13:19 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-16 04:04 - 2014-09-11 13:19 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-16 04:00 - 2014-09-11 13:19 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-16 04:00 - 2014-09-11 13:19 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-16 03:56 - 2014-09-11 13:19 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-16 03:54 - 2014-09-11 13:19 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-16 03:45 - 2014-09-11 13:19 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-16 03:43 - 2014-09-11 13:19 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-16 03:32 - 2014-09-11 13:19 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-16 03:25 - 2014-09-11 13:19 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-16 03:22 - 2014-09-11 13:19 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-16 03:20 - 2014-09-11 13:19 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-16 03:19 - 2014-09-11 13:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-16 03:18 - 2014-09-11 13:19 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-16 03:18 - 2014-09-11 13:19 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-16 03:11 - 2014-09-11 13:19 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-16 03:06 - 2014-09-11 13:19 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-16 03:05 - 2014-09-11 13:19 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-16 03:05 - 2014-09-11 13:19 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-16 03:03 - 2014-09-11 13:19 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-16 03:03 - 2014-09-11 13:19 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-16 02:58 - 2014-09-11 13:19 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-16 02:56 - 2014-09-11 13:19 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-16 02:53 - 2014-09-11 13:19 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-16 02:53 - 2014-09-11 13:19 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-16 02:53 - 2014-09-11 13:19 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-16 02:51 - 2014-09-11 13:19 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-16 02:45 - 2014-09-11 13:19 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-16 02:44 - 2014-09-11 13:19 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-16 02:44 - 2014-09-11 13:19 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-16 02:34 - 2014-09-11 13:19 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-16 02:20 - 2014-09-11 13:19 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-16 02:18 - 2014-09-11 13:19 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-16 02:14 - 2014-09-11 13:19 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-16 02:12 - 2014-09-11 13:19 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-14 00:06 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-14 00:06 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-08-14 00:06 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-08-14 00:06 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-08-14 00:04 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-13 18:26 - 2013-08-28 13:11 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-13 18:22 - 2013-08-28 13:11 - 99218768 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-13 01:10 - 2014-04-14 17:16 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-08-13 01:06 - 2014-06-12 00:32 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS

Some content of TEMP:
====================
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationCore.dll
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationFramework.dll
C:\Users\ADMINI~1\AppData\Local\Temp\ReachFramework.dll
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationProvider.dll
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationTypes.dll
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsBase.dll
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsFormsIntegration.dll
C:\Users\Jennifer\AppData\Local\Temp\13054687681234724428.exe
C:\Users\Jennifer\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr4ugcy.dll
C:\Users\Jennifer\AppData\Local\Temp\Fx6_FF_IE_Setup-Softonic.exe
C:\Users\Jennifer\AppData\Local\Temp\JDSetup130546876771251577.exe
C:\Users\Jennifer\AppData\Local\Temp\proxy_vole8170917200005694461.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-08 17:33

==================== End Of Log ============================
         

Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

Danke.

Addition.txt

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by Jennifer at 2014-09-12 15:47:32
Running from C:\Users\Jennifer\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.7.1245.73473 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 4.7.1245.73473 - Alcor Micro Corp.) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: -218103565.4759644.48.2147344384 - Audible, Inc.)
Bandizip (HKCU\...\Bandizip) (Version: 3.08 - Bandisoft.com)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version:  - ) <==== ATTENTION
calibre (HKLM-x32\...\{260CE6D4-9FB5-47CB-8425-BEE666F40FC0}) (Version: 1.7.0 - Kovid Goyal)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
DTS Sound (HKLM-x32\...\{F8EB8FFC-C535-49A1-A84D-CC75CB2D6ADA}) (Version: 1.00.0071 - DTS, Inc.)
Easy Real Converter V1.65 (HKLM-x32\...\Easy Real Converter_is1) (Version: 1.65 - Magicutils, Inc.)
Edna Bricht Aus - Sammler Edition (HKLM-x32\...\EdnaSE) (Version: 1.2 - Daedalic Entertainment)
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden
Evernote v. 5.4 (HKLM-x32\...\{59071464-DAEE-11E3-9080-00163E98E7D0}) (Version: 5.4.0.3698 - Evernote Corp.)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Foxy Secure (HKLM-x32\...\Foxy Secure) (Version: 6 - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Harveys Neue Augen (HKLM-x32\...\Harvey) (Version: 2.0 - Daedalic Entertainment)
iDailyDiary 3.71 (HKLM-x32\...\iDailyDiary_is1) (Version:  - Splinterware Software Solutions)
IDT Audio Driver (HKLM\...\{11424B27-C16B-4505-9667-82A10AD1B1DC}) (Version: 6.10.6472.0 - IDT)
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41663) (Version: 3.8.0.41663.61 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.0.4.1001 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
Java(TM) 7 Update 2 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417002FF}) (Version: 7.0.20 - Oracle)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
NVIDIA Control Panel 311.41 (Version: 311.41 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 311.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.41 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.0.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Q Pilot - Client (HKLM-x32\...\Q Pilot - Client 4.5.0.16606) (Version: 4.5.0.16606 - Schomäcker GmbH)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK Semiconductor Corp.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.17.2.3 - Client Connect LTD) <==== ATTENTION
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SmarterPower (HKLM\...\SmarterPower) (Version: 2014.09.08.212623 - SmarterPower) <==== ATTENTION
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.4.201403101311 - Sony Mobile Communications AB)
Sony PC Companion 2.10.221 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.221 - Sony)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
Tor (remove only) (HKLM-x32\...\Tor) (Version:  - )
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{B6619F14-F766-4000-BC8A-522D4CC4E44F}) (Version: 1.0.4.5 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6630.6403 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.342 - Toshiba Corporation)
TOSHIBA Password Utility (x32 Version: 3.00.342 - Toshiba Corporation) Hidden
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.02.6402 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.6.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.5.0 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Utils (HKLM-x32\...\Windows Utils) (Version:  - )
WindowsMangerProtect20.0.0.722 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.722 - WindowsProtect LIMITED) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1448665676-453751460-3676031160-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1448665676-453751460-3676031160-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jennifer\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1448665676-453751460-3676031160-1002_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Users\Jennifer\AppData\Local\Bandizip\bdzshl64.dll (Bandisoft.com)
CustomCLSID: HKU\S-1-5-21-1448665676-453751460-3676031160-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jennifer\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1448665676-453751460-3676031160-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jennifer\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1448665676-453751460-3676031160-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1448665676-453751460-3676031160-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1448665676-453751460-3676031160-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1448665676-453751460-3676031160-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1448665676-453751460-3676031160-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1448665676-453751460-3676031160-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1448665676-453751460-3676031160-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1448665676-453751460-3676031160-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1448665676-453751460-3676031160-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jennifer\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

28-08-2014 10:37:38 Windows Update
04-09-2014 21:36:51 Geplanter Prüfpunkt
11-09-2014 11:17:57 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04714594-5615-4862-9443-B5B10C66B178} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {053A2BE8-11E6-4D52-B021-2AFEC3E919A1} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {48D02C46-C4C2-4796-BFA3-9C4DECE0FD1A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6D9B8B77-AF8B-44F8-976A-4A94507AA536} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1448665676-453751460-3676031160-1002Core => C:\Users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-16] (Google Inc.)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {80F4C75D-1D43-44AE-9F21-299A8DAFD790} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {91B032E4-1D65-4A21-9750-3ED4503E781A} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A104FB9B-ABDB-4E8D-8C56-67DA2B7353A1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-08-13] (Microsoft Corporation)
Task: {ABB001FF-E089-47DC-902E-AC0089E10903} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {CBC23AC5-654C-4DFA-ADB1-5F8F3772C42D} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-07-18] (Toshiba Europe GmbH)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D02CD936-3E8F-4A61-84E6-5EFA643D5E44} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {D0DBF591-2CBD-47B0-BE6F-162F5EAAE125} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1448665676-453751460-3676031160-1002
Task: {D514A1A5-A44A-41E3-8819-93BB17305B95} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DD80D03A-41C8-47BC-973D-62F5ADF8E358} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation)
Task: {DFFE31A5-78AF-4E17-8A55-ADA74D1D1440} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1448665676-453751460-3676031160-1002UA => C:\Users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-16] (Google Inc.)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {FECF97D4-BB83-4240-B455-16A815D0DDD3} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1448665676-453751460-3676031160-1002Core.job => C:\Users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1448665676-453751460-3676031160-1002UA.job => C:\Users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-23 12:33 - 2013-12-23 12:33 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-03-27 23:53 - 2013-03-27 23:53 - 00163168 _____ () C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
2014-06-25 13:27 - 2012-04-24 16:49 - 00015360 _____ () C:\WINDOWS\System32\KOAZXJ_L.dll
2013-05-09 18:49 - 2013-05-09 18:49 - 00016720 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2014-09-07 01:09 - 2014-08-28 09:16 - 00628736 _____ () C:\Users\Jennifer\AppData\Roaming\HTThread\hb.exe
2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-11-04 19:22 - 2013-11-04 19:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-19 03:38 - 2012-07-19 03:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2014-04-04 14:58 - 2014-06-23 09:07 - 00113376 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2014-09-12 14:25 - 2014-09-12 14:25 - 00050477 _____ () C:\Users\Jennifer\Desktop\Defogger.exe
2014-04-16 12:30 - 2014-04-16 12:30 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\926020eb508f6968545d6a51fb661fad\Windows.UI.ni.dll
2013-08-22 09:19 - 2013-08-22 08:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd
2014-04-16 12:30 - 2014-04-16 12:30 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\057b7043f4868b76c209d9c426b80743\Windows.Foundation.ni.dll
2014-09-09 00:32 - 2014-09-12 15:22 - 00323320 _____ () C:\Program Files (x86)\SmarterPower\bin\utilSmarterPower.exe
2014-09-08 23:28 - 2014-09-12 15:23 - 00323320 _____ () C:\Program Files (x86)\SmarterPower\updateSmarterPower.exe
2014-09-07 01:09 - 2014-09-07 01:09 - 00374272 _____ () C:\Users\Jennifer\AppData\Roaming\HTThread\sub\default.dll
2014-06-25 13:26 - 2011-09-16 02:27 - 00020480 _____ () C:\Program Files (x86)\Q Pilot - Client\Common\Java\bin\jetvm\jvm.dll
2014-06-25 13:26 - 2011-09-16 02:27 - 00069632 _____ () C:\Program Files (x86)\Q Pilot - Client\Common\Java\bin\java.dll
2014-06-25 13:26 - 2012-06-16 02:00 - 00126976 _____ () C:\Program Files (x86)\Q Pilot - Client\Common\Java\bin\zip.dll
2014-06-25 13:26 - 2011-09-16 02:26 - 00176128 _____ () C:\Program Files (x86)\Q Pilot - Client\Common\Java\jetrt\baseline760.dll
2013-07-18 06:23 - 2012-07-18 15:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-04-04 14:58 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2014-04-04 14:58 - 2013-09-13 11:02 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2013-06-11 09:31 - 2013-06-11 09:31 - 00090112 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CalEngine.dll
2011-01-05 15:01 - 2011-01-05 15:01 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PimNotes.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2014-04-04 14:58 - 2010-01-11 16:44 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
2012-04-04 14:33 - 2012-04-04 14:33 - 00139776 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CAgdLNotes.dll
2013-01-08 17:02 - 2013-01-08 17:02 - 00163840 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CAgdOutlook.dll
2012-07-26 11:51 - 2012-07-26 11:51 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VistaCalendar.dll
2014-04-04 14:58 - 2013-05-20 12:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
2014-03-06 15:42 - 2014-03-06 15:42 - 00528384 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2014-09-12 15:16 - 2014-09-12 15:16 - 00043008 _____ () c:\users\jennifer\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr4ugcy.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\libcef.dll
2014-05-13 16:22 - 2014-05-13 16:22 - 00436576 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-05-13 16:22 - 2014-05-13 16:22 - 00318304 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2014-06-04 20:54 - 2014-08-03 00:59 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Jennifer\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Jennifer\Desktop\DSC_4503.JPG:com.dropbox.attributes
AlternateDataStreams: C:\Users\Jennifer\Desktop\DSC_4614.JPG:com.dropbox.attributes
AlternateDataStreams: C:\Users\Jennifer\Desktop\DSC_4656.JPG:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/12/2014 03:21:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x16cc
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Vollständiger Name des fehlerhaften Pakets: Gmer-19357.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Gmer-19357.exe5

Error: (09/12/2014 03:21:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x1740
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Vollständiger Name des fehlerhaften Pakets: Gmer-19357.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Gmer-19357.exe5

Error: (09/12/2014 02:47:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: oko0c7h8.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: oko0c7h8.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x2b94
Startzeit der fehlerhaften Anwendung: 0xoko0c7h8.exe0
Pfad der fehlerhaften Anwendung: oko0c7h8.exe1
Pfad des fehlerhaften Moduls: oko0c7h8.exe2
Berichtskennung: oko0c7h8.exe3
Vollständiger Name des fehlerhaften Pakets: oko0c7h8.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: oko0c7h8.exe5

Error: (09/12/2014 02:45:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x2914
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Vollständiger Name des fehlerhaften Pakets: Gmer-19357.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Gmer-19357.exe5

Error: (09/12/2014 02:44:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x19c4
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Vollständiger Name des fehlerhaften Pakets: Gmer-19357.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Gmer-19357.exe5

Error: (09/12/2014 09:19:28 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/11/2014 00:59:06 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/10/2014 01:04:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MIETZIROCKZ)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147023174. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (09/10/2014 01:04:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MIETZIROCKZ)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147023174. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (09/09/2014 10:35:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SynTPEnh.exe, Version: 17.0.8.21, Zeitstempel: 0x52173eed
Name des fehlerhaften Moduls: SynTPEnh.exe, Version: 17.0.8.21, Zeitstempel: 0x52173eed
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000002d67
ID des fehlerhaften Prozesses: 0x1728
Startzeit der fehlerhaften Anwendung: 0xSynTPEnh.exe0
Pfad der fehlerhaften Anwendung: SynTPEnh.exe1
Pfad des fehlerhaften Moduls: SynTPEnh.exe2
Berichtskennung: SynTPEnh.exe3
Vollständiger Name des fehlerhaften Pakets: SynTPEnh.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SynTPEnh.exe5


System errors:
=============
Error: (09/12/2014 03:09:25 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {76DEF3AC-2910-4234-9EE2-C81B2D45833A}

Error: (09/12/2014 03:09:25 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {76DEF3AC-2910-4234-9EE2-C81B2D45833A}

Error: (09/12/2014 03:09:15 PM) (Source: DCOM) (EventID: 10010) (User: MIETZIROCKZ)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (09/09/2014 10:46:55 PM) (Source: DCOM) (EventID: 10010) (User: MIETZIROCKZ)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (09/08/2014 04:02:49 AM) (Source: DCOM) (EventID: 10005) (User: MIETZIROCKZ)
Description: 1053WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (09/08/2014 04:02:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (09/08/2014 04:02:07 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (09/08/2014 04:00:25 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT-AUTORITÄT)
Description: Der Systemüberwachungszeitgeber wurde ausgelöst.

Error: (09/08/2014 04:00:47 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎08.‎09.‎2014 um 03:45:04 unerwartet heruntergefahren.

Error: (09/07/2014 10:23:52 PM) (Source: DCOM) (EventID: 10010) (User: MIETZIROCKZ)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================
Error: (09/12/2014 03:21:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aa16cc01cfce8c798d7318C:\Users\Jennifer\Desktop\Gmer-19357.exeC:\Users\Jennifer\Desktop\Gmer-19357.exebaffcf1d-3a7f-11e4-beb3-54bef705b90a

Error: (09/12/2014 03:21:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aa174001cfce8c23a384f3C:\Users\Jennifer\Desktop\Gmer-19357.exeC:\Users\Jennifer\Desktop\Gmer-19357.exeb07663eb-3a7f-11e4-beb3-54bef705b90a

Error: (09/12/2014 02:47:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: oko0c7h8.exe2.1.19357.052e7ea83oko0c7h8.exe2.1.19357.052e7ea83c0000005000011aa2b9401cfce87afe2044eC:\Users\Jennifer\Downloads\oko0c7h8.exeC:\Users\Jennifer\Downloads\oko0c7h8.exef8ba1115-3a7a-11e4-beb2-54bef705b90a

Error: (09/12/2014 02:45:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aa291401cfce8767a4f0fcC:\Users\Jennifer\Desktop\Gmer-19357.exeC:\Users\Jennifer\Desktop\Gmer-19357.exea9268a98-3a7a-11e4-beb2-54bef705b90a

Error: (09/12/2014 02:44:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aa19c401cfce8744537101C:\Users\Jennifer\Downloads\Gmer-19357.exeC:\Users\Jennifer\Downloads\Gmer-19357.exe8895da56-3a7a-11e4-beb2-54bef705b90a

Error: (09/12/2014 09:19:28 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/11/2014 00:59:06 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/10/2014 01:04:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MIETZIROCKZ)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174

Error: (09/10/2014 01:04:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MIETZIROCKZ)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174

Error: (09/09/2014 10:35:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SynTPEnh.exe17.0.8.2152173eedSynTPEnh.exe17.0.8.2152173eedc00000050000000000002d67172801cfcb66cfca8757C:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exedd75c54d-3860-11e4-beb2-54bef705b90a


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 29%
Total physical RAM: 8067.27 MB
Available physical RAM: 5684.18 MB
Total Pagefile: 9347.27 MB
Available Pagefile: 6992.71 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (TI31128200A) (Fixed) (Total:685.49 GB) (Free:603.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Als Fundort konnte ich gerade das hier finden:
C:\Program Files (x86)\SmarterPower\bin
Entdeckte Bedrohungen
Artemis!91156F86525C (Trojaner)

Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen aus den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

AdwCleaner

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v3.309 - Bericht erstellt am 12/09/2014 um 16:05:45
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Jennifer - MIETZIROCKZ
# Gestartet von : C:\Users\Jennifer\Desktop\adwcleaner_3.309.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : CltMngSvc
Dienst Gelöscht : IePluginServices
Dienst Gelöscht : WindowsMangerProtect
[#] Dienst Gelöscht : Update SmarterPower
[#] Dienst Gelöscht : Util SmarterPower
Dienst Gelöscht : {5eeb83d0-96ea-4249-942c-beead6847053}Gw64

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Conduit
Ordner Gelöscht : C:\ProgramData\DSearchLink
Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\SearchProtect
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Program Files (x86)\SmarterPower
Ordner Gelöscht : C:\Program Files (x86)\Common Files\337
[/!\] Nicht Gelöscht ( Junction ) : C:\Program Files\Gemeinsame Dateien
Ordner Gelöscht : C:\Users\Jennifer\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Jennifer\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Jennifer\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Jennifer\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Jennifer\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Jennifer\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Jennifer\AppData\Roaming\Security Systems
Ordner Gelöscht : C:\Users\Jennifer\AppData\Roaming\sweet-page
Ordner Gelöscht : C:\Users\Jennifer\AppData\Roaming\Windows Net Data
Ordner Gelöscht : C:\Users\Jennifer\Documents\Optimizer Pro
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\WINDOWS\System32\drivers\{5eeb83d0-96ea-4249-942c-beead6847053}Gw64.sys

***** [ Tasks ] *****

Task Gelöscht : Desk 365 RunAsStdUser

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SmarterPower_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SmarterPower_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateSmarterPower_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateSmarterPower_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilSmarterPower_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilSmarterPower_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update SmarterPower
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util SmarterPower
Schlüssel Gelöscht : HKLM\SOFTWARE\5fed8ddb268bf49
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3293887
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C32F5BF7-6918-4F78-A97A-53CDF7D07C8C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{bd7c9b62-a7d9-4405-be51-7fd633f08791}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{98D9C91C-10F5-4B34-BD72-AE981CAA6F54}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{be7650b2-5936-4ee6-b4f2-ae385db13a90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C32F5BF7-6918-4F78-A97A-53CDF7D07C8C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bd7c9b62-a7d9-4405-be51-7fd633f08791}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C32F5BF7-6918-4F78-A97A-53CDF7D07C8C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C32F5BF7-6918-4F78-A97A-53CDF7D07C8C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{98D9C91C-10F5-4B34-BD72-AE981CAA6F54}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\BABSOLUTION
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SupHpUISoft
Schlüssel Gelöscht : HKCU\Software\SmarterPower
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Desksvc
Schlüssel Gelöscht : HKLM\SOFTWARE\hdcode
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\supWPM
Schlüssel Gelöscht : HKLM\SOFTWARE\sweet-pageSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\V9
Schlüssel Gelöscht : HKLM\SOFTWARE\SmarterPower
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DomaIQ
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmarterPower
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17278

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\4b01311n.default-1410264320319\prefs.js ]


*************************

AdwCleaner[R0].txt - [14115 octets] - [12/09/2014 16:00:29]
AdwCleaner[S0].txt - [11570 octets] - [12/09/2014 16:05:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11631 octets] ##########
         

JRT.text

Code: Alles auswählenAufklappen

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Jennifer on 12.09.2014 at 16:13:39,16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1448665676-453751460-3676031160-1002\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9F6A4239-DCD2-465A-8479-0A17A90E8523}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Jennifer\AppData\Roaming\mozilla\firefox\profiles\4b01311n.default-1410264320319\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.09.2014 at 16:20:48,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST.txt

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Jennifer (administrator) on MIETZIROCKZ on 12-09-2014 16:33:18
Running from C:\Users\Jennifer\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
() C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Users\Jennifer\AppData\Roaming\HTThread\hb.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Schomäcker GmbH) C:\Program Files (x86)\Q Pilot - Client\Service\QPilot-Client-Service.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(Dropbox, Inc.) C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Schomäcker GmbH) C:\Program Files (x86)\Q Pilot - Client\GUI\QPilot-Client-GUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565472 2013-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-04-19] (Alcor Micro Corp.)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [467360 2013-03-08] (TOSHIBA)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [QPilotClientGUI] => C:\Program Files (x86)\Q Pilot - Client\GUI\QPilot-Client-GUI.exe [32194048 2012-07-16] (Schomäcker GmbH)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1448665676-453751460-3676031160-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-1448665676-453751460-3676031160-1002\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Jennifer\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-1448665676-453751460-3676031160-1002\...\Run: [Google Update] => C:\Users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-16] (Google Inc.)
HKU\S-1-5-21-1448665676-453751460-3676031160-1002\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [467680 2014-07-30] (Sony)
HKU\S-1-5-21-1448665676-453751460-3676031160-1002\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-1448665676-453751460-3676031160-1002\...\MountPoints2: {57799c1d-bbf1-11e3-8250-54bef705b90a} - "D:\Startme.exe" 
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [184048 2013-12-23] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
GroupPolicyUsers\S-1-5-21-1448665676-453751460-3676031160-1006\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1448665676-453751460-3676031160-1002\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {B290E1C1-786D-4A54-B201-42524BE44F8D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\4b01311n.default-1410264320319
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Jennifer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Jennifer\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Jennifer\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Jennifer\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Jennifer\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Jennifer\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jennifer\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: SmarterPower - C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\4b01311n.default-1410264320319\Extensions\{5eeb83d0-96ea-4249-942c-beead6847053}.xpi [2014-09-12]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-08-27]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-03-29]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-03-29]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-08-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-05-09] ()
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HTService; C:\Users\Jennifer\AppData\Roaming\HTThread\hb.exe [628736 2014-08-28] () [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 QPilotClientService; C:\Program Files (x86)\Q Pilot - Client\Service\QPilot-Client-Service.exe [29488640 2012-07-16] (Schomäcker GmbH) [File not signed]
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-25] (IDT, Inc.) [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 bthav; C:\Windows\system32\drivers\bthav.sys [40448 2008-07-10] (CSR, plc) [File not signed]
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-12 16:33 - 2014-09-12 16:33 - 00021979 _____ () C:\Users\Jennifer\Desktop\FRST.txt
2014-09-12 16:20 - 2014-09-12 16:20 - 00001099 _____ () C:\Users\Jennifer\Desktop\JRT.txt
2014-09-12 16:14 - 2014-09-12 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-09-12 16:10 - 2014-09-12 16:10 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-12 16:08 - 2014-09-12 16:08 - 00011776 _____ () C:\Users\Jennifer\Desktop\AdwCleaner[S0].txt
2014-09-12 16:00 - 2014-09-12 16:06 - 00000000 ____D () C:\AdwCleaner
2014-09-12 15:59 - 2014-09-12 15:59 - 01016261 _____ (Thisisu) C:\Users\Jennifer\Desktop\JRT.exe
2014-09-12 15:58 - 2014-09-12 15:58 - 01370483 _____ () C:\Users\Jennifer\Desktop\adwcleaner_3.309.exe
2014-09-12 15:19 - 2014-09-12 15:19 - 00000000 _____ () C:\Users\Jennifer\Desktop\Neues Textdokument.txt
2014-09-12 15:16 - 2014-09-12 15:16 - 00000478 _____ () C:\Users\Jennifer\Desktop\defogger_disable.log
2014-09-12 15:16 - 2014-09-12 15:16 - 00000000 _____ () C:\Users\Jennifer\defogger_reenable
2014-09-12 15:07 - 2014-09-12 15:07 - 00000000 ____D () C:\Users\Jennifer\.appwork
2014-09-12 14:54 - 2014-09-12 14:54 - 00000478 _____ () C:\Users\Jennifer\Downloads\defogger_disable.log
2014-09-12 14:47 - 2014-09-12 14:47 - 00380416 _____ () C:\Users\Jennifer\Downloads\oko0c7h8.exe
2014-09-12 14:30 - 2014-09-12 16:33 - 00000000 ____D () C:\FRST
2014-09-12 14:26 - 2014-09-12 14:26 - 00380416 _____ () C:\Users\Jennifer\Desktop\Gmer-19357.exe
2014-09-12 14:25 - 2014-09-12 14:26 - 02105856 _____ (Farbar) C:\Users\Jennifer\Desktop\FRST64.exe
2014-09-12 14:25 - 2014-09-12 14:25 - 00050477 _____ () C:\Users\Jennifer\Desktop\Defogger.exe
2014-09-12 09:34 - 2014-09-05 04:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-09-12 09:34 - 2014-09-05 04:31 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-09-12 09:34 - 2014-09-05 02:48 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-09-12 08:20 - 2014-08-02 02:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-11 13:19 - 2014-08-16 04:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-11 13:19 - 2014-08-16 04:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-11 13:19 - 2014-08-16 04:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-11 13:19 - 2014-08-16 04:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-11 13:19 - 2014-08-16 03:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-09-11 13:19 - 2014-08-16 03:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-09-11 13:19 - 2014-08-16 03:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-11 13:19 - 2014-08-16 03:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-09-11 13:19 - 2014-08-16 03:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-11 13:19 - 2014-08-16 03:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-09-11 13:19 - 2014-08-16 03:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-09-11 13:19 - 2014-08-16 03:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-09-11 13:19 - 2014-08-16 03:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-11 13:19 - 2014-08-16 03:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-11 13:19 - 2014-08-16 03:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-11 13:19 - 2014-08-16 03:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-09-11 13:19 - 2014-08-16 03:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-11 13:19 - 2014-08-16 03:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-11 13:19 - 2014-08-16 03:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-11 13:19 - 2014-08-16 03:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-11 13:19 - 2014-08-16 03:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-11 13:19 - 2014-08-16 02:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 13:19 - 2014-08-16 02:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-11 13:19 - 2014-08-16 02:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-11 13:19 - 2014-08-16 02:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-11 13:19 - 2014-08-16 02:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-11 13:19 - 2014-08-16 02:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-11 13:19 - 2014-08-16 02:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-11 13:19 - 2014-08-16 02:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-11 13:19 - 2014-08-16 02:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-11 13:19 - 2014-08-16 02:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-11 13:19 - 2014-08-16 02:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-11 13:19 - 2014-08-16 02:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-09-11 13:19 - 2014-08-16 02:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-11 13:19 - 2014-08-16 02:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-09-11 13:19 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-11 13:19 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-11 13:19 - 2014-02-06 13:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-11 13:19 - 2014-02-06 13:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-11 13:19 - 2014-02-06 13:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-11 13:19 - 2014-02-06 13:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-11 13:19 - 2014-02-06 12:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-11 13:19 - 2014-02-06 12:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-11 13:19 - 2014-02-06 12:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-11 13:19 - 2014-02-06 12:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-11 13:19 - 2014-02-06 12:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-11 13:19 - 2014-02-06 12:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-11 13:19 - 2014-02-06 11:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-11 13:19 - 2014-02-06 11:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-11 13:19 - 2014-02-06 11:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-11 13:19 - 2014-02-06 11:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-11 11:16 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-11 11:16 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-10 14:27 - 2014-09-10 14:34 - 00000000 ____D () C:\Users\Jennifer\Desktop\Dan Brown
2014-09-09 14:05 - 2014-09-09 14:05 - 00000000 ____D () C:\Users\Jennifer\Desktop\Alte Firefox-Daten
2014-09-09 00:06 - 2014-09-10 12:49 - 00000000 ____D () C:\Users\Jennifer\Desktop\Kreativ
2014-09-09 00:05 - 2014-09-09 00:06 - 00000000 ____D () C:\Users\Jennifer\Desktop\Buch ASP
2014-09-08 23:28 - 2014-01-11 23:11 - 117329210 _____ () C:\Users\Jennifer\Desktop\X-Men 02 (Panini)(1997)RE.cbr
2014-09-08 23:25 - 2012-09-08 19:52 - 255017137 _____ () C:\Users\Jennifer\Desktop\Marvel Exklusiv (Panini) 07 - Spiderman - Verlorene Jahre.cbr
2014-09-08 23:23 - 2014-09-10 14:33 - 00000000 ____D () C:\Users\Jennifer\Desktop\Neuer Ordner
2014-09-08 19:09 - 2014-09-08 19:09 - 00006045 _____ () C:\Users\Jennifer\AppData\Local\recently-used.xbel
2014-09-07 01:09 - 2014-09-07 01:09 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\HTThread
2014-09-07 01:09 - 2014-09-07 01:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDailyDiary
2014-09-07 01:08 - 2014-09-07 01:09 - 00000000 ____D () C:\Program Files (x86)\iDailyDiary
2014-09-07 01:07 - 2014-09-07 01:07 - 00367456 _____ () C:\Users\Jennifer\Desktop\SoftonicDownloader_fuer_idailydiary.exe
2014-09-05 22:03 - 2014-09-05 22:03 - 00685967 _____ () C:\Users\Jennifer\Documents\stundenplan.xcf
2014-08-28 12:23 - 2014-08-28 12:23 - 00000233 _____ () C:\Users\Jennifer\Desktop\Minecraft Wiki - Die offizielle Quelle für Informationen über Minecraft..URL
2014-08-28 12:17 - 2014-08-28 12:17 - 00002523 _____ () C:\Users\Public\Desktop\Evernote.lnk
2014-08-28 11:10 - 2014-08-23 02:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-27 22:31 - 2014-08-27 22:31 - 00033628 _____ () C:\Users\Jennifer\Documents\Unbenannt.xcf
2014-08-27 11:35 - 2014-09-11 13:58 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\.minecraft
2014-08-27 11:34 - 2014-08-27 11:34 - 00675988 _____ () C:\Users\Jennifer\Desktop\Minecraft.exe
2014-08-24 19:14 - 2014-08-24 19:14 - 00000000 ____D () C:\Users\Jennifer\Daedalic
2014-08-24 17:31 - 2014-08-24 17:31 - 00002380 _____ () C:\Users\Public\Desktop\Edna Bricht Aus - Sammler Edition.lnk
2014-08-24 17:27 - 2014-08-24 17:27 - 00750488 _____ (Oracle Corporation) C:\WINDOWS\system32\npdeployJava1.dll
2014-08-24 17:27 - 2014-08-24 17:27 - 00660368 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2014-08-24 17:27 - 2014-08-24 17:27 - 00263560 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-08-24 17:27 - 2014-08-24 17:27 - 00188808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-08-24 17:27 - 2014-08-24 17:27 - 00188808 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-08-24 17:27 - 2014-08-24 17:27 - 00000000 ____D () C:\Program Files\Java
2014-08-22 01:06 - 2014-08-22 01:06 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\Daedalic Entertainment
2014-08-22 01:05 - 2014-08-24 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daedalic Entertainment
2014-08-22 01:00 - 2014-08-24 17:29 - 00000000 ____D () C:\Program Files (x86)\Daedalic Entertainment
2014-08-21 23:14 - 2014-08-21 23:17 - 61056873 _____ () C:\Users\Jennifer\Downloads\lego.7z
2014-08-21 23:13 - 2014-08-22 00:46 - 2261147555 _____ (Igor Pavlov + Paraglider) C:\Users\Jennifer\Downloads\harveysneweyes_win_1383805789.exe
2014-08-13 01:14 - 2014-06-20 03:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-13 01:14 - 2014-06-20 01:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-13 01:14 - 2014-06-13 03:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-08-13 01:14 - 2014-06-13 03:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-13 01:14 - 2014-06-13 02:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-13 01:14 - 2014-06-06 13:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-08-13 01:13 - 2014-07-15 20:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-08-13 01:13 - 2014-07-15 10:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-08-13 01:13 - 2014-07-15 10:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-08-13 01:13 - 2014-07-15 10:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-08-13 01:13 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-13 01:13 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-13 01:12 - 2014-07-10 06:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-08-13 01:12 - 2014-07-10 06:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-08-13 01:12 - 2014-07-10 05:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-08-13 01:12 - 2014-05-31 08:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-08-13 01:12 - 2014-05-13 09:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-08-13 01:12 - 2014-05-13 07:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-08-13 01:12 - 2014-05-13 06:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-08-13 01:12 - 2014-05-13 06:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-08-13 01:12 - 2014-05-13 05:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-13 01:12 - 2014-05-13 05:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-08-13 01:12 - 2014-05-03 13:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-08-13 01:12 - 2014-05-03 11:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-08-13 01:12 - 2014-05-03 07:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-08-13 01:12 - 2014-05-03 07:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-08-13 01:12 - 2014-05-03 07:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-08-13 01:12 - 2014-05-03 07:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-08-13 01:12 - 2014-05-03 06:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-08-13 01:12 - 2014-05-03 06:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-08-13 01:12 - 2014-05-03 06:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-08-13 01:12 - 2014-05-03 01:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-08-13 01:12 - 2014-05-01 07:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-08-13 01:12 - 2014-04-30 08:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-08-13 01:12 - 2014-04-30 08:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-08-13 01:12 - 2014-04-30 08:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-08-13 01:12 - 2014-04-30 08:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-08-13 01:12 - 2014-04-30 07:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-08-13 01:12 - 2014-04-30 06:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-08-13 01:12 - 2014-04-30 06:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-08-13 01:12 - 2014-04-30 06:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-08-13 01:12 - 2014-04-30 06:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-08-13 01:12 - 2014-04-30 06:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-08-13 01:12 - 2014-04-30 06:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-08-13 01:12 - 2014-04-30 05:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-08-13 01:12 - 2014-04-30 05:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-08-13 01:12 - 2014-04-30 05:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-08-13 01:12 - 2014-04-30 05:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-08-13 01:12 - 2014-04-30 05:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-08-13 01:12 - 2014-04-30 05:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-08-13 01:12 - 2014-04-29 00:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-08-13 01:12 - 2014-04-27 00:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-08-13 01:12 - 2014-04-26 22:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-08-13 01:12 - 2014-04-26 18:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-08-13 01:12 - 2014-04-14 11:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-08-13 01:12 - 2014-04-14 10:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-08-13 01:12 - 2014-04-14 07:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-08-13 01:12 - 2014-04-09 08:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-08-13 01:12 - 2014-04-09 07:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-08-13 01:11 - 2014-08-07 04:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-13 01:11 - 2014-08-02 05:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-13 01:11 - 2014-08-02 05:11 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-13 01:11 - 2014-07-12 06:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-08-13 01:11 - 2014-06-05 16:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-08-13 01:11 - 2014-06-05 15:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-08-13 01:11 - 2014-06-04 11:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-08-13 01:11 - 2014-06-04 07:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-08-13 01:11 - 2014-06-04 07:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-08-13 01:11 - 2014-06-04 06:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-13 01:11 - 2014-06-04 06:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-08-13 01:11 - 2014-06-04 04:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-08-13 01:11 - 2014-06-04 04:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-08-13 01:11 - 2014-06-02 04:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-08-13 01:11 - 2014-05-31 12:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-08-13 01:11 - 2014-05-31 12:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-08-13 01:11 - 2014-05-31 12:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-08-13 01:11 - 2014-05-31 12:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-08-13 01:11 - 2014-05-31 12:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-08-13 01:11 - 2014-05-31 08:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-08-13 01:11 - 2014-05-31 08:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-08-13 01:11 - 2014-05-31 08:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-08-13 01:11 - 2014-05-31 06:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-08-13 01:11 - 2014-05-31 06:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-08-13 01:11 - 2014-05-31 06:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-08-13 01:11 - 2014-05-27 17:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-08-13 01:11 - 2014-05-27 11:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-08-13 01:11 - 2014-05-27 11:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-08-13 01:11 - 2014-05-17 06:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-08-13 01:11 - 2014-05-17 06:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-12 16:33 - 2014-09-12 16:33 - 00021979 _____ () C:\Users\Jennifer\Desktop\FRST.txt
2014-09-12 16:33 - 2014-09-12 14:30 - 00000000 ____D () C:\FRST
2014-09-12 16:24 - 2014-04-04 13:48 - 01310078 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-12 16:20 - 2014-09-12 16:20 - 00001099 _____ () C:\Users\Jennifer\Desktop\JRT.txt
2014-09-12 16:14 - 2014-09-12 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-09-12 16:10 - 2014-09-12 16:10 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-12 16:10 - 2014-04-04 19:01 - 00000000 ___RD () C:\Users\Jennifer\Dropbox
2014-09-12 16:10 - 2014-04-04 18:53 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Dropbox
2014-09-12 16:09 - 2014-04-04 14:32 - 00000000 __RDO () C:\Users\Jennifer\SkyDrive
2014-09-12 16:08 - 2014-09-12 16:08 - 00011776 _____ () C:\Users\Jennifer\Desktop\AdwCleaner[S0].txt
2014-09-12 16:07 - 2013-11-14 00:18 - 00083844 _____ () C:\WINDOWS\PFRO.log
2014-09-12 16:07 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-12 16:07 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-12 16:06 - 2014-09-12 16:00 - 00000000 ____D () C:\AdwCleaner
2014-09-12 16:05 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-12 16:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-12 15:59 - 2014-09-12 15:59 - 01016261 _____ (Thisisu) C:\Users\Jennifer\Desktop\JRT.exe
2014-09-12 15:58 - 2014-09-12 15:58 - 01370483 _____ () C:\Users\Jennifer\Desktop\adwcleaner_3.309.exe
2014-09-12 15:57 - 2013-08-27 19:55 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1448665676-453751460-3676031160-1002
2014-09-12 15:48 - 2013-09-16 21:12 - 00001156 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1448665676-453751460-3676031160-1002UA.job
2014-09-12 15:44 - 2013-08-27 21:59 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-12 15:23 - 2012-07-26 07:26 - 00000226 _____ () C:\WINDOWS\win.ini
2014-09-12 15:22 - 2014-08-06 23:31 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DF0681BB-C5AE-4CEC-87F9-9F1C9D00E4C3}
2014-09-12 15:19 - 2014-09-12 15:19 - 00000000 _____ () C:\Users\Jennifer\Desktop\Neues Textdokument.txt
2014-09-12 15:16 - 2014-09-12 15:16 - 00000478 _____ () C:\Users\Jennifer\Desktop\defogger_disable.log
2014-09-12 15:16 - 2014-09-12 15:16 - 00000000 _____ () C:\Users\Jennifer\defogger_reenable
2014-09-12 15:16 - 2014-04-04 13:56 - 00000000 ____D () C:\Users\Jennifer
2014-09-12 15:09 - 2014-07-14 16:12 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-09-12 15:07 - 2014-09-12 15:07 - 00000000 ____D () C:\Users\Jennifer\.appwork
2014-09-12 14:54 - 2014-09-12 14:54 - 00000478 _____ () C:\Users\Jennifer\Downloads\defogger_disable.log
2014-09-12 14:47 - 2014-09-12 14:47 - 00380416 _____ () C:\Users\Jennifer\Downloads\oko0c7h8.exe
2014-09-12 14:26 - 2014-09-12 14:26 - 00380416 _____ () C:\Users\Jennifer\Desktop\Gmer-19357.exe
2014-09-12 14:26 - 2014-09-12 14:25 - 02105856 _____ (Farbar) C:\Users\Jennifer\Desktop\FRST64.exe
2014-09-12 14:25 - 2014-09-12 14:25 - 00050477 _____ () C:\Users\Jennifer\Desktop\Defogger.exe
2014-09-12 13:40 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-12 10:59 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-11 13:58 - 2014-08-27 11:35 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\.minecraft
2014-09-10 18:53 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\tracing
2014-09-10 14:35 - 2013-10-18 23:19 - 00000000 ____D () C:\Users\Jennifer\Documents\Calibre-Bibliothek
2014-09-10 14:34 - 2014-09-10 14:27 - 00000000 ____D () C:\Users\Jennifer\Desktop\Dan Brown
2014-09-10 14:33 - 2014-09-08 23:23 - 00000000 ____D () C:\Users\Jennifer\Desktop\Neuer Ordner
2014-09-10 12:49 - 2014-09-09 00:06 - 00000000 ____D () C:\Users\Jennifer\Desktop\Kreativ
2014-09-10 12:49 - 2013-09-25 14:38 - 01809408 ___SH () C:\Users\Jennifer\Desktop\Thumbs.db
2014-09-10 12:17 - 2014-08-09 22:23 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Tor
2014-09-09 19:44 - 2013-08-27 21:59 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-09-09 14:05 - 2014-09-09 14:05 - 00000000 ____D () C:\Users\Jennifer\Desktop\Alte Firefox-Daten
2014-09-09 01:49 - 2013-10-18 23:18 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\calibre
2014-09-09 00:56 - 2013-08-27 19:47 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\Packages
2014-09-09 00:08 - 2014-07-21 12:48 - 00000000 ____D () C:\Users\Jennifer\Desktop\erol
2014-09-09 00:06 - 2014-09-09 00:05 - 00000000 ____D () C:\Users\Jennifer\Desktop\Buch ASP
2014-09-08 22:47 - 2014-04-01 14:53 - 00000000 ____D () C:\Users\Jennifer\.gimp-2.8
2014-09-08 19:09 - 2014-09-08 19:09 - 00006045 _____ () C:\Users\Jennifer\AppData\Local\recently-used.xbel
2014-09-08 19:09 - 2014-04-01 14:55 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\gtk-2.0
2014-09-08 04:05 - 2013-10-17 22:53 - 00083240 _____ () C:\Users\Jennifer\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-08 04:01 - 2014-03-29 17:50 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-09-08 04:01 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-09-07 01:09 - 2014-09-07 01:09 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\HTThread
2014-09-07 01:09 - 2014-09-07 01:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDailyDiary
2014-09-07 01:09 - 2014-09-07 01:08 - 00000000 ____D () C:\Program Files (x86)\iDailyDiary
2014-09-07 01:07 - 2014-09-07 01:07 - 00367456 _____ () C:\Users\Jennifer\Desktop\SoftonicDownloader_fuer_idailydiary.exe
2014-09-05 22:03 - 2014-09-05 22:03 - 00685967 _____ () C:\Users\Jennifer\Documents\stundenplan.xcf
2014-09-05 04:36 - 2014-09-12 09:34 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-09-05 04:31 - 2014-09-12 09:34 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-09-05 02:48 - 2014-09-12 09:34 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-09-04 09:48 - 2013-09-16 21:12 - 00001104 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1448665676-453751460-3676031160-1002Core.job
2014-09-02 22:06 - 2013-08-22 17:38 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-02 22:06 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-31 19:48 - 2013-08-22 16:44 - 00387816 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-28 12:23 - 2014-08-28 12:23 - 00000233 _____ () C:\Users\Jennifer\Desktop\Minecraft Wiki - Die offizielle Quelle für Informationen über Minecraft..URL
2014-08-28 12:17 - 2014-08-28 12:17 - 00002523 _____ () C:\Users\Public\Desktop\Evernote.lnk
2014-08-28 12:17 - 2014-06-12 09:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-08-27 22:31 - 2014-08-27 22:31 - 00033628 _____ () C:\Users\Jennifer\Documents\Unbenannt.xcf
2014-08-27 13:04 - 2014-03-29 17:42 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-08-27 11:34 - 2014-08-27 11:34 - 00675988 _____ () C:\Users\Jennifer\Desktop\Minecraft.exe
2014-08-27 11:09 - 2013-08-22 16:46 - 00378267 _____ () C:\WINDOWS\setupact.log
2014-08-26 22:05 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-08-26 20:57 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-26 20:57 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-08-26 20:57 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-08-24 19:59 - 2013-07-18 06:32 - 00445288 _____ () C:\WINDOWS\DPINST.LOG
2014-08-24 19:58 - 2014-04-04 14:58 - 00002053 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-08-24 19:58 - 2014-04-04 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-08-24 19:57 - 2013-05-29 19:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-24 19:14 - 2014-08-24 19:14 - 00000000 ____D () C:\Users\Jennifer\Daedalic
2014-08-24 17:31 - 2014-08-24 17:31 - 00002380 _____ () C:\Users\Public\Desktop\Edna Bricht Aus - Sammler Edition.lnk
2014-08-24 17:31 - 2014-08-22 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daedalic Entertainment
2014-08-24 17:29 - 2014-08-22 01:00 - 00000000 ____D () C:\Program Files (x86)\Daedalic Entertainment
2014-08-24 17:27 - 2014-08-24 17:27 - 00750488 _____ (Oracle Corporation) C:\WINDOWS\system32\npdeployJava1.dll
2014-08-24 17:27 - 2014-08-24 17:27 - 00660368 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2014-08-24 17:27 - 2014-08-24 17:27 - 00263560 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-08-24 17:27 - 2014-08-24 17:27 - 00188808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-08-24 17:27 - 2014-08-24 17:27 - 00188808 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-08-24 17:27 - 2014-08-24 17:27 - 00000000 ____D () C:\Program Files\Java
2014-08-23 02:42 - 2014-08-28 11:10 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-22 01:06 - 2014-08-22 01:06 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\Daedalic Entertainment
2014-08-22 00:46 - 2014-08-21 23:13 - 2261147555 _____ (Igor Pavlov + Paraglider) C:\Users\Jennifer\Downloads\harveysneweyes_win_1383805789.exe
2014-08-21 23:17 - 2014-08-21 23:14 - 61056873 _____ () C:\Users\Jennifer\Downloads\lego.7z
2014-08-21 22:58 - 2014-04-04 19:01 - 00001091 _____ () C:\Users\Jennifer\Desktop\Dropbox.lnk
2014-08-21 22:58 - 2014-04-04 18:55 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-16 04:40 - 2014-09-11 13:19 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-16 04:04 - 2014-09-11 13:19 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-16 04:00 - 2014-09-11 13:19 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-16 04:00 - 2014-09-11 13:19 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-16 03:56 - 2014-09-11 13:19 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-16 03:54 - 2014-09-11 13:19 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-16 03:45 - 2014-09-11 13:19 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-16 03:43 - 2014-09-11 13:19 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-16 03:32 - 2014-09-11 13:19 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-16 03:25 - 2014-09-11 13:19 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-16 03:22 - 2014-09-11 13:19 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-16 03:20 - 2014-09-11 13:19 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-16 03:19 - 2014-09-11 13:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-16 03:18 - 2014-09-11 13:19 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-16 03:18 - 2014-09-11 13:19 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-16 03:11 - 2014-09-11 13:19 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-16 03:06 - 2014-09-11 13:19 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-16 03:05 - 2014-09-11 13:19 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-16 03:05 - 2014-09-11 13:19 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-16 03:03 - 2014-09-11 13:19 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-16 03:03 - 2014-09-11 13:19 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-16 02:58 - 2014-09-11 13:19 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-16 02:56 - 2014-09-11 13:19 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-16 02:53 - 2014-09-11 13:19 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-16 02:53 - 2014-09-11 13:19 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-16 02:53 - 2014-09-11 13:19 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-16 02:51 - 2014-09-11 13:19 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-16 02:45 - 2014-09-11 13:19 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-16 02:44 - 2014-09-11 13:19 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-16 02:44 - 2014-09-11 13:19 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-16 02:34 - 2014-09-11 13:19 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-16 02:20 - 2014-09-11 13:19 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-16 02:18 - 2014-09-11 13:19 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-16 02:14 - 2014-09-11 13:19 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-16 02:12 - 2014-09-11 13:19 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-14 00:06 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-14 00:06 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-08-14 00:06 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-08-14 00:06 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-08-14 00:04 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-13 18:26 - 2013-08-28 13:11 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-13 18:22 - 2013-08-28 13:11 - 99218768 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-13 01:10 - 2014-04-14 17:16 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-08-13 01:06 - 2014-06-12 00:32 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS

Some content of TEMP:
====================
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationCore.dll
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationFramework.dll
C:\Users\ADMINI~1\AppData\Local\Temp\ReachFramework.dll
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationProvider.dll
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationTypes.dll
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsBase.dll
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsFormsIntegration.dll
C:\Users\Jennifer\AppData\Local\Temp\13054687681234724428.exe
C:\Users\Jennifer\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwmo5p5.dll
C:\Users\Jennifer\AppData\Local\Temp\Fx6_FF_IE_Setup-Softonic.exe
C:\Users\Jennifer\AppData\Local\Temp\JDSetup130546876771251577.exe
C:\Users\Jennifer\AppData\Local\Temp\proxy_vole8170917200005694461.dll
C:\Users\Jennifer\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-12 16:21

==================== End Of Log ============================
         

--- --- ---


Addition.txt

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by Jennifer at 2014-09-12 16:33:59
Running from C:\Users\Jennifer\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.7.1245.73473 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 4.7.1245.73473 - Alcor Micro Corp.) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: -218103565.4759644.48.2147344384 - Audible, Inc.)
Bandizip (HKCU\...\Bandizip) (Version: 3.08 - Bandisoft.com)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
calibre (HKLM-x32\...\{260CE6D4-9FB5-47CB-8425-BEE666F40FC0}) (Version: 1.7.0 - Kovid Goyal)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
DTS Sound (HKLM-x32\...\{F8EB8FFC-C535-49A1-A84D-CC75CB2D6ADA}) (Version: 1.00.0071 - DTS, Inc.)
Easy Real Converter V1.65 (HKLM-x32\...\Easy Real Converter_is1) (Version: 1.65 - Magicutils, Inc.)
Edna Bricht Aus - Sammler Edition (HKLM-x32\...\EdnaSE) (Version: 1.2 - Daedalic Entertainment)
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden
Evernote v. 5.4 (HKLM-x32\...\{59071464-DAEE-11E3-9080-00163E98E7D0}) (Version: 5.4.0.3698 - Evernote Corp.)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Foxy Secure (HKLM-x32\...\Foxy Secure) (Version: 6 - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Harveys Neue Augen (HKLM-x32\...\Harvey) (Version: 2.0 - Daedalic Entertainment)
iDailyDiary 3.71 (HKLM-x32\...\iDailyDiary_is1) (Version:  - Splinterware Software Solutions)
IDT Audio Driver (HKLM\...\{11424B27-C16B-4505-9667-82A10AD1B1DC}) (Version: 6.10.6472.0 - IDT)
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41663) (Version: 3.8.0.41663.61 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.0.4.1001 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
Java(TM) 7 Update 2 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417002FF}) (Version: 7.0.20 - Oracle)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
NVIDIA Control Panel 311.41 (Version: 311.41 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 311.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.41 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.0.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Q Pilot - Client (HKLM-x32\...\Q Pilot - Client 4.5.0.16606) (Version: 4.5.0.16606 - Schomäcker GmbH)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.4.201403101311 - Sony Mobile Communications AB)
Sony PC Companion 2.10.221 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.221 - Sony)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
Tor (remove only) (HKLM-x32\...\Tor) (Version:  - )
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{B6619F14-F766-4000-BC8A-522D4CC4E44F}) (Version: 1.0.4.5 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6630.6403 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.342 - Toshiba Corporation)
TOSHIBA Password Utility (x32 Version: 3.00.342 - Toshiba Corporation) Hidden
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.02.6402 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.6.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.5.0 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Utils (HKLM-x32\...\Windows Utils) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1448665676-453751460-3676031160-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1448665676-453751460-3676031160-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jennifer\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1448665676-453751460-3676031160-1002_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Users\Jennifer\AppData\Local\Bandizip\bdzshl64.dll (Bandisoft.com)
CustomCLSID: HKU\S-1-5-21-1448665676-453751460-3676031160-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jennifer\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1448665676-453751460-3676031160-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jennifer\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1448665676-453751460-3676031160-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1448665676-453751460-3676031160-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1448665676-453751460-3676031160-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1448665676-453751460-3676031160-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1448665676-453751460-3676031160-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1448665676-453751460-3676031160-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1448665676-453751460-3676031160-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1448665676-453751460-3676031160-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1448665676-453751460-3676031160-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jennifer\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

28-08-2014 10:37:38 Windows Update
04-09-2014 21:36:51 Geplanter Prüfpunkt
11-09-2014 11:17:57 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04714594-5615-4862-9443-B5B10C66B178} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {48D02C46-C4C2-4796-BFA3-9C4DECE0FD1A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {5BACB07A-9900-45F9-B188-C4AAA3DC2934} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-08-13] (Microsoft Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6D9B8B77-AF8B-44F8-976A-4A94507AA536} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1448665676-453751460-3676031160-1002Core => C:\Users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-16] (Google Inc.)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {80F4C75D-1D43-44AE-9F21-299A8DAFD790} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {91B032E4-1D65-4A21-9750-3ED4503E781A} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {ABB001FF-E089-47DC-902E-AC0089E10903} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {CBC23AC5-654C-4DFA-ADB1-5F8F3772C42D} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-07-18] (Toshiba Europe GmbH)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D02CD936-3E8F-4A61-84E6-5EFA643D5E44} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {D0DBF591-2CBD-47B0-BE6F-162F5EAAE125} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1448665676-453751460-3676031160-1002
Task: {D514A1A5-A44A-41E3-8819-93BB17305B95} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DD80D03A-41C8-47BC-973D-62F5ADF8E358} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation)
Task: {DFFE31A5-78AF-4E17-8A55-ADA74D1D1440} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1448665676-453751460-3676031160-1002UA => C:\Users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-16] (Google Inc.)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {FECF97D4-BB83-4240-B455-16A815D0DDD3} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1448665676-453751460-3676031160-1002Core.job => C:\Users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1448665676-453751460-3676031160-1002UA.job => C:\Users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-23 12:33 - 2013-12-23 12:33 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-03-27 23:53 - 2013-03-27 23:53 - 00163168 _____ () C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
2014-06-25 13:27 - 2012-04-24 16:49 - 00015360 _____ () C:\WINDOWS\System32\KOAZXJ_L.dll
2014-06-25 13:27 - 2012-04-24 16:49 - 00648704 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\KOAZXJ_O.DLL
2013-05-09 18:49 - 2013-05-09 18:49 - 00016720 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2014-09-07 01:09 - 2014-08-28 09:16 - 00628736 _____ () C:\Users\Jennifer\AppData\Roaming\HTThread\hb.exe
2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-11-04 19:22 - 2013-11-04 19:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-19 03:38 - 2012-07-19 03:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2014-04-04 14:58 - 2014-06-23 09:07 - 00113376 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2014-04-16 12:30 - 2014-04-16 12:30 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\926020eb508f6968545d6a51fb661fad\Windows.UI.ni.dll
2013-08-22 09:19 - 2013-08-22 08:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd
2014-04-16 12:30 - 2014-04-16 12:30 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\057b7043f4868b76c209d9c426b80743\Windows.Foundation.ni.dll
2014-09-07 01:09 - 2014-09-07 01:09 - 00374272 _____ () C:\Users\Jennifer\AppData\Roaming\HTThread\sub\default.dll
2014-06-25 13:26 - 2011-09-16 02:27 - 00020480 _____ () C:\Program Files (x86)\Q Pilot - Client\Common\Java\bin\jetvm\jvm.dll
2014-06-25 13:26 - 2011-09-16 02:27 - 00069632 _____ () C:\Program Files (x86)\Q Pilot - Client\Common\Java\bin\java.dll
2014-06-25 13:26 - 2012-06-16 02:00 - 00126976 _____ () C:\Program Files (x86)\Q Pilot - Client\Common\Java\bin\zip.dll
2014-06-25 13:26 - 2011-09-16 02:26 - 00176128 _____ () C:\Program Files (x86)\Q Pilot - Client\Common\Java\jetrt\baseline760.dll
2014-04-04 14:58 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2014-04-04 14:58 - 2013-09-13 11:02 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2013-06-11 09:31 - 2013-06-11 09:31 - 00090112 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CalEngine.dll
2011-01-05 15:01 - 2011-01-05 15:01 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PimNotes.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2014-04-04 14:58 - 2010-01-11 16:44 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
2012-04-04 14:33 - 2012-04-04 14:33 - 00139776 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CAgdLNotes.dll
2013-01-08 17:02 - 2013-01-08 17:02 - 00163840 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CAgdOutlook.dll
2012-07-26 11:51 - 2012-07-26 11:51 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VistaCalendar.dll
2014-04-04 14:58 - 2013-05-20 12:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
2014-03-06 15:42 - 2014-03-06 15:42 - 00528384 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2014-09-12 16:08 - 2014-09-12 16:08 - 00043008 _____ () c:\users\jennifer\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwmo5p5.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\libcef.dll
2014-05-13 16:22 - 2014-05-13 16:22 - 00436576 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-05-13 16:22 - 2014-05-13 16:22 - 00318304 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2013-07-18 06:23 - 2012-07-18 15:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Jennifer\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Jennifer\Desktop\DSC_4503.JPG:com.dropbox.attributes
AlternateDataStreams: C:\Users\Jennifer\Desktop\DSC_4614.JPG:com.dropbox.attributes
AlternateDataStreams: C:\Users\Jennifer\Desktop\DSC_4656.JPG:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/12/2014 04:33:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MIETZIROCKZ)
Description: Bei der Aktivierung der App „winstore_cw5n1h2txyewy!Windows.Store“ ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (09/12/2014 04:32:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MIETZIROCKZ)
Description: Bei der Aktivierung der App „Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader“ ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (09/12/2014 04:33:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MIETZIROCKZ)
Description: winstore_cw5n1h2txyewy!Windows.Store-2144927151

Error: (09/12/2014 04:32:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MIETZIROCKZ)
Description: Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader-2144927151


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 21%
Total physical RAM: 8067.27 MB
Available physical RAM: 6302.16 MB
Total Pagefile: 9347.27 MB
Available Pagefile: 7350.29 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (TI31128200A) (Fixed) (Total:685.49 GB) (Free:602.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen

ATTFilter

GroupPolicyUsers\S-1-5-21-1448665676-453751460-3676031160-1006\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1448665676-453751460-3676031160-1002\User: Group Policy restriction detected <======= ATTENTION
EmptyTemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

• Starte nun FRST erneut und klicke den Entfernen Button.
• Das Tool erstellt eine Fixlog.txt.
• Poste mir deren Inhalt.

Code: Alles auswählenAufklappen

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Jennifer at 2014-09-13 21:05:31 Run:1
Running from C:\Users\Jennifer\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicyUsers\S-1-5-21-1448665676-453751460-3676031160-1006\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1448665676-453751460-3676031160-1002\User: Group Policy restriction detected <======= ATTENTION
EmptyTemp:
*****************

C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1448665676-453751460-3676031160-1006\User => Moved successfully.
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1448665676-453751460-3676031160-1002\User => Moved successfully.
EmptyTemp: => Removed 544.2 MB temporary data.


The system needed a reboot. 

==== End of Fixlog ====
         

Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware

• Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
• Starte Malwarebytes' Anti-Malware (MBAM).
• Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
• Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
• Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
• Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
• Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 14.09.2014
Scan Time: 11:53:38
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.14.03
Rootkit Database: v2014.09.13.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Jennifer

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 403784
Time Elapsed: 18 min, 6 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
PUP.Optional.Snapdo.T, HKU\S-1-5-21-1448665676-453751460-3676031160-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [a1ea925b81fab1858c3c744c986acc34], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [c1ca1ad3d1aab28402fe36367d8728d8], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [e6a57479403b62d4e11e98d3b64e4cb4], 
PUP.Optional.SmarterPower.A, HKLM\SOFTWARE\WOW6432NODE\SmarterPower, Quarantined, [7516e607bfbcdf57d3adcc3636cdf709], 
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1448665676-453751460-3676031160-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Conduit_Search_Protect, Quarantined, [8a011cd11a61a591482dea7cba4a6d93], 

Registry Values: 0
(No malicious items detected)

Registry Data: 5
PUP.Optional.Snapdo, HKU\S-1-5-21-1448665676-453751460-3676031160-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=25bd7933-5f41-0596-0fe1-a93f7fb06363&searchtype=ds&q={searchTerms}&installDate=25/09/2013, Good: (www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=25bd7933-5f41-0596-0fe1-a93f7fb06363&searchtype=ds&q={searchTerms}&installDate=25/09/2013),Replaced,[afdcce1f5328a98d653eaf4d72924bb5]
PUP.Optional.Snapdo, HKU\S-1-5-21-1448665676-453751460-3676031160-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=25bd7933-5f41-0596-0fe1-a93f7fb06363&searchtype=ds&q={searchTerms}&installDate=25/09/2013, Good: (www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=25bd7933-5f41-0596-0fe1-a93f7fb06363&searchtype=ds&q={searchTerms}&installDate=25/09/2013),Replaced,[bad15499c0bb51e5d0d4669662a21fe1]
PUP.Optional.Snapdo, HKU\S-1-5-21-1448665676-453751460-3676031160-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=25bd7933-5f41-0596-0fe1-a93f7fb06363&searchtype=ds&q={searchTerms}&installDate=25/09/2013, Good: (www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=25bd7933-5f41-0596-0fe1-a93f7fb06363&searchtype=ds&q={searchTerms}&installDate=25/09/2013),Replaced,[a5e6e4094d2e1c1a25813dbf57ad9070]
PUP.Optional.Snapdo, HKU\S-1-5-21-1448665676-453751460-3676031160-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=25bd7933-5f41-0596-0fe1-a93f7fb06363&searchtype=ds&q={searchTerms}&installDate=25/09/2013, Good: (www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=25bd7933-5f41-0596-0fe1-a93f7fb06363&searchtype=ds&q={searchTerms}&installDate=25/09/2013),Replaced,[b0db29c43744dc5aaafd26d6de26956b]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-1448665676-453751460-3676031160-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=25bd7933-5f41-0596-0fe1-a93f7fb06363&searchtype=ds&q={searchTerms}&installDate=25/09/2013, Good: (www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=25bd7933-5f41-0596-0fe1-a93f7fb06363&searchtype=ds&q={searchTerms}&installDate=25/09/2013),Replaced,[90fbc92481fa7abcd56a8e652ada23dd]

Folders: 0
(No malicious items detected)

Files: 3
PUP.Optional.Softonic, C:\Users\Jennifer\Desktop\SoftonicDownloader_fuer_idailydiary.exe, Quarantined, [f59635b83b40b5815fc87e39ce33d42c], 
PUP.Optional.SearchProtect.A, C:\Windows\apppatch\apppatch64\SPVCLdr64.dll, Quarantined, [474410ddd1aa1a1cafa3d5c7b64b53ad], 
PUP.Optional.SearchProtect, C:\Windows\apppatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Quarantined, [b2d91ecfb3c837ffd42f96d66e96649c], 

Physical Sectors: 0
(No malicious items detected)


(end)
         

Code: Alles auswählenAufklappen

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c499b1690d36ba49b497217e6a9950de
# engine=20145
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-14 10:59:22
# local_time=2014-09-14 12:59:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5124 16777214 100 100 1554893 97107378 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 10262402 16528536 0 0
# scanned=39284
# found=32
# cleaned=0
# scan_time=1669
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=10AB6F5BF2AE7B357A7E1BEE97AA30A6512DE7DE ft=1 fh=fc4a296bcfd5af48 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=BB6E4EFDCDDC5C876EF941A8E8FC8C37A558C6D3 ft=1 fh=5a3b188cd9c263c2 vn="möglicherweise Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=6E92E96780D7A012AEC66D81A04C1C1644989A7D ft=1 fh=42eab3640c7f75db vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=7F851F7F3AB08BB489A9E9553635ACFF24BD2F4F ft=1 fh=480bb73806aecf9e vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=ED0BB5C058DD66D8CF7FC430901119E5FA9460E8 ft=1 fh=493186a480a7c1be vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
sh=3ECB52E629A307F1154A11FFC420FEABA8805651 ft=1 fh=7eaccb99bfbac335 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=3009704625F497D74601071243D3260D3C026D48 ft=1 fh=29c0ddfe71de86ad vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=3F252E848CE5BA3571A8FA3B9CE9FD8D7EE86634 ft=1 fh=af780bdc59dfdab5 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"
sh=68E215FD9A959DD28595B0DA25EC5100EFB98253 ft=1 fh=50730cf0e69141f8 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=EBB8454D4017FE184FD4B1A4D390C8CE099213C1 ft=1 fh=438201fe522fde58 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=52138327D5F18A093249803224E7D1AF0A6FD4F3 ft=1 fh=e3d036cc8b031e39 vn="Variante von Win32/BrowseFox.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\SmarterPowerbho.dll.vir"
sh=52F7C0D533AC65ED25A0B658C93048AC4C4A3812 ft=1 fh=76f5a0c02c06d959 vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\updateSmarterPower.exe.vir"
sh=E2E13AA58973D4E46794EC388D0B322C5194BD7E ft=1 fh=bc06d7c9ad83039e vn="Win32/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\5eeb83d096ea4249942c.dll.vir"
sh=E9A3D721C8F7EEDC663D7995FCC09BBB0DEF4A1E ft=1 fh=21afc5797064d127 vn="Variante von Win32/BrowseFox.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\SmarterPower.BrowserAdapter.exe.vir"
sh=C4EFF5315CD6B2098DCF02CE86A28455B0849829 ft=1 fh=21779d8d50f839a5 vn="Variante von Win64/BrowseFox.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\SmarterPower.PurBrowse64.exe.vir"
sh=52F7C0D533AC65ED25A0B658C93048AC4C4A3812 ft=1 fh=76f5a0c02c06d959 vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\utilSmarterPower.exe.vir"
sh=376F89647879DAD6F650F6530CB1988EEA3B7F15 ft=1 fh=c635cf7855bf7f53 vn="Variante von Win32/BrowseFox.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\{5eeb83d0-96ea-4249-942c-beead6847053}.dll.vir"
sh=55A69C38AE4132B6692E9569ABEEEC85AD767761 ft=1 fh=1a05081f163a8c6d vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\plugins\SmarterPower.Bromon.dll.vir"
sh=FAF8693C12E4C386905AFA36531ABBF75DC5CA9A ft=1 fh=2b1aa56abe2aa574 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\plugins\SmarterPower.BroStats.dll.vir"
sh=F8D7F8C96079996148232E3F434AD892B6C59883 ft=1 fh=7633ad8cc99355af vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\plugins\SmarterPower.BrowserAdapterS.dll.vir"
sh=AB0C8AB70D974FC6A618B28302A978F68460459C ft=1 fh=b71d495d008587cc vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\plugins\SmarterPower.CompatibilityChecker.dll.vir"
sh=E16FE884247DE5CE63000416A62DFCA5907E0746 ft=1 fh=0522a69734384d45 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\plugins\SmarterPower.FeSvc.dll.vir"
sh=83B912FBC69FFD182782EB017FEB16E19F57D401 ft=1 fh=b03568a0c084d1b3 vn="Variante von MSIL/BrowseFox.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\plugins\SmarterPower.FFUpdate.dll.vir"
sh=869BB70382B63408BE278BBAF88345540C46CE04 ft=1 fh=4ab4508634a7df52 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\plugins\SmarterPower.IEUpdate.dll.vir"
sh=7F0E0185747C325DFCB24B7D7E95684FD9DEF3B6 ft=1 fh=66cfbb56cd5540c5 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\plugins\SmarterPower.PurBrowseG.dll.vir"
sh=12EBF6FC8AD543662053CA101C2D5DA175137EB2 ft=1 fh=c71c00119e5c1a87 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir"
sh=8F0ABE23DDA3F9DC04497B1A4F455AF8CE9D45B8 ft=1 fh=787e176d56997de7 vn="Win64/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir"
sh=246DDBC3A2C223A6B9072637D93DC2A2832D097A ft=1 fh=c71c0011b04f613a vn="Win32/Toolbar.Babylon.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir"
sh=36F969E522FD53A189312D946C430EFD02D5A982 ft=1 fh=5d022c015afe1524 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=9C6C68EFAE364FC17008C32848E148F86D468C99 ft=1 fh=c71c0011e4b098f3 vn="Variante von Win32/ELEX.AM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=A15C9536148CE02615132AE1DB1A6BF8F873A726 ft=1 fh=41c25fe63c7f6257 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jennifer\AppData\Roaming\OpenCandy\9E769E8C3DDF494A99854CE874E47365\search_protect_global.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c499b1690d36ba49b497217e6a9950de
# engine=20145
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-14 01:25:28
# local_time=2014-09-14 03:25:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5124 16777214 100 100 1563659 97116144 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 10271168 16537302 0 0
# scanned=195182
# found=35
# cleaned=0
# scan_time=8612
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=10AB6F5BF2AE7B357A7E1BEE97AA30A6512DE7DE ft=1 fh=fc4a296bcfd5af48 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=BB6E4EFDCDDC5C876EF941A8E8FC8C37A558C6D3 ft=1 fh=5a3b188cd9c263c2 vn="möglicherweise Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=6E92E96780D7A012AEC66D81A04C1C1644989A7D ft=1 fh=42eab3640c7f75db vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=7F851F7F3AB08BB489A9E9553635ACFF24BD2F4F ft=1 fh=480bb73806aecf9e vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=ED0BB5C058DD66D8CF7FC430901119E5FA9460E8 ft=1 fh=493186a480a7c1be vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
sh=3ECB52E629A307F1154A11FFC420FEABA8805651 ft=1 fh=7eaccb99bfbac335 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=3009704625F497D74601071243D3260D3C026D48 ft=1 fh=29c0ddfe71de86ad vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=3F252E848CE5BA3571A8FA3B9CE9FD8D7EE86634 ft=1 fh=af780bdc59dfdab5 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"
sh=68E215FD9A959DD28595B0DA25EC5100EFB98253 ft=1 fh=50730cf0e69141f8 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=EBB8454D4017FE184FD4B1A4D390C8CE099213C1 ft=1 fh=438201fe522fde58 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=52138327D5F18A093249803224E7D1AF0A6FD4F3 ft=1 fh=e3d036cc8b031e39 vn="Variante von Win32/BrowseFox.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\SmarterPowerbho.dll.vir"
sh=52F7C0D533AC65ED25A0B658C93048AC4C4A3812 ft=1 fh=76f5a0c02c06d959 vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\updateSmarterPower.exe.vir"
sh=E2E13AA58973D4E46794EC388D0B322C5194BD7E ft=1 fh=bc06d7c9ad83039e vn="Win32/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\5eeb83d096ea4249942c.dll.vir"
sh=E9A3D721C8F7EEDC663D7995FCC09BBB0DEF4A1E ft=1 fh=21afc5797064d127 vn="Variante von Win32/BrowseFox.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\SmarterPower.BrowserAdapter.exe.vir"
sh=C4EFF5315CD6B2098DCF02CE86A28455B0849829 ft=1 fh=21779d8d50f839a5 vn="Variante von Win64/BrowseFox.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\SmarterPower.PurBrowse64.exe.vir"
sh=52F7C0D533AC65ED25A0B658C93048AC4C4A3812 ft=1 fh=76f5a0c02c06d959 vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\utilSmarterPower.exe.vir"
sh=376F89647879DAD6F650F6530CB1988EEA3B7F15 ft=1 fh=c635cf7855bf7f53 vn="Variante von Win32/BrowseFox.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\{5eeb83d0-96ea-4249-942c-beead6847053}.dll.vir"
sh=55A69C38AE4132B6692E9569ABEEEC85AD767761 ft=1 fh=1a05081f163a8c6d vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\plugins\SmarterPower.Bromon.dll.vir"
sh=FAF8693C12E4C386905AFA36531ABBF75DC5CA9A ft=1 fh=2b1aa56abe2aa574 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\plugins\SmarterPower.BroStats.dll.vir"
sh=F8D7F8C96079996148232E3F434AD892B6C59883 ft=1 fh=7633ad8cc99355af vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\plugins\SmarterPower.BrowserAdapterS.dll.vir"
sh=AB0C8AB70D974FC6A618B28302A978F68460459C ft=1 fh=b71d495d008587cc vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\plugins\SmarterPower.CompatibilityChecker.dll.vir"
sh=E16FE884247DE5CE63000416A62DFCA5907E0746 ft=1 fh=0522a69734384d45 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\plugins\SmarterPower.FeSvc.dll.vir"
sh=83B912FBC69FFD182782EB017FEB16E19F57D401 ft=1 fh=b03568a0c084d1b3 vn="Variante von MSIL/BrowseFox.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\plugins\SmarterPower.FFUpdate.dll.vir"
sh=869BB70382B63408BE278BBAF88345540C46CE04 ft=1 fh=4ab4508634a7df52 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\plugins\SmarterPower.IEUpdate.dll.vir"
sh=7F0E0185747C325DFCB24B7D7E95684FD9DEF3B6 ft=1 fh=66cfbb56cd5540c5 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmarterPower\bin\plugins\SmarterPower.PurBrowseG.dll.vir"
sh=12EBF6FC8AD543662053CA101C2D5DA175137EB2 ft=1 fh=c71c00119e5c1a87 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir"
sh=8F0ABE23DDA3F9DC04497B1A4F455AF8CE9D45B8 ft=1 fh=787e176d56997de7 vn="Win64/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir"
sh=246DDBC3A2C223A6B9072637D93DC2A2832D097A ft=1 fh=c71c0011b04f613a vn="Win32/Toolbar.Babylon.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir"
sh=36F969E522FD53A189312D946C430EFD02D5A982 ft=1 fh=5d022c015afe1524 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=9C6C68EFAE364FC17008C32848E148F86D468C99 ft=1 fh=c71c0011e4b098f3 vn="Variante von Win32/ELEX.AM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=A15C9536148CE02615132AE1DB1A6BF8F873A726 ft=1 fh=41c25fe63c7f6257 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jennifer\AppData\Roaming\OpenCandy\9E769E8C3DDF494A99854CE874E47365\search_protect_global.exe.vir"
sh=108A500E4A188882CBA720723607F417A6501924 ft=1 fh=5c9da47200740b7c vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jennifer\Desktop\Alte Firefox-Daten\kgl0k9z4.default\extensions\{d78b6094-2202-49e9-97b7-d9f31635bc08}\ctypes\FirefoxCtype.dll"
sh=C015E890715621E6FF97D3BF893BC75E8E27DE77 ft=1 fh=3ad6b33bccff1099 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jennifer\Desktop\Alte Firefox-Daten\kgl0k9z4.default\extensions\{d78b6094-2202-49e9-97b7-d9f31635bc08}\Plugins\npFirefoxPlugin.dll"
sh=44A315AAA7F006AE8342751A3D01D3E0E2BD41E6 ft=1 fh=e23e3184587da44d vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jennifer\Local Settings\Application Data\Bundled software uninstaller\bi_client.exe"
         

Einige Adware/Junkware-Reste. Du hast schon mitbekommen, dass man Software nicht von einfach irgendwo und schon garnicht von Softonic runterlädt?

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen

ATTFilter

C:\Users\Jennifer\Desktop\Alte Firefox-Daten\kgl0k9z4.default\extensions\{d78b6094-2202-49e9-97b7-d9f31635bc08}\ctypes\FirefoxCtype.dll
C:\Users\Jennifer\Desktop\Alte Firefox-Daten\kgl0k9z4.default\extensions\{d78b6094-2202-49e9-97b7-d9f31635bc08}\Plugins\npFirefoxPlugin.dll
C:\Users\Jennifer\Local Settings\Application Data\Bundled software uninstaller\bi_client.exe
EmptyTemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

• Starte nun FRST erneut und klicke den Entfernen Button.
• Das Tool erstellt eine Fixlog.txt.
• Poste mir deren Inhalt.

Hallo,

ich suchte nach einem gratis Comicbook Reader vor kurzem. Das mit Softtonic wusste ich bis jetzt nicht.

Der Rest folgt in Kürze und danke für alles bisher.

Code: Alles auswählenAufklappen

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Jennifer at 2014-09-14 17:16:06 Run:2
Running from C:\Users\Jennifer\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Jennifer\Desktop\Alte Firefox-Daten\kgl0k9z4.default\extensions\{d78b6094-2202-49e9-97b7-d9f31635bc08}\ctypes\FirefoxCtype.dll
C:\Users\Jennifer\Desktop\Alte Firefox-Daten\kgl0k9z4.default\extensions\{d78b6094-2202-49e9-97b7-d9f31635bc08}\Plugins\npFirefoxPlugin.dll
C:\Users\Jennifer\Local Settings\Application Data\Bundled software uninstaller\bi_client.exe
EmptyTemp:
         
*****************

C:\Users\Jennifer\Desktop\Alte Firefox-Daten\kgl0k9z4.default\extensions\{d78b6094-2202-49e9-97b7-d9f31635bc08}\ctypes\FirefoxCtype.dll => Moved successfully.
C:\Users\Jennifer\Desktop\Alte Firefox-Daten\kgl0k9z4.default\extensions\{d78b6094-2202-49e9-97b7-d9f31635bc08}\Plugins\npFirefoxPlugin.dll => Moved successfully.
C:\Users\Jennifer\Local Settings\Application Data\Bundled software uninstaller\bi_client.exe => Moved successfully.
EmptyTemp: => Removed 356.8 MB temporary data.


The system needed a reboot. 

==== End of Fixlog ====
         

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Lieber cosinus,

es ist soweit alles in Ordnung. Ich danke dir sehr.
Die letzten Tage hatte ich öfters das Gefühl, meine Frustrationstoleranz erreicht den Grenzwert. [Dabei kann man sich diesem nur nähern.]

Einen angenehmen Sonntag noch!

Dann wären wir durch!


Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Es empfiehlt sich Malwarebytes Anti-Malware zu behalten und damit wöchentlich nach Malware zu scannen.

Helfen kann dir dabei delfix:


Die Reihenfolge ist hier entscheidend.

1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
   • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
   • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
   • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
3. Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
   • Schließe alle offenen Programme.
   • Starte die delfix.exe mit einem Doppelklick.
   • Setze vor jede Funktion ein Häkchen.
   • Klicke auf Start.
   • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
   • Starte deinen Rechner abschließend neu.
4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.