Windows 8.1: yahoo community smartbar engine lies sich nicht deinstallieren

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:30 on 18/09/2014 (Marion)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Marion at 2014-09-18 19:36:26
Running from C:\Users\Marion\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.0.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 3.0.0 - Amazon Services LLC) Hidden
AMD Accelerated Video Transcoding (Version: 13.15.100.30819 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0819.1344.22803 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{2A437217-D315-C5A8-CE9D-35A733C37B1D}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Any Video Converter 5.6.4 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Benutzerhandbuch (x32 Version: 1.0.0.17 - Lenovo) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0819.1344.22803 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0819.1344.22803 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0819.1344.22803 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2013.0819.1344.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0819.1343.22803 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0819.1344.22803 - Advanced Micro Devices, Inc.) Hidden
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.21.50 - Conexant)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PhotoDirector 3 (x32 Version: 3.0.1.4107 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 Inselparadies (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.677.20 - Electronic Arts Inc.)
Die Sims™ 4 Erstelle einen Sim-Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.18 - NCH Software)
Gardenscapes – Gestalte dein Haus (HKLM-x32\...\Gardenscapes – Gestalte dein Haus_is1) (Version:  - Playrix Entertainment)
Gardenscapes (HKLM-x32\...\Gardenscapes_is1) (Version:  - Playrix Entertainment)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7850 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.4.0 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.223.143 - Lenovo)
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mp3tag v2.63 (HKLM-x32\...\Mp3tag) (Version: v2.63 - Florian Heidenreich)
Norton 360 (HKLM-x32\...\N360) (Version: 21.5.0.19 - Symantec Corporation)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Ihr Firmenname)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
Switch Audiodatei-Konverter (HKLM-x32\...\Switch) (Version: 4.53 - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.14.0 - Synaptics Incorporated)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VR-NetWorld (HKLM-x32\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version:  - )
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1723613562-3815979346-2504557632-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Marion\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1723613562-3815979346-2504557632-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll No File
CustomCLSID: HKU\S-1-5-21-1723613562-3815979346-2504557632-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll No File
CustomCLSID: HKU\S-1-5-21-1723613562-3815979346-2504557632-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marion\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1723613562-3815979346-2504557632-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marion\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1723613562-3815979346-2504557632-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marion\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1723613562-3815979346-2504557632-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marion\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1723613562-3815979346-2504557632-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marion\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1723613562-3815979346-2504557632-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marion\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1723613562-3815979346-2504557632-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marion\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1723613562-3815979346-2504557632-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marion\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

03-09-2014 16:48:56 Geplanter Prüfpunkt
10-09-2014 15:50:05 Installiert VR-NetWorld

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0882DD71-2AEF-4E25-90FD-C6C5A38719BC} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {109B9159-574C-494E-9D7A-91C9E703B421} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {1784A9CA-9D7E-4033-8D7E-A9EA02401C12} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2013-06-03] (Lenovo)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {286926E5-7E34-40BA-B275-1107BBAA3C78} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {2B9C6968-56E6-4330-B36E-9D0FAB4B921B} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4A48664D-5536-4ECF-939A-3AE8E8FB9495} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {585DFF5A-BB07-4249-AB69-6426AEEA9989} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-30] (Microsoft Corporation)
Task: {59EF75A4-9605-485A-93FE-83895421CA66} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {5B09570E-95EA-4BCA-AA72-4675CCEB5E5B} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-09] (CyberLink Corp.)
Task: {5EDD8B4E-4ABF-4F0A-A99C-6054DCAF103E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5FA657EB-BDDB-451D-8637-E09E46438088} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: {632AD7EF-3192-425E-AF1E-C780C791B9E2} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {637005D7-BBCB-4608-B378-F4F312CA5FF6} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {68047D50-3B96-462D-998B-8A177BC6229A} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6BC1503D-9772-41B8-9BB6-473680251B1E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7AF4A367-53E6-4D9B-BCA7-CCA64E67EC1D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-30] (Microsoft Corporation)
Task: {7DF593ED-21C9-42FF-B5D9-DF065C776197} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9590EE65-974A-48C5-B64C-772625234B5A} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {9D93FFD9-3C5A-4F94-B063-21BDD2C8FDF3} - System32\Tasks\NCH Software\ExpressZipDowngrade => C:\Program Files (x86)\NCH Software\ExpressZip\expresszip.exe [2013-08-10] (NCH Software)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A2F500F0-643E-4360-8959-1C9219DECB90} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {C849ED12-6FBD-408D-B1EB-AD2E19866471} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D4EF52CF-9136-4B19-9C63-0623AE7E8800} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DAC63B95-DB5F-4A68-9486-7FACBAC04E40} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-05-06] (Lenovo)
Task: {DEC8D199-63AC-482D-901E-DC30E3A8981D} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F82A86EF-F6D1-4507-B534-7173BD2D89B1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-08-21] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 06:13 - 2013-09-05 06:13 - 00049368 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll
2014-06-27 19:56 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-01-24 04:25 - 2012-04-24 12:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-01-24 04:28 - 2014-01-24 04:28 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-01-24 04:28 - 2014-01-24 04:28 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2014-08-27 21:28 - 2014-08-27 21:28 - 00088576 _____ () C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
2013-10-09 03:08 - 2013-09-19 23:21 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-08-11 23:15 - 2014-09-06 02:54 - 06281536 _____ () C:\Users\Marion\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-08-27 16:24 - 2014-08-27 16:24 - 00034304 _____ () C:\Program Files (x86)\LPT\srpts.exe
2014-08-27 16:24 - 2014-08-27 16:29 - 00036352 _____ () C:\Program Files (x86)\LPT\srptsl.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-18 18:33 - 2014-09-18 18:33 - 00043008 _____ () c:\users\marion\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptsvm4w.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Marion\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-24 04:04 - 2013-08-08 23:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-08-27 16:24 - 2014-08-27 16:29 - 00044032 _____ () C:\Program Files (x86)\LPT\srptc.dll
2014-08-27 16:23 - 2014-08-27 16:28 - 00018944 _____ () C:\Program Files (x86)\LPT\Smartbar.Common.dll
2014-08-27 16:24 - 2014-08-27 16:29 - 00071680 _____ () C:\Program Files (x86)\LPT\srut.dll
2014-09-13 15:54 - 2014-09-13 15:54 - 03716720 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00024576 _____ () C:\Users\Marion\AppData\Local\LPT\srptm.exe
2014-08-27 16:29 - 2014-08-27 16:29 - 00083968 _____ () C:\Users\Marion\AppData\Local\LPT\srpt.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00044032 _____ () C:\Users\Marion\AppData\Local\LPT\srptc.dll
2014-08-27 16:28 - 2014-08-27 16:28 - 00018944 _____ () C:\Users\Marion\AppData\Local\LPT\Smartbar.Common.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/18/2014 07:16:39 PM) (Source: MsiInstaller) (EventID: 11723) (User: Lenovo-PC)
Description: Product: Yahoo Community Smartbar -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationFailed, entry: InstallationFailed, library: C:\WINDOWS\Installer\MSI63A.tmp

Error: (09/18/2014 07:16:38 PM) (Source: MsiInstaller) (EventID: 11723) (User: Lenovo-PC)
Description: Product: Yahoo Community Smartbar -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationStartUninstall, entry: InstallationStartUninstall, library: C:\WINDOWS\Installer\MSI222.tmp

Error: (09/18/2014 07:16:09 PM) (Source: MsiInstaller) (EventID: 11723) (User: Lenovo-PC)
Description: Product: Yahoo Community Smartbar -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationFailed, entry: InstallationFailed, library: C:\WINDOWS\Installer\MSI9369.tmp

Error: (09/18/2014 07:16:08 PM) (Source: MsiInstaller) (EventID: 11723) (User: Lenovo-PC)
Description: Product: Yahoo Community Smartbar -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationStartUninstall, entry: InstallationStartUninstall, library: C:\WINDOWS\Installer\MSI8EB5.tmp

Error: (09/18/2014 06:58:03 PM) (Source: MsiInstaller) (EventID: 11723) (User: Lenovo-PC)
Description: Product: Yahoo Community Smartbar -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationFailed, entry: InstallationFailed, library: C:\WINDOWS\Installer\MSIEE05.tmp

Error: (09/18/2014 06:57:57 PM) (Source: MsiInstaller) (EventID: 11723) (User: Lenovo-PC)
Description: Product: Yahoo Community Smartbar -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationStartUninstall, entry: InstallationStartUninstall, library: C:\WINDOWS\Installer\MSID665.tmp

Error: (09/18/2014 06:55:13 PM) (Source: MsiInstaller) (EventID: 11723) (User: Lenovo-PC)
Description: Product: Yahoo Community Smartbar -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationFailed, entry: InstallationFailed, library: C:\WINDOWS\Installer\MSI6B8E.tmp

Error: (09/18/2014 06:55:13 PM) (Source: MsiInstaller) (EventID: 11723) (User: Lenovo-PC)
Description: Product: Yahoo Community Smartbar -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationStartUninstall, entry: InstallationStartUninstall, library: C:\WINDOWS\Installer\MSI6A45.tmp

Error: (09/18/2014 06:54:47 PM) (Source: MsiInstaller) (EventID: 11723) (User: Lenovo-PC)
Description: Product: Yahoo Community Smartbar -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationFailed, entry: InstallationFailed, library: C:\WINDOWS\Installer\MSI6A8.tmp

Error: (09/18/2014 06:54:47 PM) (Source: MsiInstaller) (EventID: 11723) (User: Lenovo-PC)
Description: Product: Yahoo Community Smartbar -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationStartUninstall, entry: InstallationStartUninstall, library: C:\WINDOWS\Installer\MSI5BC.tmp


System errors:
=============
Error: (09/18/2014 06:50:05 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "BUP Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (09/18/2014 06:33:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\WINDOWS\System32\bcmihvsrv64.dll
Fehlercode: 126

Error: (09/17/2014 04:53:53 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (09/17/2014 04:53:22 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (09/17/2014 04:36:30 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (09/17/2014 04:36:00 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (09/17/2014 02:20:59 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\WINDOWS\System32\bcmihvsrv64.dll
Fehlercode: 126

Error: (09/17/2014 07:25:51 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\WINDOWS\System32\bcmihvsrv64.dll
Fehlercode: 126

Error: (09/16/2014 05:58:11 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (09/16/2014 05:44:01 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\WINDOWS\System32\bcmihvsrv64.dll
Fehlercode: 126


Microsoft Office Sessions:
=========================
Error: (09/18/2014 07:16:39 PM) (Source: MsiInstaller) (EventID: 11723) (User: Lenovo-PC)
Description: Product: Yahoo Community Smartbar -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationFailed, entry: InstallationFailed, library: C:\WINDOWS\Installer\MSI63A.tmp (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/18/2014 07:16:38 PM) (Source: MsiInstaller) (EventID: 11723) (User: Lenovo-PC)
Description: Product: Yahoo Community Smartbar -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationStartUninstall, entry: InstallationStartUninstall, library: C:\WINDOWS\Installer\MSI222.tmp (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/18/2014 07:16:09 PM) (Source: MsiInstaller) (EventID: 11723) (User: Lenovo-PC)
Description: Product: Yahoo Community Smartbar -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationFailed, entry: InstallationFailed, library: C:\WINDOWS\Installer\MSI9369.tmp (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/18/2014 07:16:08 PM) (Source: MsiInstaller) (EventID: 11723) (User: Lenovo-PC)
Description: Product: Yahoo Community Smartbar -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationStartUninstall, entry: InstallationStartUninstall, library: C:\WINDOWS\Installer\MSI8EB5.tmp (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/18/2014 06:58:03 PM) (Source: MsiInstaller) (EventID: 11723) (User: Lenovo-PC)
Description: Product: Yahoo Community Smartbar -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationFailed, entry: InstallationFailed, library: C:\WINDOWS\Installer\MSIEE05.tmp (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/18/2014 06:57:57 PM) (Source: MsiInstaller) (EventID: 11723) (User: Lenovo-PC)
Description: Product: Yahoo Community Smartbar -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationStartUninstall, entry: InstallationStartUninstall, library: C:\WINDOWS\Installer\MSID665.tmp (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/18/2014 06:55:13 PM) (Source: MsiInstaller) (EventID: 11723) (User: Lenovo-PC)
Description: Product: Yahoo Community Smartbar -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationFailed, entry: InstallationFailed, library: C:\WINDOWS\Installer\MSI6B8E.tmp (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/18/2014 06:55:13 PM) (Source: MsiInstaller) (EventID: 11723) (User: Lenovo-PC)
Description: Product: Yahoo Community Smartbar -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationStartUninstall, entry: InstallationStartUninstall, library: C:\WINDOWS\Installer\MSI6A45.tmp (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/18/2014 06:54:47 PM) (Source: MsiInstaller) (EventID: 11723) (User: Lenovo-PC)
Description: Product: Yahoo Community Smartbar -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationFailed, entry: InstallationFailed, library: C:\WINDOWS\Installer\MSI6A8.tmp (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/18/2014 06:54:47 PM) (Source: MsiInstaller) (EventID: 11723) (User: Lenovo-PC)
Description: Product: Yahoo Community Smartbar -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationStartUninstall, entry: InstallationStartUninstall, library: C:\WINDOWS\Installer\MSI5BC.tmp (NULL)(NULL)(NULL)(NULL)(NULL)


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 29%
Total physical RAM: 8089.77 MB
Available physical RAM: 5701.34 MB
Total Pagefile: 9369.77 MB
Available Pagefile: 6836.23 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:892.29 GB) (Free:737.99 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C65FDADF)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Marion (administrator) on LENOVO-PC on 18-09-2014 19:35:44
Running from C:\Users\Marion\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\n360.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Users\Marion\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\Marion\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\n360.exe
() C:\Program Files (x86)\LPT\srpts.exe
() C:\Program Files (x86)\LPT\srptsl.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Marion\Desktop\Defogger.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-08] (Intel Corporation)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780400 2013-09-13] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-01-24] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-01-24] (Lenovo(beijing) Limited)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [903384 2013-07-24] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1723613562-3815979346-2504557632-1001\...\Run: [Amazon Music] => C:\Users\Marion\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] ()
HKU\S-1-5-21-1723613562-3815979346-2504557632-1001\...\Run: [Browser Infrastructure Helper] => C:\Users\Marion\AppData\Local\Smartbar\Application\Smartbar.exe [29696 2014-08-27] (Smartbar)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk
ShortcutTarget: VR-NetWorld Auftragsprüfung.lnk -> C:\Program Files (x86)\VR-NetWorld\VRToolCheckOrder.exe (VR-NetWorld Software)
Startup: C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Marion\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjFkWpcgPNAkNiHMhcZz6_i7rdh93Z7tkVqlsS4UdyYk28zPW6gE9c_qkGeS6JkqXYn_pTfwGt8jCfma4Nw4PZWxVE6b5EltN0WK93tNy31TWBBqZnjTl3Dfbbn7XDLSVQxdWz2zH8QRiuCabcvWXVXwmURVM8W3pVZNw,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjFkWpcgPNAkNiHMhcZz6_i7rdh93Z7tkVqlsS4UdyYk28zPW6gE9c_qkGeS6JkqXYr7hj3P95vsi2H_C8hQSa3P7sF-EcJ-97xzq4W9d3n9I4R74PLKRMt8FA0pu2jfn2nK_rfgc22VozorMzQAFpPvdlqDTpG0AROjQ,,
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjFkWpcgPNAkNiHMhcZz6_i7rdh93Z7tkVqlsS4UdyYk28zPW6gE9c_qkGeS6JkqXYn_pTfwGt8jCfma4Nw4PZWxVE6b5EltN0WK93tNy31TWBBqZnjTl3Dfbbn7XDLSVQxdWz2zH8QRiuCabcvWXVXwmURVM8W3pVZNw,,&q={searchTerms}
SearchScopes: HKLM - DefaultScope {F64CB580-68FB-4612-8274-14AD608AF674} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {F64CB580-68FB-4612-8274-14AD608AF674} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjFkWpcgPNAkNiHMhcZz6_i7rdh93Z7tkVqlsS4UdyYk28zPW6gE9c_qkGeS6JkqXYn_pTfwGt8jCfma4Nw4PZWxVE6b5EltN0WK93tNy31TWBBqZnjTl3Dfbbn7XDLSVQxdWz2zH8QRiuCabcvWXVXwmURVM8W3pVZNw,,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjFkWpcgPNAkNiHMhcZz6_i7rdh93Z7tkVqlsS4UdyYk28zPW6gE9c_qkGeS6JkqXYn_pTfwGt8jCfma4Nw4PZWxVE6b5EltN0WK93tNy31TWBBqZnjTl3Dfbbn7XDLSVQxdWz2zH8QRiuCabcvWXVXwmURVM8W3pVZNw,,&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
BHO: Yahoo Community Smartbar (by Linkury)Engine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: Yahoo Community Smartbar (by Linkury)Engine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 195.234.128.7 195.234.128.16 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Marion\AppData\Roaming\Mozilla\Firefox\Profiles\xw1zhgji.default
FF NewTab: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjFkWpcgPNAkNiHMhcZz6_i7rdh93Z7tkVqlsS4UdyYk28zPW6gE9c_qkGeS6JkqXYtUYTooVp41SDaxjr0XgEK24FGphRHxPc5_uxlf_JW2wDKi2PRFu_8r1OHp9gVxRPQH5qBt4eNOTcl0UuE_3JB93DQgL0VaEQh6A,,
FF DefaultSearchEngine: Web Search
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Web Search
FF Homepage: www.youtube.de
FF Keyword.URL: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjFkWpcgPNAkNiHMhcZz6_i7rdh93Z7tkVqlsS4UdyYk28zPW6gE9c_qkGeS6JkqXYn_pTfwGt8jCfma4Nw4PZWxVE6b5EltN0WK93tNy31TWBBqZnjTl3Dfbbn7XDLSVQxdWz2zH8QRiuCabcvWXVXwmURVM8W3pVZNw,,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll No File
FF user.js: detected! => C:\Users\Marion\AppData\Roaming\Mozilla\Firefox\Profiles\xw1zhgji.default\user.js
FF SearchPlugin: C:\Users\Marion\AppData\Roaming\Mozilla\Firefox\Profiles\xw1zhgji.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Marion\AppData\Roaming\Mozilla\Firefox\Profiles\xw1zhgji.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Marion\AppData\Roaming\Mozilla\Firefox\Profiles\xw1zhgji.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Yahoo Community Smartbar - C:\Users\Marion\AppData\Roaming\Mozilla\Firefox\Profiles\xw1zhgji.default\Extensions\{125f00d5-18a3-b508-b12e-ef2d8952862c} [2014-09-18]
FF Extension: Ghostery - C:\Users\Marion\AppData\Roaming\Mozilla\Firefox\Profiles\xw1zhgji.default\Extensions\firefox@ghostery.com.xpi [2014-07-09]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-13]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn [2014-09-18]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\Exts\Chrome.crx [2014-08-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-07] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [976600 2013-09-05] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-08] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [34304 2014-08-27] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\N360.exe [265040 2014-07-31] (Symantec Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-01-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-07] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2013-08-07] (Broadcom Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [1586904 2014-09-13] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\IPSDefs\20140917.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20140917.038\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20140917.038\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-13] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1505000.013\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1505000.013\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1505000.013\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1505000.013\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1505000.013\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 19:35 - 2014-09-18 19:36 - 00026574 _____ () C:\Users\Marion\Desktop\FRST.txt
2014-09-18 19:35 - 2014-09-18 19:35 - 00000000 ____D () C:\FRST
2014-09-18 19:34 - 2014-09-18 19:35 - 02105856 _____ (Farbar) C:\Users\Marion\Desktop\FRST64.exe
2014-09-18 19:31 - 2014-09-18 19:31 - 00000034 _____ () C:\WINDOWS\cdplayer.ini
2014-09-18 19:30 - 2014-09-18 19:30 - 00000474 _____ () C:\Users\Marion\Desktop\defogger_disable.log
2014-09-18 19:30 - 2014-09-18 19:30 - 00000000 _____ () C:\Users\Marion\defogger_reenable
2014-09-18 19:28 - 2014-09-18 19:28 - 00050477 _____ () C:\Users\Marion\Desktop\Defogger.exe
2014-09-18 19:13 - 2014-09-18 19:13 - 02489752 _____ () C:\Users\Marion\Downloads\geek_1.3.1.38.zip
2014-09-18 19:12 - 2014-09-18 19:12 - 01101648 _____ () C:\Users\Marion\Downloads\GeekUninstaller - CHIP-Installer.exe
2014-09-18 18:52 - 2014-09-18 18:52 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\dlg
2014-09-18 18:51 - 2014-09-18 18:51 - 00001150 _____ () C:\Users\Public\Desktop\Audiograbber.lnk
2014-09-18 18:51 - 2014-09-18 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
2014-09-18 18:50 - 2014-09-18 19:17 - 00000000 ____D () C:\Program Files (x86)\Security Guard
2014-09-18 18:50 - 2014-09-18 18:50 - 00472096 _____ () C:\Users\Marion\Downloads\download_audiograbber.exe
2014-09-18 18:49 - 2014-09-18 19:21 - 00000000 ____D () C:\Program Files (x86)\LPT
2014-09-18 18:49 - 2014-09-18 18:49 - 00002515 _____ () C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-18 18:48 - 2014-09-18 18:48 - 00000000 ____D () C:\Users\Marion\AppData\Local\Smartbar
2014-09-18 18:48 - 2014-09-18 18:48 - 00000000 ____D () C:\Users\Marion\AppData\Local\LPT
2014-09-18 18:47 - 2014-09-18 18:53 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2014-09-18 18:47 - 2014-09-18 18:47 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Abelssoft
2014-09-18 18:47 - 2014-09-18 18:47 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Abelssoft
2014-09-18 18:47 - 2014-09-18 18:47 - 00000000 ____D () C:\Users\Marion\AppData\Local\Abelssoft
2014-09-18 18:47 - 2014-09-18 18:47 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-09-18 18:47 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\WINDOWS\SysWOW64\dhRichClient3.dll
2014-09-18 18:47 - 2011-03-25 20:42 - 00338432 _____ () C:\WINDOWS\SysWOW64\sqlite36_engine.dll
2014-09-18 18:46 - 2014-09-18 18:46 - 01101648 _____ () C:\Users\Marion\Downloads\Audiograbber - CHIP-Installer.exe
2014-09-18 18:44 - 2014-09-18 19:18 - 00000000 ____D () C:\Program Files (x86)\Audiograbber
2014-09-18 18:44 - 2014-09-18 18:44 - 00400569 _____ () C:\Users\Marion\Downloads\agmp3plugin.exe
2014-09-13 15:54 - 2014-09-13 15:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-12 19:01 - 2014-09-12 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-12 19:01 - 2014-09-12 19:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-12 19:01 - 2014-09-12 19:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-12 19:00 - 2014-09-12 19:00 - 13087456 _____ (Microsoft Corporation) C:\Users\Marion\Downloads\Silverlight_x64.exe
2014-09-11 18:22 - 2014-09-11 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-11 18:21 - 2014-09-15 00:39 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-11 18:21 - 2014-09-11 18:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-11 18:21 - 2014-09-11 18:22 - 00000000 ____D () C:\Program Files\iTunes
2014-09-11 18:21 - 2014-09-11 18:21 - 00000000 ____D () C:\Program Files\iPod
2014-09-10 17:51 - 2014-09-10 17:51 - 00003152 _____ () C:\WINDOWS\System32\Tasks\{94A15115-EB9C-4D31-AB8A-761440CE7A6A}
2014-09-10 17:48 - 2014-09-10 17:49 - 42988342 _____ (Volksbanken Raiffeisenbanken ) C:\Users\Marion\Downloads\VRNetWorldSW_51311.exe
2014-09-09 23:22 - 2014-09-09 23:25 - 06018962 _____ () C:\Users\Marion\Downloads\Elspeth_Cooper_-_Der_Schleier_der_Macht_-_Die_Lieder_der_Erde_3.rar
2014-09-09 22:29 - 2014-09-09 22:30 - 03389614 _____ () C:\Users\Marion\Downloads\Miranda J. Fox - Zuckersuesses Chaos.rar
2014-09-09 22:25 - 2014-09-09 22:26 - 06891725 _____ () C:\Users\Marion\Downloads\Norbert-Hofer---Wordpress-Crashkurs.rar
2014-09-09 22:12 - 2014-09-09 22:13 - 05133784 _____ () C:\Users\Marion\Downloads\Elspeth-Cooper---Die-wilde-Jagd---Die-Lieder-der-Erde-2.rar
2014-09-09 22:09 - 2014-09-09 22:09 - 13143533 _____ () C:\Users\Marion\Downloads\Lynsay-Sands---Sammlung--30-Ebooks-.rar
2014-09-09 22:05 - 2014-09-09 22:08 - 04209030 _____ () C:\Users\Marion\Downloads\Kami_Garcia_-_Sammlung_5_Ebooks.rar
2014-09-09 22:03 - 2014-09-09 22:04 - 03694010 _____ () C:\Users\Marion\Downloads\Erin McCarthy - Wenn ich mich verliere.rar
2014-09-08 23:34 - 2014-09-08 23:34 - 03871002 _____ () C:\Users\Marion\Downloads\Elspeth-Cooper---Die-Lieder-der-Erde.rar
2014-09-08 23:28 - 2014-09-08 23:40 - 26064294 _____ () C:\Users\Marion\Downloads\William_Shakespeare_-_Samtliche_Werke_William_Shakespeare_1.rar
2014-09-08 23:14 - 2014-09-08 23:15 - 10590527 _____ () C:\Users\Marion\Downloads\Daniela Katzenberger - Sei schlau, stell dich dumm.rar
2014-09-08 22:56 - 2014-09-08 22:56 - 04081503 _____ () C:\Users\Marion\Downloads\Sharon-Cameron---Stranwyne-Castle---Das-truegerische-Fluestern-des-Windes.rar
2014-09-08 22:56 - 2014-09-08 22:56 - 03219289 _____ () C:\Users\Marion\Downloads\Lynsay-Sands---Die-Braut-des-Schotten.rar
2014-09-08 22:54 - 2014-09-08 22:54 - 05100371 _____ () C:\Users\Marion\Downloads\Roxanne-St.-Claire---Barfuss-ins-Glueck.rar
2014-09-08 22:50 - 2014-09-08 22:51 - 03409363 _____ () C:\Users\Marion\Downloads\Julie-Kagawa---Unsterblich---Tor-der-Nacht-Band-2.rar
2014-09-08 22:44 - 2014-09-08 22:44 - 03732067 _____ () C:\Users\Marion\Downloads\Lisa-Stern---Peinliche-Liebschaften---Unglaubliche-erotische-Geschichten.rar
2014-09-08 22:26 - 2014-09-08 22:26 - 04330356 _____ () C:\Users\Marion\Downloads\Jojo-Moyes---5-Ebooks.rar
2014-09-08 22:24 - 2014-09-08 22:26 - 03301959 _____ () C:\Users\Marion\Downloads\Michael_Fuchs-Gambock_-_Linkin_Park_-_Die_inoffizielle_Biografie.rar
2014-09-08 22:23 - 2014-09-08 22:27 - 13091567 _____ () C:\Users\Marion\Downloads\Melissa Marr - Sommerlicht 1-5.rar
2014-09-08 22:20 - 2014-09-08 22:20 - 03291498 _____ () C:\Users\Marion\Downloads\Beth-Revis---Godspeed-Trilogie.rar
2014-09-08 18:15 - 2014-09-14 23:14 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Mp3tag
2014-09-08 18:15 - 2014-09-08 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-09-08 18:15 - 2014-09-08 18:15 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-09-08 18:13 - 2014-09-08 18:13 - 02692496 _____ () C:\Users\Marion\Downloads\mp3tagv263setup.exe
2014-09-07 13:42 - 2014-09-07 13:42 - 07022106 _____ () C:\Users\Marion\Downloads\wordpress-4.0-de_DE.zip
2014-09-05 17:43 - 2014-09-05 17:43 - 652022255 _____ () C:\WINDOWS\MEMORY.DMP
2014-09-04 18:06 - 2014-08-23 02:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-09-04 18:06 - 2014-08-15 02:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2014-09-04 18:06 - 2014-08-07 04:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-09-04 18:06 - 2014-08-06 02:48 - 02374816 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-09-04 18:06 - 2014-08-06 01:46 - 02088648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-09-04 18:06 - 2014-08-02 05:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-09-04 18:06 - 2014-07-30 03:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-09-04 18:06 - 2014-07-29 07:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2014-09-03 17:48 - 2014-09-03 17:50 - 00001377 _____ () C:\Users\Public\Desktop\Die Sims 4.lnk
2014-09-03 17:48 - 2014-09-03 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Sims 4
2014-09-01 22:45 - 2014-09-01 22:47 - 03695525 _____ () C:\Users\Marion\Downloads\Stacey_Jay_-_Romeo_und_Julia_-_kompl._Band_1_u._2.rar
2014-09-01 22:42 - 2014-09-01 22:44 - 06472289 _____ () C:\Users\Marion\Downloads\Philip Pullman - Das Bernstein-Teleskop.rar
2014-09-01 22:41 - 2014-09-01 22:41 - 06364713 _____ () C:\Users\Marion\Downloads\Philip-Pullman---Der-Goldene-Kompass.rar
2014-08-30 21:50 - 2014-08-30 21:50 - 04308696 _____ () C:\Users\Marion\Downloads\Philip-Pullman---Das-Magische-Messer.rar
2014-08-30 21:47 - 2014-08-30 21:57 - 32698830 _____ () C:\Users\Marion\Downloads\JoanneKRowHarry P.Gesamtausg.19.7.14.rar
2014-08-27 21:28 - 2014-08-27 21:28 - 00001199 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip.lnk
2014-08-27 21:27 - 2014-08-27 21:27 - 03701908 _____ () C:\Users\Marion\Downloads\Love_01_-_Fischer.rar
2014-08-26 20:18 - 2014-09-11 22:38 - 00000000 ____D () C:\Users\Marion\AppData\Local\Adobe
2014-08-20 20:25 - 2014-08-20 20:25 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-08-20 19:37 - 2014-08-20 19:38 - 00049664 _____ () C:\Users\Marion\Downloads\FaMI  3. AJ 2014-15.xls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 19:36 - 2014-09-18 19:35 - 00026574 _____ () C:\Users\Marion\Desktop\FRST.txt
2014-09-18 19:35 - 2014-09-18 19:35 - 00000000 ____D () C:\FRST
2014-09-18 19:35 - 2014-09-18 19:34 - 02105856 _____ (Farbar) C:\Users\Marion\Desktop\FRST64.exe
2014-09-18 19:31 - 2014-09-18 19:31 - 00000034 _____ () C:\WINDOWS\cdplayer.ini
2014-09-18 19:31 - 2014-06-28 17:10 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Skype
2014-09-18 19:31 - 2014-06-25 17:38 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\ClassicShell
2014-09-18 19:30 - 2014-09-18 19:30 - 00000474 _____ () C:\Users\Marion\Desktop\defogger_disable.log
2014-09-18 19:30 - 2014-09-18 19:30 - 00000000 _____ () C:\Users\Marion\defogger_reenable
2014-09-18 19:30 - 2014-06-25 15:03 - 00000000 ____D () C:\Users\Marion
2014-09-18 19:28 - 2014-09-18 19:28 - 00050477 _____ () C:\Users\Marion\Desktop\Defogger.exe
2014-09-18 19:21 - 2014-09-18 18:49 - 00000000 ____D () C:\Program Files (x86)\LPT
2014-09-18 19:18 - 2014-09-18 18:44 - 00000000 ____D () C:\Program Files (x86)\Audiograbber
2014-09-18 19:17 - 2014-09-18 18:50 - 00000000 ____D () C:\Program Files (x86)\Security Guard
2014-09-18 19:14 - 2014-07-26 20:42 - 00000000 ____D () C:\WINDOWS\System32\Tasks\NCH Software
2014-09-18 19:13 - 2014-09-18 19:13 - 02489752 _____ () C:\Users\Marion\Downloads\geek_1.3.1.38.zip
2014-09-18 19:12 - 2014-09-18 19:12 - 01101648 _____ () C:\Users\Marion\Downloads\GeekUninstaller - CHIP-Installer.exe
2014-09-18 19:04 - 2014-01-24 04:38 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2014-09-18 19:04 - 2014-01-24 04:38 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2014-09-18 19:04 - 2013-08-28 10:36 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-18 19:02 - 2014-06-28 16:45 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-18 19:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-18 18:56 - 2014-06-25 15:09 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1723613562-3815979346-2504557632-1001
2014-09-18 18:55 - 2014-01-24 04:02 - 01154586 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-18 18:53 - 2014-09-18 18:47 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2014-09-18 18:52 - 2014-09-18 18:52 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\dlg
2014-09-18 18:51 - 2014-09-18 18:51 - 00001150 _____ () C:\Users\Public\Desktop\Audiograbber.lnk
2014-09-18 18:51 - 2014-09-18 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
2014-09-18 18:51 - 2014-08-17 16:33 - 00000000 ____D () C:\Users\Marion\AppData\Local\CrashDumps
2014-09-18 18:50 - 2014-09-18 18:50 - 00472096 _____ () C:\Users\Marion\Downloads\download_audiograbber.exe
2014-09-18 18:49 - 2014-09-18 18:49 - 00002515 _____ () C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-18 18:48 - 2014-09-18 18:48 - 00000000 ____D () C:\Users\Marion\AppData\Local\Smartbar
2014-09-18 18:48 - 2014-09-18 18:48 - 00000000 ____D () C:\Users\Marion\AppData\Local\LPT
2014-09-18 18:48 - 2014-07-12 12:54 - 00000000 ____D () C:\ProgramData\Origin
2014-09-18 18:47 - 2014-09-18 18:47 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Abelssoft
2014-09-18 18:47 - 2014-09-18 18:47 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Abelssoft
2014-09-18 18:47 - 2014-09-18 18:47 - 00000000 ____D () C:\Users\Marion\AppData\Local\Abelssoft
2014-09-18 18:47 - 2014-09-18 18:47 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-09-18 18:46 - 2014-09-18 18:46 - 01101648 _____ () C:\Users\Marion\Downloads\Audiograbber - CHIP-Installer.exe
2014-09-18 18:44 - 2014-09-18 18:44 - 00400569 _____ () C:\Users\Marion\Downloads\agmp3plugin.exe
2014-09-18 18:43 - 2014-07-12 12:54 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-18 18:43 - 2014-01-24 03:44 - 00036265 _____ () C:\WINDOWS\setupact.log
2014-09-18 18:37 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-18 18:34 - 2014-07-23 21:54 - 00000000 ___RD () C:\Users\Marion\Dropbox
2014-09-18 18:34 - 2014-07-23 21:51 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Dropbox
2014-09-18 18:33 - 2013-08-28 10:34 - 00062464 _____ () C:\WINDOWS\PFRO.log
2014-09-18 18:33 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-17 17:49 - 2014-06-25 18:11 - 02276712 _____ () C:\Users\Public\CAFADEBUG.log
2014-09-17 17:49 - 2014-01-24 04:28 - 00004608 _____ () C:\WINDOWS\system32\VfService.trf
2014-09-17 17:48 - 2014-07-10 19:31 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Spotify
2014-09-17 17:09 - 2014-07-10 19:33 - 00000000 ____D () C:\Users\Marion\AppData\Local\Spotify
2014-09-17 07:30 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-17 07:29 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-09-15 00:39 - 2014-09-11 18:21 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-14 23:14 - 2014-09-08 18:15 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Mp3tag
2014-09-14 21:04 - 2014-08-11 23:15 - 00001152 _____ () C:\Users\Marion\Desktop\Amazon Music.lnk
2014-09-14 17:23 - 2014-06-27 19:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-13 15:54 - 2014-09-13 15:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-12 20:25 - 2014-06-25 15:04 - 00000000 ____D () C:\Users\Marion\AppData\Local\Packages
2014-09-12 19:01 - 2014-09-12 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-12 19:01 - 2014-09-12 19:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-12 19:01 - 2014-09-12 19:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-12 19:00 - 2014-09-12 19:00 - 13087456 _____ (Microsoft Corporation) C:\Users\Marion\Downloads\Silverlight_x64.exe
2014-09-11 22:38 - 2014-08-26 20:18 - 00000000 ____D () C:\Users\Marion\AppData\Local\Adobe
2014-09-11 21:41 - 2014-07-02 21:29 - 00000000 ____D () C:\Users\Marion\Documents\My Digital Editions
2014-09-11 18:22 - 2014-09-11 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-11 18:22 - 2014-09-11 18:21 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-11 18:22 - 2014-09-11 18:21 - 00000000 ____D () C:\Program Files\iTunes
2014-09-11 18:21 - 2014-09-11 18:21 - 00000000 ____D () C:\Program Files\iPod
2014-09-10 17:51 - 2014-09-10 17:51 - 00003152 _____ () C:\WINDOWS\System32\Tasks\{94A15115-EB9C-4D31-AB8A-761440CE7A6A}
2014-09-10 17:51 - 2014-06-28 16:44 - 00000000 ____D () C:\Program Files (x86)\VR-NetWorld
2014-09-10 17:49 - 2014-09-10 17:48 - 42988342 _____ (Volksbanken Raiffeisenbanken ) C:\Users\Marion\Downloads\VRNetWorldSW_51311.exe
2014-09-09 23:25 - 2014-09-09 23:22 - 06018962 _____ () C:\Users\Marion\Downloads\Elspeth_Cooper_-_Der_Schleier_der_Macht_-_Die_Lieder_der_Erde_3.rar
2014-09-09 22:30 - 2014-09-09 22:29 - 03389614 _____ () C:\Users\Marion\Downloads\Miranda J. Fox - Zuckersuesses Chaos.rar
2014-09-09 22:26 - 2014-09-09 22:25 - 06891725 _____ () C:\Users\Marion\Downloads\Norbert-Hofer---Wordpress-Crashkurs.rar
2014-09-09 22:13 - 2014-09-09 22:12 - 05133784 _____ () C:\Users\Marion\Downloads\Elspeth-Cooper---Die-wilde-Jagd---Die-Lieder-der-Erde-2.rar
2014-09-09 22:09 - 2014-09-09 22:09 - 13143533 _____ () C:\Users\Marion\Downloads\Lynsay-Sands---Sammlung--30-Ebooks-.rar
2014-09-09 22:08 - 2014-09-09 22:05 - 04209030 _____ () C:\Users\Marion\Downloads\Kami_Garcia_-_Sammlung_5_Ebooks.rar
2014-09-09 22:04 - 2014-09-09 22:03 - 03694010 _____ () C:\Users\Marion\Downloads\Erin McCarthy - Wenn ich mich verliere.rar
2014-09-09 22:02 - 2014-07-08 19:02 - 10036224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2014-09-09 22:02 - 2014-06-28 16:45 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-09-08 23:40 - 2014-09-08 23:28 - 26064294 _____ () C:\Users\Marion\Downloads\William_Shakespeare_-_Samtliche_Werke_William_Shakespeare_1.rar
2014-09-08 23:34 - 2014-09-08 23:34 - 03871002 _____ () C:\Users\Marion\Downloads\Elspeth-Cooper---Die-Lieder-der-Erde.rar
2014-09-08 23:15 - 2014-09-08 23:14 - 10590527 _____ () C:\Users\Marion\Downloads\Daniela Katzenberger - Sei schlau, stell dich dumm.rar
2014-09-08 22:56 - 2014-09-08 22:56 - 04081503 _____ () C:\Users\Marion\Downloads\Sharon-Cameron---Stranwyne-Castle---Das-truegerische-Fluestern-des-Windes.rar
2014-09-08 22:56 - 2014-09-08 22:56 - 03219289 _____ () C:\Users\Marion\Downloads\Lynsay-Sands---Die-Braut-des-Schotten.rar
2014-09-08 22:54 - 2014-09-08 22:54 - 05100371 _____ () C:\Users\Marion\Downloads\Roxanne-St.-Claire---Barfuss-ins-Glueck.rar
2014-09-08 22:51 - 2014-09-08 22:50 - 03409363 _____ () C:\Users\Marion\Downloads\Julie-Kagawa---Unsterblich---Tor-der-Nacht-Band-2.rar
2014-09-08 22:44 - 2014-09-08 22:44 - 03732067 _____ () C:\Users\Marion\Downloads\Lisa-Stern---Peinliche-Liebschaften---Unglaubliche-erotische-Geschichten.rar
2014-09-08 22:27 - 2014-09-08 22:23 - 13091567 _____ () C:\Users\Marion\Downloads\Melissa Marr - Sommerlicht 1-5.rar
2014-09-08 22:26 - 2014-09-08 22:26 - 04330356 _____ () C:\Users\Marion\Downloads\Jojo-Moyes---5-Ebooks.rar
2014-09-08 22:26 - 2014-09-08 22:24 - 03301959 _____ () C:\Users\Marion\Downloads\Michael_Fuchs-Gambock_-_Linkin_Park_-_Die_inoffizielle_Biografie.rar
2014-09-08 22:20 - 2014-09-08 22:20 - 03291498 _____ () C:\Users\Marion\Downloads\Beth-Revis---Godspeed-Trilogie.rar
2014-09-08 18:19 - 2014-07-26 20:42 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\NCH Software
2014-09-08 18:15 - 2014-09-08 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-09-08 18:15 - 2014-09-08 18:15 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-09-08 18:13 - 2014-09-08 18:13 - 02692496 _____ () C:\Users\Marion\Downloads\mp3tagv263setup.exe
2014-09-07 23:25 - 2014-06-26 14:46 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\vlc
2014-09-07 13:42 - 2014-09-07 13:42 - 07022106 _____ () C:\Users\Marion\Downloads\wordpress-4.0-de_DE.zip
2014-09-05 17:43 - 2014-09-05 17:43 - 652022255 _____ () C:\WINDOWS\MEMORY.DMP
2014-09-04 18:11 - 2013-08-22 16:44 - 00491720 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-04 18:06 - 2013-08-22 17:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-04 00:00 - 2014-07-12 17:44 - 00000000 ____D () C:\Users\Marion\Documents\Electronic Arts
2014-09-03 21:10 - 2014-07-02 20:22 - 00000000 ____D () C:\Users\Marion\Documents\Marion
2014-09-03 17:50 - 2014-09-03 17:48 - 00001377 _____ () C:\Users\Public\Desktop\Die Sims 4.lnk
2014-09-03 17:48 - 2014-09-03 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Sims 4
2014-09-03 17:27 - 2014-07-12 12:57 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-02 19:45 - 2014-06-28 17:09 - 00000000 ____D () C:\ProgramData\Skype
2014-09-01 22:47 - 2014-09-01 22:45 - 03695525 _____ () C:\Users\Marion\Downloads\Stacey_Jay_-_Romeo_und_Julia_-_kompl._Band_1_u._2.rar
2014-09-01 22:44 - 2014-09-01 22:42 - 06472289 _____ () C:\Users\Marion\Downloads\Philip Pullman - Das Bernstein-Teleskop.rar
2014-09-01 22:41 - 2014-09-01 22:41 - 06364713 _____ () C:\Users\Marion\Downloads\Philip-Pullman---Der-Goldene-Kompass.rar
2014-08-31 19:01 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-31 18:56 - 2013-08-22 17:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-08-30 21:57 - 2014-08-30 21:47 - 32698830 _____ () C:\Users\Marion\Downloads\JoanneKRowHarry P.Gesamtausg.19.7.14.rar
2014-08-30 21:50 - 2014-08-30 21:50 - 04308696 _____ () C:\Users\Marion\Downloads\Philip-Pullman---Das-Magische-Messer.rar
2014-08-30 19:55 - 2014-06-27 19:56 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-27 21:28 - 2014-08-27 21:28 - 00001199 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip.lnk
2014-08-27 21:28 - 2014-07-26 20:42 - 00000000 ____D () C:\ProgramData\NCH Software
2014-08-27 21:28 - 2014-07-26 20:42 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-08-27 21:27 - 2014-08-27 21:27 - 03701908 _____ () C:\Users\Marion\Downloads\Love_01_-_Fischer.rar
2014-08-24 14:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-08-23 02:42 - 2014-09-04 18:06 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-21 19:04 - 2014-06-25 17:57 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-21 19:01 - 2014-06-25 17:57 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-20 20:25 - 2014-08-20 20:25 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-08-20 20:25 - 2014-06-28 17:16 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Apple Computer
2014-08-20 19:38 - 2014-08-20 19:37 - 00049664 _____ () C:\Users\Marion\Downloads\FaMI  3. AJ 2014-15.xls

Some content of TEMP:
====================
C:\Users\Marion\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptsvm4w.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-14 23:48

==================== End Of Log ============================
         

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-18 19:41:04
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000001c ST1000LM024_HN-M101MBB rev.2AR20002 931,51GB
Running: y6xww3w3.exe; Driver: C:\Users\Marion\AppData\Local\Temp\fxryrpog.sys


---- Kernel code sections - GMER 2.1 ----

.text    C:\WINDOWS\System32\win32k.sys!W32pServiceTable                                                                                                                                                                        fffff960000be700 15 bytes [40, B5, F7, 01, 80, 39, 70, ...]
.text    C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16                                                                                                                                                                   fffff960000be710 11 bytes [00, 15, FC, FF, 00, 27, C3, ...]

---- User code sections - GMER 2.1 ----

.text    C:\WINDOWS\system32\atiesrxx.exe[880] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                                           00007ffc3416169a 4 bytes [16, 34, FC, 7F]
.text    C:\WINDOWS\system32\atiesrxx.exe[880] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                                           00007ffc341616a2 4 bytes [16, 34, FC, 7F]
.text    C:\WINDOWS\system32\atiesrxx.exe[880] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                              00007ffc3416181a 4 bytes [16, 34, FC, 7F]
.text    C:\WINDOWS\system32\atiesrxx.exe[880] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                              00007ffc34161832 4 bytes [16, 34, FC, 7F]
.text    C:\WINDOWS\system32\atieclxx.exe[468] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                                           00007ffc3416169a 4 bytes [16, 34, FC, 7F]
.text    C:\WINDOWS\system32\atieclxx.exe[468] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                                           00007ffc341616a2 4 bytes [16, 34, FC, 7F]
.text    C:\WINDOWS\system32\atieclxx.exe[468] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                              00007ffc3416181a 4 bytes [16, 34, FC, 7F]
.text    C:\WINDOWS\system32\atieclxx.exe[468] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                              00007ffc34161832 4 bytes [16, 34, FC, 7F]
.text    C:\WINDOWS\System32\spoolsv.exe[1284] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                                           00007ffc3416169a 4 bytes [16, 34, FC, 7F]
.text    C:\WINDOWS\System32\spoolsv.exe[1284] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                                           00007ffc341616a2 4 bytes [16, 34, FC, 7F]
.text    C:\WINDOWS\System32\spoolsv.exe[1284] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                              00007ffc3416181a 4 bytes [16, 34, FC, 7F]
.text    C:\WINDOWS\System32\spoolsv.exe[1284] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                              00007ffc34161832 4 bytes [16, 34, FC, 7F]
.text    C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1668] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                       00007ffc3416169a 4 bytes [16, 34, FC, 7F]
.text    C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1668] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                       00007ffc341616a2 4 bytes [16, 34, FC, 7F]
.text    C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1668] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                          00007ffc3416181a 4 bytes [16, 34, FC, 7F]
.text    C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1668] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                          00007ffc34161832 4 bytes [16, 34, FC, 7F]
.text    C:\WINDOWS\Explorer.EXE[2964] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                                                   00007ffc3416169a 4 bytes [16, 34, FC, 7F]
.text    C:\WINDOWS\Explorer.EXE[2964] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                                                   00007ffc341616a2 4 bytes [16, 34, FC, 7F]
.text    C:\WINDOWS\Explorer.EXE[2964] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                                      00007ffc3416181a 4 bytes [16, 34, FC, 7F]
.text    C:\WINDOWS\Explorer.EXE[2964] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                                      00007ffc34161832 4 bytes [16, 34, FC, 7F]
.text    C:\WINDOWS\Explorer.EXE[2964] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194                                                                                                                                         00007ffc289d1f6a 4 bytes [9D, 28, FC, 7F]
.text    C:\WINDOWS\Explorer.EXE[2964] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218                                                                                                                                         00007ffc289d1f82 4 bytes [9D, 28, FC, 7F]
.text    C:\Windows\System32\igfxpers.exe[3652] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                                          00007ffc3416169a 4 bytes [16, 34, FC, 7F]
.text    C:\Windows\System32\igfxpers.exe[3652] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                                          00007ffc341616a2 4 bytes [16, 34, FC, 7F]
.text    C:\Windows\System32\igfxpers.exe[3652] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                             00007ffc3416181a 4 bytes [16, 34, FC, 7F]
.text    C:\Windows\System32\igfxpers.exe[3652] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                             00007ffc34161832 4 bytes [16, 34, FC, 7F]
.text    C:\Windows\RTFTrack.exe[3712] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                                                   00007ffc3416169a 4 bytes [16, 34, FC, 7F]
.text    C:\Windows\RTFTrack.exe[3712] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                                                   00007ffc341616a2 4 bytes [16, 34, FC, 7F]
.text    C:\Windows\RTFTrack.exe[3712] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                                      00007ffc3416181a 4 bytes [16, 34, FC, 7F]
.text    C:\Windows\RTFTrack.exe[3712] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                                      00007ffc34161832 4 bytes [16, 34, FC, 7F]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3736] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                             00007ffc3416169a 4 bytes [16, 34, FC, 7F]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3736] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                             00007ffc341616a2 4 bytes [16, 34, FC, 7F]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3736] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                00007ffc3416181a 4 bytes [16, 34, FC, 7F]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3736] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                00007ffc34161832 4 bytes [16, 34, FC, 7F]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3880] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                          00007ffc3416169a 4 bytes [16, 34, FC, 7F]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3880] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                          00007ffc341616a2 4 bytes [16, 34, FC, 7F]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3880] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                             00007ffc3416181a 4 bytes [16, 34, FC, 7F]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3880] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                             00007ffc34161832 4 bytes [16, 34, FC, 7F]
.text    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3124] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                     00007ffc3416169a 4 bytes [16, 34, FC, 7F]
.text    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3124] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                     00007ffc341616a2 4 bytes [16, 34, FC, 7F]
.text    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3124] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                        00007ffc3416181a 4 bytes [16, 34, FC, 7F]
.text    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3124] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                        00007ffc34161832 4 bytes [16, 34, FC, 7F]
.text    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3124] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194                                                                                                           00007ffc289d1f6a 4 bytes [9D, 28, FC, 7F]
.text    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3124] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218                                                                                                           00007ffc289d1f82 4 bytes [9D, 28, FC, 7F]

---- Threads - GMER 2.1 ----

Thread   C:\WINDOWS\system32\csrss.exe [588:612]                                                                                                                                                                                fffff960008bfb90
---- Processes - GMER 2.1 ----

Process  C:\Users\Marion\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\Marion\AppData\Roaming\Dropbox\bin\Dropbox.exe [2900] (FILE NOT FOUND)                                                         0000000000400000
Library  C:\Users\Marion\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Marion\AppData\Roaming\Dropbox\bin\Dropbox.exe [2900](2014-08-15 18:46:08)                                                0000000003dd0000
Library  c:\users\marion\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptsvm4w.dll (*** suspicious ***) @ C:\Users\Marion\AppData\Roaming\Dropbox\bin\Dropbox.exe [2900](2014-09-18 16:33:55)  00000000043c0000
Library  C:\Users\Marion\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Marion\AppData\Roaming\Dropbox\bin\Dropbox.exe [2900](2013-08-23 19:01:44)                                                      000000006d4d0000
Library  C:\Users\Marion\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Marion\AppData\Roaming\Dropbox\bin\Dropbox.exe [2900] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42)                        000000006f180000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                                                                  unknown MBR code

---- EOF - GMER 2.1 ----