|
Log-Analyse und Auswertung: Windows 8: Mc Afee entdeckt verschiedene Viren und Trojaner, unter anderem PUP.FNK und PUP.FKSWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
28.11.2014, 14:52 | #1 |
| Windows 8: Mc Afee entdeckt verschiedene Viren und Trojaner, unter anderem PUP.FNK und PUP.FKS Hallo Trojaner-Board-Forum, ich hatte vor gut zwei Wochen ein Werbe-Spam-Problem in meinem Browser (Opera). Daraufhin habe ich mich im Internet informiert und mir Adware Cleaner gedownloaded und ausgeführt; seitdem ist die Werbung in meinem Browser verschwunden. Nun war ich aber um die generelle Sicherheit meines PCs besorgt und habe deshalb MC Afee einen vollständigen Scan durchführen lassen, es wurden mehrere Viren und Trojaner entdeckt, unter anderem PUP.FNK und PUP.FKS. Alles wurde von McAfee in die Quarantäne verschoben. Trotzdem hätte ich diese Bedrohungen gerne sicher entfernt und wäre mir gerne vor allem sicher, dass mein PC jetzt vollständig sicher ist. Deshalb wende ich mich hiermit an das Trojaner-Board-Forum. Selbstverständlich habe ich alle vorgegebenen Schritte ausgeführt, hier die Logs dazu: Leider konnte ich weder den AdwareCleaner Log noch den von Mc Afee finden. Defogger Log: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 13:43 on 28/11/2014 (Johanna) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01 Ran by Johanna (administrator) on JOHANNASPC on 28-11-2014 13:49:12 Running from C:\Users\Johanna\Desktop Loaded Profile: Johanna (Available profiles: Johanna) Platform: Windows 8.1 (X64) OS Language: Englisch (Vereinigte Staaten) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe (Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Spotify Ltd) C:\Users\Johanna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Dropbox, Inc.) C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.24\opera.exe () C:\Program Files (x86)\Opera\26.0.1656.24\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.24\opera.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.24\opera.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.24\opera.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (PC-Doctor, Inc.) C:\Program Files\My Dell\uaclauncher.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.24\opera.exe () C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeRevel_1.5.101.6_x64__ynb6jyjzte8ga\AdobeRevel.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-14] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-13] (AVAST Software) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-07-31] ( (Atheros Communications)) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-1306114221-2738080776-3084928801-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21645408 2014-07-24] (Skype Technologies S.A.) HKU\S-1-5-21-1306114221-2738080776-3084928801-1001\...\Run: [Gameo] => C:\Users\Johanna\AppData\Roaming\Gameo\gameo.exe "C:\Users\Johanna\AppData\Roaming\Gameo\gameo.dat" mode:minimized HKU\S-1-5-21-1306114221-2738080776-3084928801-1001\...\Run: [Spotify Web Helper] => C:\Users\Johanna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-08-24] (Spotify Ltd) HKU\S-1-5-21-1306114221-2738080776-3084928801-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent HKU\S-1-5-21-1306114221-2738080776-3084928801-1001\...\Run: [Yahoo! Search] => C:\Users\Johanna\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe Startup: C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:49735;https=127.0.0.1:49735 HKU\S-1-5-21-1306114221-2738080776-3084928801-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {5D310720-BB6B-4C67-89CE-39F850BB3EAB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default FF DefaultSearchEngine: Yahoo! Search FF SelectedSearchEngine: Yahoo! Search FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll () FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Johanna\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystarttb.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml FF Extension: Browse Safe - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\Extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962} [2014-09-01] FF Extension: focusbase - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\Extensions\{2b929fe1-284b-4766-afb9-19b0915b99b0}.xpi [2014-09-23] FF Extension: App Bud - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\Extensions\{e6ca9971-30ed-444a-9489-82fca50b2062}.xpi [2014-10-03] FF Extension: Term Tutor - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com [2014-08-31] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-08-06] FF Extension: No Name - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\faststartff@gmail.com [Not Found] FF Extension: No Name - C:\Program Files (x86)\ver9BlockAndSurf\178.xpi [Not Found] FF Extension: No Name - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c} [Not Found] Chrome: ======= CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=MEBA1CF47-8CB8-4AD8-98A8-B7F572AAB0B6&SearchSource=55&CUI=&UM=2&UP=SP066DE25B-C5E8-4D49-89FA-E33B4D802B18&SSPV= CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=MEBA1CF47-8CB8-4AD8-98A8-B7F572AAB0B6&SearchSource=55&CUI=&UM=2&UP=SP066DE25B-C5E8-4D49-89FA-E33B4D802B18&SSPV=" CHR DefaultSearchKeyword: Default -> trovi.com CHR DefaultSearchURL: Default -> hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=MEBA1CF47-8CB8-4AD8-98A8-B7F572AAB0B6&SearchSource=58&CUI=&UM=2&UP=SP066DE25B-C5E8-4D49-89FA-E33B4D802B18&q={searchTerms}&SSPV= CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms} CHR Profile: C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-29] CHR Extension: (Google Drive) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-29] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09] CHR Extension: (YouTube) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-29] CHR Extension: (Google-Suche) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-29] CHR Extension: (BlockAndSurf) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jakgohcoccmgmhiagfgkhmnnmnolalal [2014-08-31] CHR Extension: (Google Wallet) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-29] CHR Extension: (focusbase) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\oedbdopeomhfdadjfjalggcfjnfkilbn [2014-10-28] CHR Extension: (Google Mail) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-29] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-31] (Windows (R) Win 7 DDK provider) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-09] (AVAST Software) S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.) R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [152272 2014-09-18] (Dell Inc.) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-02-20] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-20] (Intel Corporation) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.) S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed] R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-09] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-09] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-23] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-11] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-09] () R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-08-08] (Qualcomm Atheros Communications, Inc.) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-07-31] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-08-06] (Microsoft Corporation) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [116736 2014-02-20] (Intel Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.) R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.) S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S1 ttnfd; system32\drivers\ttnfd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-28 13:49 - 2014-11-28 13:49 - 00020146 _____ () C:\Users\Johanna\Desktop\FRST.txt 2014-11-28 13:48 - 2014-11-28 13:49 - 00000000 ____D () C:\FRST 2014-11-28 13:47 - 2014-11-28 13:47 - 02117632 _____ (Farbar) C:\Users\Johanna\Desktop\FRST64.exe 2014-11-28 13:43 - 2014-11-28 13:43 - 00000476 _____ () C:\Users\Johanna\Desktop\defogger_disable.log 2014-11-28 13:43 - 2014-11-28 13:43 - 00000000 _____ () C:\Users\Johanna\defogger_reenable 2014-11-28 13:40 - 2014-11-28 13:40 - 00050477 _____ () C:\Users\Johanna\Desktop\Defogger.exe 2014-11-28 13:33 - 2014-11-28 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-11-23 19:10 - 2014-11-23 19:10 - 00000000 ___RD () C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-11-23 17:06 - 2014-11-23 17:10 - 00000000 ____D () C:\AdwCleaner 2014-11-23 17:06 - 2014-11-23 17:07 - 02138708 _____ () C:\Users\Johanna\Downloads\adwcleaner_4.101 (1).exe 2014-11-23 17:06 - 2014-11-23 17:06 - 02140160 _____ () C:\Users\Johanna\Downloads\adwcleaner_4.101 (2).exe 2014-11-23 17:03 - 2014-11-23 17:04 - 02140160 _____ () C:\Users\Johanna\Downloads\adwcleaner_4.101.exe 2014-11-23 16:05 - 2014-11-23 16:05 - 00000000 ____D () C:\Users\Johanna\AppData\Local\Macromedia 2014-11-19 11:15 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 11:15 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 11:15 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 11:15 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-19 11:09 - 2014-11-19 11:09 - 00000000 __SHD () C:\Users\Johanna\AppData\Local\EmieBrowserModeList 2014-11-16 12:56 - 2014-09-27 08:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll 2014-11-16 12:56 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll 2014-11-16 12:56 - 2014-09-27 04:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-16 12:56 - 2014-09-27 04:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2014-11-16 12:56 - 2014-09-27 04:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-16 12:55 - 2014-10-18 10:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-11-16 12:55 - 2014-10-18 09:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-11-16 12:55 - 2014-10-18 09:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-11-16 12:55 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-11-16 12:55 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll 2014-11-16 12:55 - 2014-10-18 07:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-11-16 12:55 - 2014-10-18 07:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-11-16 12:55 - 2014-10-18 07:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-11-16 12:55 - 2014-10-18 07:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2014-11-16 12:55 - 2014-10-18 07:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-11-16 12:55 - 2014-10-18 07:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-11-16 12:55 - 2014-10-18 07:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-11-16 12:55 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-11-16 12:55 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-11-16 12:55 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-11-16 12:55 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-11-16 12:55 - 2014-10-17 08:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-16 12:55 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-16 12:55 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-11-16 12:55 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-16 12:55 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-16 12:55 - 2014-10-10 02:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-16 12:55 - 2014-10-10 02:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2014-11-16 12:55 - 2014-10-10 02:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-11-16 12:55 - 2014-10-08 08:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-16 12:55 - 2014-10-08 08:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-16 12:55 - 2014-10-08 08:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2014-11-16 12:55 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2014-11-16 12:55 - 2014-10-08 08:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll 2014-11-16 12:55 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-11-16 12:55 - 2014-10-08 07:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2014-11-16 12:55 - 2014-10-08 07:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-16 12:55 - 2014-10-08 07:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-16 12:55 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-11-16 12:55 - 2014-10-08 07:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2014-11-16 12:55 - 2014-10-08 07:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-16 12:55 - 2014-10-08 06:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-11-16 12:55 - 2014-10-08 06:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-11-16 12:55 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-11-16 12:54 - 2014-09-22 05:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2014-11-16 12:54 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-11-16 12:54 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2014-11-16 12:54 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-11-16 12:54 - 2014-09-19 01:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2014-11-16 12:54 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll 2014-11-16 12:54 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll 2014-11-16 12:53 - 2014-10-31 06:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-16 12:53 - 2014-10-31 06:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-16 12:53 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-16 12:53 - 2014-10-31 06:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-16 12:53 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-16 12:53 - 2014-10-31 05:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-11-16 12:53 - 2014-10-31 05:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-16 12:53 - 2014-10-31 05:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-16 12:53 - 2014-10-31 05:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-16 12:53 - 2014-10-31 05:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-16 12:53 - 2014-10-31 05:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2014-11-16 12:53 - 2014-10-31 05:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-11-16 12:53 - 2014-10-31 05:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-16 12:53 - 2014-10-31 05:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-16 12:53 - 2014-10-31 04:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-16 12:53 - 2014-10-31 04:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-16 12:53 - 2014-10-31 04:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2014-11-16 12:53 - 2014-10-31 04:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-16 12:53 - 2014-10-31 04:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-16 12:53 - 2014-10-31 04:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-16 12:53 - 2014-10-31 04:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-16 12:53 - 2014-10-31 04:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-16 12:53 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-16 12:53 - 2014-10-31 04:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-11-16 12:53 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-16 12:53 - 2014-10-31 04:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-16 12:53 - 2014-10-31 03:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-16 12:53 - 2014-10-31 03:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-16 12:53 - 2014-10-31 03:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2014-11-16 12:53 - 2014-10-31 03:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-11-16 12:53 - 2014-10-31 03:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-16 12:53 - 2014-10-31 03:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-16 12:53 - 2014-10-31 03:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-16 12:53 - 2014-10-31 03:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-16 12:53 - 2014-10-31 03:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-16 12:53 - 2014-10-31 03:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-16 12:53 - 2014-10-31 03:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-16 12:52 - 2014-11-05 00:38 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-16 12:52 - 2014-11-04 01:10 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-16 12:52 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-11-16 12:52 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-11-16 12:52 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-11-16 12:52 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-11-16 12:52 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-11-16 12:52 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-11-16 12:52 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-16 12:52 - 2014-10-31 06:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-11-16 12:52 - 2014-10-31 06:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-16 12:52 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-16 12:52 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-16 12:52 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-11-16 12:52 - 2014-10-31 05:53 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-11-16 12:52 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll 2014-11-16 12:52 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-16 12:52 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-16 12:52 - 2014-10-31 05:49 - 00537088 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-16 12:52 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-11-16 12:52 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-16 12:52 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-11-16 12:52 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-11-16 12:52 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-11-16 12:52 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-16 12:52 - 2014-10-31 05:24 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-11-16 12:52 - 2014-10-31 05:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-16 12:52 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-11-16 12:52 - 2014-10-31 05:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-11-16 12:52 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-11-16 12:52 - 2014-10-31 05:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-16 12:52 - 2014-10-31 05:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-16 12:52 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-11-16 12:52 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-11-16 12:52 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-11-16 12:52 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-11-16 12:52 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-11-16 12:52 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-11-16 12:52 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-11-16 12:52 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-16 12:52 - 2014-10-31 04:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-11-16 12:52 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-16 12:52 - 2014-10-31 04:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-16 12:52 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-16 12:52 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-16 12:52 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-11-16 12:52 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll 2014-11-16 12:52 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-16 12:52 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-11-16 12:52 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-16 12:52 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-11-16 12:52 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-11-16 12:52 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-11-16 12:52 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-16 12:52 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-11-16 12:52 - 2014-10-31 03:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-16 12:52 - 2014-10-31 03:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-11-16 12:52 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-11-16 12:52 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2014-11-16 12:52 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-11-16 12:52 - 2014-10-23 06:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-16 12:52 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-16 12:52 - 2014-10-07 07:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-16 12:52 - 2014-10-07 07:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-16 12:52 - 2014-10-07 07:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-16 12:52 - 2014-10-07 07:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-11-16 12:52 - 2014-10-07 07:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-16 12:52 - 2014-10-07 04:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-16 12:52 - 2014-10-07 04:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-16 12:52 - 2014-10-07 04:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-16 12:52 - 2014-10-07 04:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-16 12:52 - 2014-10-07 02:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2014-11-16 12:52 - 2014-10-07 02:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-16 12:52 - 2014-09-10 07:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-11-16 12:52 - 2014-09-08 04:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-11-16 12:52 - 2014-09-08 04:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-11-16 12:52 - 2014-09-07 23:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml 2014-11-16 12:52 - 2014-09-04 23:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2014-11-16 12:52 - 2014-09-04 23:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2014-11-16 12:52 - 2014-09-04 04:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll 2014-11-16 12:52 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll 2014-11-16 12:52 - 2014-09-04 02:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2014-11-16 12:52 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2014-11-16 12:52 - 2014-08-31 01:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2014-11-16 12:52 - 2014-08-31 01:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-11-16 12:52 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-11-16 12:52 - 2014-08-30 23:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll 2014-11-16 12:52 - 2014-08-30 22:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll 2014-11-16 12:52 - 2014-08-30 22:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll 2014-11-16 12:52 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll 2014-11-16 12:52 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2014-11-16 12:52 - 2014-08-28 03:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-11-16 12:52 - 2014-08-28 01:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-11-16 12:52 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-11-16 12:52 - 2014-08-23 06:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-16 12:52 - 2014-08-23 06:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2014-11-16 12:52 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2014-11-16 12:52 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-16 12:52 - 2014-08-23 05:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll 2014-11-16 12:52 - 2014-08-02 01:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll 2014-11-16 12:52 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll 2014-11-03 19:18 - 2014-11-27 18:27 - 00016575 _____ () C:\Windows\system32\lvcoinst.log 2014-11-03 19:18 - 2014-11-03 19:18 - 00000000 ____D () C:\Program Files\Common Files\logishrd 2014-10-31 22:43 - 2014-10-31 22:43 - 00612340 _____ (CMI Limited) C:\Users\Johanna\AppData\Local\nsv8CDF.tmp 2014-10-31 19:37 - 2014-10-31 19:37 - 00000000 ____D () C:\Users\Johanna\Documents\CyberLink 2014-10-31 19:37 - 2014-10-31 19:37 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\CyberLink 2014-10-31 19:37 - 2014-10-31 19:37 - 00000000 ____D () C:\Users\Johanna\AppData\Local\CyberLink 2014-10-30 16:38 - 2014-10-30 16:38 - 00000000 ____D () C:\Users\Johanna\Documents\Electronic Arts 2014-10-30 16:36 - 2014-10-30 16:36 - 00002220 _____ () C:\Users\Public\Desktop\Die Sims™ 3 Showtime.lnk 2014-10-30 16:29 - 2014-10-30 16:29 - 00002274 _____ () C:\Users\Public\Desktop\Die Sims™ 3 Traumkarrieren.lnk 2014-10-30 16:22 - 2014-10-30 16:22 - 00002292 _____ () C:\Users\Public\Desktop\Die Sims™ 3 Einfach tierisch.lnk 2014-10-30 16:15 - 2014-10-30 16:15 - 00002256 _____ () C:\Users\Public\Desktop\Die Sims™ 3 Jahreszeiten.lnk 2014-10-30 16:11 - 2014-10-30 16:11 - 00002256 _____ () C:\Users\Public\Desktop\Die Sims™ 3 Lebensfreude.lnk 2014-10-30 16:07 - 2014-10-30 16:07 - 00002238 _____ () C:\Users\Public\Desktop\Die Sims™ 3 Late Night.lnk 2014-10-30 16:00 - 2014-10-30 16:00 - 00002338 _____ () C:\Users\Public\Desktop\Die Sims™ 3 Wildes Studentenleben.lnk 2014-10-30 15:50 - 2014-10-30 15:50 - 00002114 _____ () C:\Users\Public\Desktop\Die*Sims™*3.lnk 2014-10-30 15:14 - 2014-10-30 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-10-29 15:23 - 2014-10-29 15:23 - 00000000 ____D () C:\ProgramData\EmailNotifier 2014-10-29 14:06 - 2014-10-29 14:06 - 00612252 _____ (CMI Limited) C:\Users\Johanna\AppData\Local\nse627E.tmp 2014-10-29 13:52 - 2014-10-29 13:52 - 00000000 ____D () C:\ProgramData\EA Core 2014-10-29 13:50 - 2014-08-16 04:16 - 01205976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll 2014-10-29 13:50 - 2014-08-16 04:03 - 01467384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2014-10-29 13:50 - 2014-08-16 02:31 - 00838144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-10-29 13:50 - 2014-08-16 01:43 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll 2014-10-29 13:50 - 2014-08-16 01:19 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-10-29 13:50 - 2014-08-16 01:17 - 08757760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll 2014-10-29 13:50 - 2014-08-16 01:14 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll 2014-10-29 13:50 - 2014-08-16 01:13 - 05902848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll 2014-10-29 13:50 - 2014-08-16 01:13 - 00840192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll 2014-10-29 13:50 - 2014-08-16 01:08 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-29 13:50 - 2014-08-16 01:07 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2014-10-29 13:49 - 2014-08-16 05:08 - 01507648 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll 2014-10-29 13:49 - 2014-08-16 05:01 - 01710184 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-10-29 13:49 - 2014-08-16 04:58 - 01112512 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-10-29 13:49 - 2014-08-16 02:04 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll 2014-10-29 13:49 - 2014-08-16 01:58 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll 2014-10-29 13:49 - 2014-08-16 01:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll 2014-10-29 13:49 - 2014-08-16 01:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll 2014-10-29 13:49 - 2014-08-16 01:45 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll 2014-10-29 13:49 - 2014-08-16 01:43 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll 2014-10-29 13:49 - 2014-08-16 01:31 - 00914432 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll 2014-10-29 13:49 - 2014-08-16 01:31 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll 2014-10-29 13:49 - 2014-08-16 01:29 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-10-29 13:49 - 2014-08-16 01:23 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll 2014-10-29 13:49 - 2014-08-16 01:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll 2014-10-29 13:49 - 2014-08-16 01:22 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll 2014-10-29 13:49 - 2014-08-16 01:18 - 04758528 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll 2014-10-29 13:49 - 2014-08-16 01:13 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-29 13:49 - 2014-08-16 01:11 - 00920064 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2014-10-29 13:49 - 2014-08-16 01:10 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe 2014-10-29 13:45 - 2014-09-04 01:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll 2014-10-29 13:45 - 2014-09-04 00:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll 2014-10-29 13:45 - 2014-09-04 00:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll 2014-10-29 13:40 - 2014-09-04 01:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-29 13:40 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-29 13:26 - 2014-10-29 13:26 - 00612252 _____ (CMI Limited) C:\Users\Johanna\AppData\Local\nsnDD09.tmp 2014-10-29 13:02 - 2014-08-23 08:48 - 02374784 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2014-10-29 13:02 - 2014-08-23 08:13 - 02084520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2014-10-29 13:02 - 2014-08-23 07:10 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2014-10-29 13:02 - 2014-08-23 06:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-10-29 13:02 - 2014-08-23 05:33 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-28 13:48 - 2014-08-06 02:15 - 01458489 _____ () C:\Windows\WindowsUpdate.log 2014-11-28 13:43 - 2014-08-24 17:39 - 00000000 ____D () C:\Users\Johanna 2014-11-28 13:39 - 2014-08-29 12:56 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-28 13:38 - 2014-08-24 17:45 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1306114221-2738080776-3084928801-1001 2014-11-28 13:32 - 2014-08-24 17:43 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{48ECAB51-DE82-47B0-B45B-C8D6F76C3A2F} 2014-11-28 13:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2014-11-27 18:40 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-11-27 18:39 - 2014-08-29 12:56 - 00001130 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-27 18:30 - 2014-08-24 18:05 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-11-26 07:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-11-25 20:24 - 2014-10-03 14:44 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-25 20:24 - 2014-10-03 14:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-24 07:17 - 2014-09-09 13:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-11-23 19:21 - 2014-08-06 03:06 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery 2014-11-23 19:12 - 2014-08-06 03:00 - 00048504 _____ () C:\Windows\SysWOW64\Gms.log 2014-11-23 19:11 - 2014-08-06 03:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2014-11-23 19:10 - 2014-08-29 12:56 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-11-23 19:10 - 2014-08-24 18:41 - 00000000 ___RD () C:\Users\Johanna\Dropbox 2014-11-23 19:10 - 2014-08-24 18:15 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\Dropbox 2014-11-23 19:09 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-23 17:11 - 2014-08-06 02:11 - 00039552 _____ () C:\Windows\PFRO.log 2014-11-23 17:10 - 2014-08-24 17:51 - 00001118 _____ () C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-11-23 17:10 - 2014-08-24 17:51 - 00001088 _____ () C:\Users\Johanna\Desktop\Search.lnk 2014-11-23 17:08 - 2014-09-09 13:12 - 00000000 ____D () C:\Program Files (x86)\App Bud 2014-11-23 17:04 - 2014-09-13 11:55 - 00000000 ____D () C:\Users\Johanna\AppData\Local\CrashDumps 2014-11-23 16:52 - 2013-08-22 14:25 - 00000226 _____ () C:\Windows\win.ini 2014-11-23 15:51 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-11-23 15:50 - 2014-08-06 03:04 - 00000000 ____D () C:\Program Files (x86)\McAfee 2014-11-23 14:42 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-11-23 12:05 - 2014-09-09 13:13 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-11-20 21:51 - 2014-09-09 12:42 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-20 21:51 - 2014-09-09 12:42 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-20 16:10 - 2014-08-24 18:05 - 00003834 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1408899904 2014-11-20 16:10 - 2014-08-24 18:05 - 00001059 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-11-19 11:54 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2014-11-19 11:02 - 2013-08-22 15:44 - 00387328 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-16 18:08 - 2014-09-07 18:41 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-16 18:08 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData 2014-11-16 18:08 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-11-16 18:08 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-16 18:08 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-16 18:08 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-11-16 18:08 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-11-16 13:07 - 2014-08-24 18:44 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-16 13:04 - 2014-09-07 18:29 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-16 13:02 - 2014-09-07 18:29 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-16 12:43 - 2014-08-24 18:41 - 00001037 _____ () C:\Users\Johanna\Desktop\Dropbox.lnk 2014-11-16 12:43 - 2014-08-24 18:16 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-11-08 16:21 - 2014-08-24 18:13 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\Skype 2014-11-08 14:01 - 2014-10-28 18:50 - 00000000 ____D () C:\ProgramData\7975a309-80f8-4422-b6b0-af4fcaf5cd46 2014-11-03 19:21 - 2014-08-06 02:25 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-03 19:21 - 2013-09-03 14:39 - 00763218 _____ () C:\Windows\system32\perfh007.dat 2014-11-03 19:21 - 2013-09-03 14:39 - 00159364 _____ () C:\Windows\system32\perfc007.dat 2014-11-03 19:19 - 2013-08-22 15:46 - 00015421 _____ () C:\Windows\setupact.log 2014-11-01 15:08 - 2014-08-06 02:53 - 00003722 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 2014-11-01 15:08 - 2014-08-06 02:53 - 00003476 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon 2014-10-31 19:38 - 2014-08-06 02:58 - 00000000 ____D () C:\ProgramData\CyberLink 2014-10-30 19:24 - 2014-08-24 18:06 - 00000000 ____D () C:\ProgramData\Adobe 2014-10-30 16:31 - 2014-10-28 10:43 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts 2014-10-30 16:31 - 2014-08-06 02:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-10-30 16:00 - 2014-10-28 12:22 - 00000997 _____ () C:\Users\Public\Desktop\Origin.lnk 2014-10-30 16:00 - 2014-10-28 12:22 - 00000000 ____D () C:\ProgramData\Origin 2014-10-30 16:00 - 2014-10-28 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2014-10-30 16:00 - 2014-10-28 12:21 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-10-30 15:22 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore 2014-10-30 15:22 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer 2014-10-30 15:22 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\FileManager 2014-10-30 15:22 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Camera 2014-10-30 10:31 - 2014-08-06 03:04 - 00000000 ____D () C:\Program Files\Common Files\mcafee 2014-10-29 15:22 - 2014-08-24 18:34 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\Mozilla 2014-10-29 13:31 - 2013-08-22 20:12 - 00000000 ____D () C:\Program Files\Windows Journal 2014-10-29 13:31 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-10-29 13:31 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-10-29 13:31 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\setup 2014-10-29 13:31 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\InputMethod 2014-10-29 13:31 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\setup 2014-10-29 13:31 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\oobe 2014-10-29 12:59 - 2014-08-29 13:56 - 00000000 ____D () C:\Users\Johanna\AppData\Local\Adobe Some content of TEMP: ==================== C:\Users\Johanna\AppData\Local\Temp\BackupSetup.exe C:\Users\Johanna\AppData\Local\Temp\COMAP.EXE C:\Users\Johanna\AppData\Local\Temp\dlLogic.exe C:\Users\Johanna\AppData\Local\Temp\dltr.exe C:\Users\Johanna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvpqinv.dll C:\Users\Johanna\AppData\Local\Temp\GCVerifier.dll C:\Users\Johanna\AppData\Local\Temp\ins9D9A.tmp.exe C:\Users\Johanna\AppData\Local\Temp\installerdll8378515.dll C:\Users\Johanna\AppData\Local\Temp\installerdll8384828.dll C:\Users\Johanna\AppData\Local\Temp\optprosetup.exe C:\Users\Johanna\AppData\Local\Temp\ose00000.exe C:\Users\Johanna\AppData\Local\Temp\post1.exe C:\Users\Johanna\AppData\Local\Temp\post2.dll C:\Users\Johanna\AppData\Local\Temp\post2.exe C:\Users\Johanna\AppData\Local\Temp\Quarantine.exe C:\Users\Johanna\AppData\Local\Temp\rootsupd.exe C:\Users\Johanna\AppData\Local\Temp\Setup.exe C:\Users\Johanna\AppData\Local\Temp\sqlite3.dll C:\Users\Johanna\AppData\Local\Temp\UninstallEADM.dll C:\Users\Johanna\AppData\Local\Temp\vcredist_x64.exe C:\Users\Johanna\AppData\Local\Temp\vcredist_x86.exe C:\Users\Johanna\AppData\Local\Temp\verifier.exe C:\Users\Johanna\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-25 14:17 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01 Ran by Johanna at 2014-11-28 13:50:01 Running from C:\Users\Johanna\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5000 - CDBurnerXP) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP) Dell Product Registration (HKLM-x32\...\{17FFE63C-6734-4950-B488-134B5A2505F7}) (Version: 2.04.0280 - Aviata Inc.) Dell Update (HKLM-x32\...\{66F942CD-BCA2-4D4C-84B8-8B6B09F9CE5D}) (Version: 1.2.1004.0 - Dell Inc.) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.50.56 - Electronic Arts) Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts) Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts) Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts) Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts) Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts) Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts) Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts) Dropbox (HKU\S-1-5-21-1306114221-2738080776-3084928801-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.) DSC/AA Factory Installer (Version: 3.5.6426.22 - PC-Doctor, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.) Google Update Helper (x32 Version: 1.3.23.0 - PriceMeter) Hidden <==== ATTENTION Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation) McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) Mozilla Thunderbird 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.0 (x86 en-US)) (Version: 31.0 - Mozilla) My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.) My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell) My Dell Client Framework (x32 Version: 1.0.0.3 - Dell) Hidden MySafeProxy for Internet Explorer (HKLM-x32\...\{2535ED3F-5ADD-4A65-B07F-82F04C7358E7}) (Version: 1.0.6 - XTRM Group Ltd.) <==== ATTENTION Opera Stable 26.0.1656.24 (HKLM-x32\...\Opera 26.0.1656.24) (Version: 26.0.1656.24 - Opera Software ASA) Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.) paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.232 - Qualcomm Atheros Communications) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.) Shopping Helper Smartbar (HKLM-x32\...\{16F8A832-DD84-4271-8B76-ACADE6DB3968}) (Version: 11.82.63.17791 - ReSoft Ltd.) <==== ATTENTION Skype™ 6.18 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.18.106 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-1306114221-2738080776-3084928801-1001\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1306114221-2738080776-3084928801-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1306114221-2738080776-3084928801-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1306114221-2738080776-3084928801-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1306114221-2738080776-3084928801-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1306114221-2738080776-3084928801-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1306114221-2738080776-3084928801-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1306114221-2738080776-3084928801-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1306114221-2738080776-3084928801-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1306114221-2738080776-3084928801-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 07-11-2014 13:52:55 Scheduled Checkpoint 16-11-2014 11:59:23 Windows Update 23-11-2014 15:26:58 Removed MySafeProxy for Internet Explorer 27-11-2014 17:40:13 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0BD03B63-AE51-4204-B893-279DFAFDAA94} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {40DDD976-6DD4-4B69-8D04-A6DAA864F541} - System32\Tasks\Opera scheduled Autoupdate 1408899904 => C:\Program Files (x86)\Opera\launcher.exe [2014-11-20] (Opera Software) Task: {74BC64DE-57A3-406D-9B4D-202A5B20E6D7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25] (Adobe Systems Incorporated) Task: {7EA815A2-6BF3-47D9-A729-A94363F38976} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {93C6AC38-50EA-43BD-941E-03713910E59C} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink) Task: {941C35F2-8B57-44BF-8B4F-6F74822A7C93} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {9D6FBD4C-AA99-43B4-AC83-FA04A0D7E34D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-09] (AVAST Software) Task: {AD5EA72D-F1D7-44B7-B7BA-57C068B152F7} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc) Task: {BCF4179E-D99E-4EA2-9ACF-4520449BF4C6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-11-16] (Microsoft Corporation) Task: {C8A79AF3-60E3-45EF-A265-93974C31BB94} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.) Task: {D2A4E0BB-6725-43CC-80DF-F440D3222EFD} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.) Task: {D916DF9D-4CFA-48C0-81EE-DA9E7FA569C4} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc) Task: {E10E826E-C912-442F-8A63-08D906E9A095} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-29] (Google Inc.) Task: {F9701AAC-0812-46C0-922D-66935CFBCB5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-29] (Google Inc.) Task: {F9B45DFC-1CCB-4132-A9F0-D57820F5D3E5} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-10] (PC-Doctor, Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-08-06 02:15 - 2014-01-08 01:48 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-08-06 03:08 - 2014-03-12 20:22 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll 2014-08-06 03:08 - 2014-03-12 20:22 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll 2014-01-10 22:53 - 2014-01-10 22:53 - 00016384 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Interfaces.dll 2014-01-10 22:53 - 2014-01-10 22:53 - 00081408 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Objects.dll 2014-01-10 22:53 - 2014-01-10 22:53 - 00815616 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Resources.dll 2014-01-10 23:24 - 2014-01-10 23:24 - 00052736 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Plugins.SelfUpdate.dll 2014-01-10 23:24 - 2014-01-10 23:24 - 00019968 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Common.dll 2013-07-31 05:59 - 2013-07-31 05:59 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-07-31 05:55 - 2013-07-31 05:55 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll 2013-07-31 06:04 - 2013-07-31 06:04 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe 2014-11-23 12:07 - 2014-11-23 12:07 - 00081920 _____ () C:\Program Files\WindowsApps\McAfeeInc.01.McAfeeSecurityAdvisorforDell_4.0.140.1_x64__n49tcsmxt2t2c\McCloudShim.dll 2014-10-31 13:28 - 2014-10-31 13:28 - 00229504 _____ () C:\Program Files\WindowsApps\McAfeeInc.01.McAfeeSecurityAdvisorforDell_4.0.140.1_x64__n49tcsmxt2t2c\McIHART.dll 2014-08-06 03:08 - 2014-04-30 18:35 - 00486880 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe 2014-11-20 16:10 - 2014-11-20 16:09 - 00535160 _____ () C:\Program Files (x86)\Opera\26.0.1656.24\opera_crashreporter.exe 2014-08-26 12:51 - 2014-08-26 12:51 - 01439744 _____ () C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeRevel_1.5.101.6_x64__ynb6jyjzte8ga\AdobeRevel.exe 2013-08-22 08:19 - 2013-08-22 07:54 - 00792064 _____ () C:\Windows\system32\WinMetadata\Windows.UI.Xaml.winmd 2013-08-22 08:19 - 2013-08-22 07:54 - 00134144 _____ () C:\Windows\system32\WinMetadata\Windows.ApplicationModel.winmd 2013-08-22 08:19 - 2013-08-22 07:54 - 00096256 _____ () C:\Windows\system32\WinMetadata\Windows.Storage.winmd 2013-08-22 08:19 - 2013-08-22 07:54 - 00030208 _____ () C:\Windows\system32\WinMetadata\Windows.Foundation.winmd 2013-08-22 08:19 - 2013-08-22 07:54 - 00174592 _____ () C:\Windows\system32\WinMetadata\Windows.UI.winmd 2014-08-26 12:51 - 2014-08-26 12:52 - 00248832 _____ () C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeRevel_1.5.101.6_x64__ynb6jyjzte8ga\ServiceInterface.DLL 2014-08-26 12:51 - 2014-08-26 12:52 - 00062976 _____ () C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeRevel_1.5.101.6_x64__ynb6jyjzte8ga\WichitaModels.winmd 2014-08-26 12:51 - 2014-08-26 12:52 - 25812992 _____ () C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeRevel_1.5.101.6_x64__ynb6jyjzte8ga\WichitaModels.dll 2014-08-26 12:51 - 2014-08-26 12:51 - 01932288 _____ () C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeRevel_1.5.101.6_x64__ynb6jyjzte8ga\core_winrt.dll 2014-08-26 12:51 - 2014-08-26 12:51 - 00246272 _____ () C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeRevel_1.5.101.6_x64__ynb6jyjzte8ga\analytics_winrt.dll 2014-08-26 12:51 - 2014-08-26 12:52 - 00265216 _____ () C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeRevel_1.5.101.6_x64__ynb6jyjzte8ga\imaging_winrt.dll 2014-08-26 12:51 - 2014-08-26 12:52 - 00870912 _____ () C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeRevel_1.5.101.6_x64__ynb6jyjzte8ga\oz_client_winrt.dll 2014-08-26 12:51 - 2014-08-26 12:52 - 00945152 _____ () C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeRevel_1.5.101.6_x64__ynb6jyjzte8ga\wfsqlite_winrt.dll 2014-08-26 12:51 - 2014-08-26 12:52 - 00315904 _____ () C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeRevel_1.5.101.6_x64__ynb6jyjzte8ga\web_winrt.dll 2014-08-26 12:51 - 2014-08-26 12:51 - 00386560 _____ () C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeRevel_1.5.101.6_x64__ynb6jyjzte8ga\AgKernel.dll 2014-08-26 12:51 - 2014-08-26 12:52 - 00005632 _____ () C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeRevel_1.5.101.6_x64__ynb6jyjzte8ga\VideoCore.winmd 2013-08-22 08:19 - 2013-08-22 07:54 - 00054784 _____ () C:\Windows\system32\WinMetadata\Windows.Globalization.winmd 2013-08-22 08:19 - 2013-08-22 07:54 - 00169472 _____ () C:\Windows\system32\WinMetadata\Windows.Devices.winmd 2013-08-22 08:19 - 2013-08-22 07:54 - 00020480 _____ () C:\Windows\system32\WinMetadata\Windows.System.winmd 2014-08-26 12:51 - 2014-08-26 12:52 - 00021504 _____ () C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeRevel_1.5.101.6_x64__ynb6jyjzte8ga\UtilityComponent.winmd 2014-08-26 12:51 - 2014-08-26 12:52 - 00124416 _____ () C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeRevel_1.5.101.6_x64__ynb6jyjzte8ga\OzComponent.winmd 2013-08-22 08:19 - 2013-08-22 07:54 - 00066560 _____ () C:\Windows\system32\WinMetadata\Windows.Security.winmd 2013-08-22 08:19 - 2013-08-22 07:54 - 00050176 _____ () C:\Windows\system32\WinMetadata\Windows.Data.winmd 2013-08-22 08:19 - 2013-08-22 07:54 - 00049664 _____ () C:\Windows\system32\WinMetadata\Windows.Graphics.winmd 2013-08-22 08:19 - 2013-08-22 07:54 - 00112640 _____ () C:\Windows\system32\WinMetadata\Windows.Networking.winmd 2013-08-22 08:19 - 2013-08-22 07:54 - 00121344 _____ () C:\Windows\system32\WinMetadata\Windows.Media.winmd 2014-08-26 12:51 - 2014-08-26 12:52 - 00389632 _____ () C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeRevel_1.5.101.6_x64__ynb6jyjzte8ga\VideoCore.dll 2014-09-09 13:13 - 2014-09-09 13:13 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-11-23 19:07 - 2014-11-23 19:07 - 02903552 _____ () C:\Program Files\AVAST Software\Avast\defs\14112301\algo.dll 2014-11-26 07:46 - 2014-11-26 07:46 - 02903552 _____ () C:\Program Files\AVAST Software\Avast\defs\14112501\algo.dll 2014-09-09 13:13 - 2014-09-09 13:13 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-11-23 19:10 - 2014-11-23 19:10 - 00043008 _____ () c:\users\johanna\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvpqinv.dll 2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Johanna\AppData\Roaming\Dropbox\bin\libcef.dll 2014-08-06 02:59 - 2013-03-05 04:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-03-05 19:41 - 2013-03-05 19:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-04-10 22:30 - 2014-04-10 22:30 - 00134664 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll 2014-02-20 02:51 - 2014-02-20 02:51 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2014-08-06 03:08 - 2013-12-18 01:47 - 01904928 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll 2014-08-06 03:08 - 2012-11-26 07:20 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll 2014-08-06 03:08 - 2012-11-26 07:20 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll 2014-11-20 16:10 - 2014-11-20 16:09 - 00156792 _____ () C:\Program Files (x86)\Opera\26.0.1656.24\message_center_win8.dll 2014-11-20 16:10 - 2014-11-20 16:09 - 01358456 _____ () C:\Program Files (x86)\Opera\26.0.1656.24\libglesv2.dll 2014-11-20 16:10 - 2014-11-20 16:09 - 00219256 _____ () C:\Program Files (x86)\Opera\26.0.1656.24\libegl.dll 2014-11-20 16:10 - 2014-11-20 16:09 - 09312888 _____ () C:\Program Files (x86)\Opera\26.0.1656.24\pdf.dll 2014-11-20 16:10 - 2014-11-20 16:09 - 00991352 _____ () C:\Program Files (x86)\Opera\26.0.1656.24\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1306114221-2738080776-3084928801-500 - Administrator - Disabled) Guest (S-1-5-21-1306114221-2738080776-3084928801-501 - Limited - Disabled) Johanna (S-1-5-21-1306114221-2738080776-3084928801-1001 - Administrator - Enabled) => C:\Users\Johanna ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/28/2014 01:39:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. Error: (11/27/2014 07:18:46 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. Error: (11/27/2014 06:39:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. Error: (11/26/2014 07:50:57 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. Error: (11/26/2014 07:39:00 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. Error: (11/25/2014 05:18:30 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. Error: (11/25/2014 02:39:03 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. Error: (11/25/2014 02:11:29 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. Error: (11/24/2014 06:57:36 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. Error: (11/24/2014 07:39:00 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. System errors: ============= Error: (11/28/2014 01:31:03 PM) (Source: DCOM) (EventID: 10010) (User: JohannasPC) Description: {209500FC-6B45-4693-8871-6296C4843751} Error: (11/27/2014 06:49:52 PM) (Source: DCOM) (EventID: 10010) (User: JohannasPC) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (11/27/2014 06:41:09 PM) (Source: DCOM) (EventID: 10010) (User: JohannasPC) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (11/27/2014 06:40:39 PM) (Source: DCOM) (EventID: 10010) (User: JohannasPC) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (11/27/2014 06:27:13 PM) (Source: Server) (EventID: 2505) (User: ) Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{6491454B-3916-423F-9FB3-7FCCF553179C} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Error: (11/25/2014 02:18:16 PM) (Source: DCOM) (EventID: 10010) (User: JohannasPC) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (11/25/2014 02:17:46 PM) (Source: DCOM) (EventID: 10010) (User: JohannasPC) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (11/24/2014 07:27:33 AM) (Source: DCOM) (EventID: 10010) (User: JohannasPC) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (11/24/2014 07:27:03 AM) (Source: DCOM) (EventID: 10010) (User: JohannasPC) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (11/23/2014 07:11:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246013 fehlgeschlagen: Microsoft Office File Validation Add-in Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz Percentage of memory in use: 33% Total physical RAM: 8143.21 MB Available physical RAM: 5387.37 MB Total Pagefile: 10703.21 MB Available Pagefile: 6666.32 MB Total Virtual: 131072 MB Available Virtual: 131071.8 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:915.38 GB) (Free:837.04 GB) NTFS Drive i: (PBR Image) (Fixed) (Total:13.48 GB) (Free:0.67 GB) NTFS Drive j: (Dell Portable Hard Drive) (Fixed) (Total:931.51 GB) (Free:924.23 GB) NTFS Drive l: (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32 Drive y: (WINRETOOLS) (Fixed) (Total:2 GB) (Free:1.53 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: D2F52B02) Partition: GPT Partition Type. ======================================================== Disk: 5 (Size: 931.5 GB) (Disk ID: 7E166D55) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Das ist soweit erstmal alles, was ich habe. Vielen Dank schonmal im Voraus. Mit freundlichen Grüßen, Johanna15 |
28.11.2014, 14:58 | #2 |
/// the machine /// TB-Ausbilder | Windows 8: Mc Afee entdeckt verschiedene Viren und Trojaner, unter anderem PUP.FNK und PUP.FKS Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
__________________
Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
30.11.2014, 11:48 | #3 |
| Windows 8: Mc Afee entdeckt verschiedene Viren und Trojaner, unter anderem PUP.FNK und PUP.FKS Ich habe alle Arbeitsschritte ausgeführt, hier sind die Logs dazu:
__________________Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 28.11.2014 Scan Time: 17:29:56 Logfile: mbam.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.28.05 Rootkit Database: v2014.11.22.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Johanna Scan Type: Threat Scan Result: Completed Objects Scanned: 326187 Time Elapsed: 9 min, 31 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 3 PUP.Optional.SmartBar, C:\Windows\Installer\MSIE10E.tmp, Delete-on-Reboot, [30f5d8695f1dec4ac89ce74728d87f81], PUP.Optional.SmartBar, C:\Windows\Installer\MSIE10E.tmp, Delete-on-Reboot, [30f5d8695f1dec4ac89ce74728d87f81], PUP.Optional.SmartBar, C:\Windows\Installer\MSIE10E.tmp-\Smartbar.Installer.CustomActions.dll, Delete-on-Reboot, [7da84df43e3e3afc3b29d95554acb14f], Registry Keys: 9 PUP.Optional.TermTutor.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{6CB99040-7828-4C37-AC01-F15758F43E4D}, Quarantined, [b570ad94522a9e98f24f5b6612f04db3], PUP.Optional.MySafeProxy.A, HKLM\SOFTWARE\CLASSES\MySafeProxy.MySafeProxy, Quarantined, [8e97330e8af29e98c808dbe59d657d83], PUP.Optional.MySafeProxy.A, HKLM\SOFTWARE\CLASSES\MySafeProxy.MySafeProxy.1, Quarantined, [d94cbc85e696aa8c448cb0106b9750b0], PUP.Optional.MySafeProxy.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MySafeProxy.MySafeProxy, Quarantined, [d94cbc85e696aa8c448cb0106b9750b0], PUP.Optional.MySafeProxy.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MySafeProxy.MySafeProxy.1, Quarantined, [d94cbc85e696aa8c448cb0106b9750b0], PUP.Optional.FocusBase.A, HKLM\SOFTWARE\WOW6432NODE\focusbase, Quarantined, [170ee0613349a0961520773d35cf9b65], PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTNFD, Quarantined, [95905de485f7a195b67c9db0da292dd3], PUP.Optional.FocusBase.A, HKU\S-1-5-21-1306114221-2738080776-3084928801-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\focusbase, Quarantined, [53d23b063844999d89adf7bdf50f08f8], PUP.Optional.FastStart.A, HKU\S-1-5-21-1306114221-2738080776-3084928801-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, Quarantined, [c461410081fb57dfe0e73814d132c838], Registry Values: 4 PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTNFD|ImagePath, system32\drivers\ttnfd.sys, Quarantined, [95905de485f7a195b67c9db0da292dd3] PUP.Optional.Gameo.A, HKU\S-1-5-21-1306114221-2738080776-3084928801-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Gameo, C:\Users\Johanna\AppData\Roaming\Gameo\gameo.exe "C:\Users\Johanna\AppData\Roaming\Gameo\gameo.dat" mode:minimized, Quarantined, [1c095be6d1ab72c45566f5bb6b992ad6] PUP.Optional.PayByAds.A, HKU\S-1-5-21-1306114221-2738080776-3084928801-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Yahoo! Search, C:\Users\Johanna\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe, Quarantined, [1e07073adba10432ce0e2c1a768dca36] PUP.Optional.FastStart.A, HKU\S-1-5-21-1306114221-2738080776-3084928801-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, Quarantined, [c461410081fb57dfe0e73814d132c838] Registry Data: 2 PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[33f25be61d5f4ceae7912534db2a8a76] PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[8d98ff42097386b0ed8b035614f12ed2] Folders: 20 PUP.Optional.MyStartTB.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\mystarttb, Quarantined, [6fb654ed601c4fe7fd47c84de12250b0], PUP.Optional.MyStartTB.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\mystarttb\apps, Quarantined, [6fb654ed601c4fe7fd47c84de12250b0], PUP.Optional.MyStartTB.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\mystarttb\apps\EULA, Quarantined, [6fb654ed601c4fe7fd47c84de12250b0], PUP.Optional.MyStartTB.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\mystarttb\apps\EULA\net.vmn.www.alexa, Quarantined, [6fb654ed601c4fe7fd47c84de12250b0], PUP.Optional.MyStartTB.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\mystarttb\coupons, Quarantined, [6fb654ed601c4fe7fd47c84de12250b0], PUP.Optional.MyStartTB.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\mystarttb\search, Quarantined, [6fb654ed601c4fe7fd47c84de12250b0], PUP.Optional.MyStartTB.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\mystarttb\weather, Quarantined, [6fb654ed601c4fe7fd47c84de12250b0], PUP.Optional.Extutil.A, C:\Users\Johanna\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [ab7a370a403cb87ea5d3f63145be5fa1], PUP.Optional.Managera.A, C:\Users\Johanna\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [0e1720212854c76fbcbd77b011f28c74], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\AppFramework, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\CanvasFramework, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework-ui, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\icons, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.MySafeProxy.A, C:\Windows\Temp\XTRM Group Ltd, Quarantined, [879eb48d750769cdd47661d8857e57a9], PUP.Optional.MySafeProxy.A, C:\Windows\Temp\XTRM Group Ltd\MySafeProxy, Quarantined, [879eb48d750769cdd47661d8857e57a9], PUP.Optional.MySafeProxy.A, C:\Windows\Temp\XTRM Group Ltd\MySafeProxy\1.0.11.0, Quarantined, [879eb48d750769cdd47661d8857e57a9], PUP.Optional.MySafeProxy.A, C:\Windows\Temp\XTRM Group Ltd\MySafeProxy\1.0.11.0\rollback, Quarantined, [879eb48d750769cdd47661d8857e57a9], PUP.Optional.TermTutor.A, C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com, Quarantined, [58cde061c6b61c1a5e721924af544db3], Files: 112 PUP.Optional.SmartBar, C:\Windows\Installer\MSIE10E.tmp, Delete-on-Reboot, [30f5d8695f1dec4ac89ce74728d87f81], PUP.Optional.SmartBar, C:\Windows\Installer\MSIE10E.tmp-\Smartbar.Installer.CustomActions.dll, Delete-on-Reboot, [7da84df43e3e3afc3b29d95554acb14f], PUP.Optional.Conduit.A, C:\Users\Johanna\AppData\Local\Temp\dlLogic.exe, Quarantined, [db4a69d8ea9259dd00f395ad36ca4eb2], PUP.Optional.Conduit.A, C:\Users\Johanna\AppData\Local\Temp\dltr.exe, Quarantined, [bb6a340dd7a5a98d1cd8c77bc33d3ac6], PUP.Optional.GratifyingApps.A, C:\Users\Johanna\AppData\Local\Temp\ins9D9A.tmp.exe, Quarantined, [47dee061601c0432041dfccaf40d6f91], PUP.Optional.MyPCBackup.A, C:\Users\Johanna\AppData\Local\Temp\BackupSetup.exe, Quarantined, [2ff6a39e7ffd082ec1a4499703fef60a], PUP.Optional.Conduit.A, C:\Users\Johanna\AppData\Local\Temp\verifier.exe, Quarantined, [ff26b68b3e3e231310e460e2e41ce11f], PUP.Optional.Conduit.A, C:\Users\Johanna\AppData\Local\Temp\GCVerifier.dll, Quarantined, [43e256eb5e1e89ad8f63330f8d731de3], PUP.Optional.SmartBar, C:\Users\Johanna\AppData\Local\Temp\MSIA04F.tmp-\Smartbar.Installer.CustomActions.dll, Quarantined, [be6739081e5ee84e40245ad440c038c8], PUP.Optional.MySafeProxy.A, C:\Users\Johanna\AppData\Local\Temp\D69Btmp\msp-bootstrap.exe, Quarantined, [8d983b06720ac96d128bb02440c1a55b], PUP.Optional.SearchHijacker.A, C:\Users\Johanna\AppData\Local\Temp\is45637729\3195990_stp\Aug27_sweet-page.exe, Quarantined, [33f299a80d6f6fc71004734738c9817f], PUP.Optional.MyStartTB.A, C:\Users\Johanna\AppData\Local\Temp\D683tmp\mystarttb_5.4.1.4_sambamedia.exe, Quarantined, [a87d55ec96e6979fcf521549fa0703fd], PUP.Optional.SearchProtect.A, C:\Windows\apppatch\apppatch64\SPVCLdr64.dll, Quarantined, [022373cee49852e452d88c1c52af03fd], PUP.Optional.SmartBar, C:\Windows\Installer\MSIA04F.tmp, Quarantined, [170ee8596b115cdad98b31fd976954ac], PUP.Optional.SnapDo.A, C:\Windows\Installer\b5786.msi, Delete-on-Reboot, [949182bf68142c0a3146366915ec28d8], PUP.Optional.Vitruvian.A, C:\Program Files (x86)\Mozilla Firefox\browser\defaults\preferences\!vitruvian-csp.js, Quarantined, [d352142d146800365ebae957e61d2ad6], PUP.Optional.Vitruvian.A, C:\Program Files (x86)\Mozilla Firefox\defaults\preferences\!vitruvian-csp.js, Quarantined, [a0853809126aee48da3fe858e12229d7], PUP.Optional.MyStart.A, C:\Users\Johanna\AppData\Local\Temp\mystart-manifest.xml, Quarantined, [8b9ad46dbcc0181e78ebcd7c0af939c7], PUP.Optional.MyStart.A, C:\Users\Johanna\AppData\Local\Temp\mystart-toolbar.xml, Quarantined, [bc693f027a02eb4b174dc68338cbc838], PUP.Optional.AppBud.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{e6ca9971-30ed-444a-9489-82fca50b2062}.xpi, Quarantined, [200560e1e69600364fd1bc8f4bb814ec], PUP.Optional.Proxy.A, C:\Users\Johanna\AppData\Local\proxy.log, Quarantined, [52d33110304cd165a61b70e2d231bf41], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bnbaolfhobbbokdcmfiplbokkokobjgc_0.localstorage, Quarantined, [a77e5de46d0f5bdb1bdce272649fca36], PUP.Optional.FocusBase.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{2b929fe1-284b-4766-afb9-19b0915b99b0}.xpi, Quarantined, [ec39e55ca1dbb97dac570951bd4621df], PUP.Optional.MyStartTB.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\mystarttb.xml, Quarantined, [e83d9fa2fe7e68cedf9c691662a1c937], PUP.Optional.SweetPage.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweet-page.xml, Quarantined, [65c07ac75e1e86b01d862188c73df20e], PUP.Optional.SearchProtect, C:\Windows\apppatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Quarantined, [1411b28fb2ca79bdb99cc9f039cb6e92], PUP.Optional.ReMarkable.A, C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Quarantined, [8e97350cc4b87bbbaf8c0eac976d6a96], PUP.Optional.ReMarkable.A, C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Quarantined, [fc2992af1567d5616bd05c5e7c889f61], PUP.Optional.MyStartTB.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\mystarttb\alert.json, Quarantined, [6fb654ed601c4fe7fd47c84de12250b0], PUP.Optional.MyStartTB.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\mystarttb\geodata.xml, Quarantined, [6fb654ed601c4fe7fd47c84de12250b0], PUP.Optional.MyStartTB.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\mystarttb\guid.dat, Quarantined, [6fb654ed601c4fe7fd47c84de12250b0], PUP.Optional.MyStartTB.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\mystarttb\preferences.dat, Quarantined, [6fb654ed601c4fe7fd47c84de12250b0], PUP.Optional.MyStartTB.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\mystarttb\stats.dat, Quarantined, [6fb654ed601c4fe7fd47c84de12250b0], PUP.Optional.MyStartTB.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\mystarttb\uninstallFF.dat, Quarantined, [6fb654ed601c4fe7fd47c84de12250b0], PUP.Optional.MyStartTB.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\mystarttb\version.xml, Quarantined, [6fb654ed601c4fe7fd47c84de12250b0], PUP.Optional.MyStartTB.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\mystarttb\weatherbutton_prefs.xml, Quarantined, [6fb654ed601c4fe7fd47c84de12250b0], PUP.Optional.MyStartTB.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\mystarttb\apps\EULA\net.vmn.www.alexa\AlexaAppEULA.txt, Quarantined, [6fb654ed601c4fe7fd47c84de12250b0], PUP.Optional.MyStartTB.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\mystarttb\coupons\merchants.txt, Quarantined, [6fb654ed601c4fe7fd47c84de12250b0], PUP.Optional.MyStartTB.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\mystarttb\coupons\notifications.dat, Quarantined, [6fb654ed601c4fe7fd47c84de12250b0], PUP.Optional.MyStartTB.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\mystarttb\search\mystarttb-search-history.xml, Quarantined, [6fb654ed601c4fe7fd47c84de12250b0], PUP.Optional.MyStartTB.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\mystarttb\weather\65cb65af5c80b49bae5aeea84ccbf584, Quarantined, [6fb654ed601c4fe7fd47c84de12250b0], PUP.Optional.MyStartTB.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\mystarttb\weather\f402b901d6bccb492c9fcd83d0b74fad, Quarantined, [6fb654ed601c4fe7fd47c84de12250b0], PUP.Optional.MyStartTB.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\mystarttb\weather\forecasts_cache.xml, Quarantined, [6fb654ed601c4fe7fd47c84de12250b0], PUP.Optional.MyStartTB.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\mystarttb\weather\observations_cache.xml, Quarantined, [6fb654ed601c4fe7fd47c84de12250b0], PUP.Optional.Extutil.A, C:\Users\Johanna\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, Quarantined, [ab7a370a403cb87ea5d3f63145be5fa1], PUP.Optional.Extutil.A, C:\Users\Johanna\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, Quarantined, [ab7a370a403cb87ea5d3f63145be5fa1], PUP.Optional.Extutil.A, C:\Users\Johanna\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Quarantined, [ab7a370a403cb87ea5d3f63145be5fa1], PUP.Optional.Managera.A, C:\Users\Johanna\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, Quarantined, [0e1720212854c76fbcbd77b011f28c74], PUP.Optional.Managera.A, C:\Users\Johanna\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Quarantined, [0e1720212854c76fbcbd77b011f28c74], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\background.html, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\bootstrap.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\chrome.manifest, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\extension_info.json, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\install.rdf, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\AppFramework\appAPI_bg.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\AppFramework\appAPI_browseraction.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\AppFramework\appAPI_common.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\AppFramework\appAPI_content.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\AppFramework\appAPI_settings.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\AppFramework\appAPI_webrequest.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\AppFramework\jquery.min.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\CanvasFramework\canvasscript_engine.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\CanvasFramework\canvas_bg.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\CanvasFramework\md5.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\CanvasFramework\registry.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\CanvasFramework\webrequest.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework\backgroundscript_engine.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework\base.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework\browser.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework\chrome_windows.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework\console.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework\content_proxy.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework\framework.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework\i18n.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework\invoke_async.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework\io.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework\lang.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework\legacy.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework\message_target.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework\messaging.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework\storage.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework\timer.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework\uninstall.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework\userscript_client.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework\userscript_engine.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework\utils.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework\xhr.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework-ui\browser_button.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework-ui\contentNotification.tmpl, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework-ui\contentNotificationStyle.tmpl, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework-ui\content_notifications.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework-ui\context_menu.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework-ui\framework_api.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework-ui\notifications.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework-ui\options.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\framework-ui\ui_base.js, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\icons\button.png, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\icons\icon100.png, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\icons\icon128.png, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\icons\icon32.png, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.BrowseSafe.A, C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{1D10EB57-E111-EA32-C58F-B1EAAEAE1962}\icons\icon48.png, Quarantined, [51d473ce057791a50d63230ab54e13ed], PUP.Optional.MySafeProxy.A, C:\Windows\Temp\XTRM Group Ltd\MySafeProxy\1.0.11.0\AddonINFDE-54203497dc421.exe, Quarantined, [879eb48d750769cdd47661d8857e57a9], PUP.Optional.MySafeProxy.A, C:\Windows\Temp\XTRM Group Ltd\MySafeProxy\1.0.11.0\updatefile.xml, Quarantined, [879eb48d750769cdd47661d8857e57a9], PUP.Optional.TermTutor.A, C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com\bootstrap.js, Quarantined, [58cde061c6b61c1a5e721924af544db3], PUP.Optional.TermTutor.A, C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com\browser.js, Quarantined, [58cde061c6b61c1a5e721924af544db3], PUP.Optional.TermTutor.A, C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com\browser.xul, Quarantined, [58cde061c6b61c1a5e721924af544db3], PUP.Optional.TermTutor.A, C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com\chrome.manifest, Quarantined, [58cde061c6b61c1a5e721924af544db3], PUP.Optional.TermTutor.A, C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com\icon-48.png, Quarantined, [58cde061c6b61c1a5e721924af544db3], PUP.Optional.TermTutor.A, C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com\icon-64.png, Quarantined, [58cde061c6b61c1a5e721924af544db3], PUP.Optional.TermTutor.A, C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com\install.rdf, Quarantined, [58cde061c6b61c1a5e721924af544db3], PUP.Optional.TermTutor.A, C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com\plugin-api.js, Quarantined, [58cde061c6b61c1a5e721924af544db3], PUP.Optional.Conduit, C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "suggest_url": "hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}",), Replaced,[e243e35e99e363d3989de6aa7e875aa6] Physical Sectors: 0 (No malicious items detected) (end) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.102 - Report created 28/11/2014 at 18:41:13 # Updated 23/11/2014 by Xplode # Database : 2014-11-27.1 [Live] # Operating System : Windows 8.1 (64 bits) # Username : Johanna - JOHANNASPC # Running from : C:\Users\Johanna\Desktop\AdwCleaner_4.102.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files (x86)\App Bud ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Mozilla Firefox v31.0 (x86 en-US) -\\ Google Chrome v37.0.2062.103 -\\ Opera v26.0.1656.24 ************************* AdwCleaner[R0].txt - [35084 octets] - [23/11/2014 17:06:46] AdwCleaner[R1].txt - [1020 octets] - [28/11/2014 18:39:58] AdwCleaner[S0].txt - [33073 octets] - [23/11/2014 17:08:12] AdwCleaner[S1].txt - [898 octets] - [28/11/2014 18:41:13] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [957 octets] ########## JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.0 (11.29.2014:1) OS: Windows 8.1 x64 Ran by Johanna on 30.11.2014 at 11:34:05,46 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util focusbase ~~~ Files Successfully deleted: [File] "C:\Windows\wininit.ini" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\pcdr" Successfully deleted: [Folder] "C:\Users\Johanna\AppData\Roaming\pcdr" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 30.11.2014 at 11:37:43,89 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Außerdem habe ich gestern ein Pop-Up von Avast! bemerkt, in dem eine Anwendung (ich glaube sie hieß irgendwas mit "malware-gen") von Avast! blockiert wurde. Mit freundlichen Grüßen, Johanna15 |
30.11.2014, 17:43 | #4 |
/// the machine /// TB-Ausbilder | Windows 8: Mc Afee entdeckt verschiedene Viren und Trojaner, unter anderem PUP.FNK und PUP.FKSESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.12.2014, 19:47 | #5 |
| Windows 8: Mc Afee entdeckt verschiedene Viren und Trojaner, unter anderem PUP.FNK und PUP.FKS Okay, ich habe die Schritte ausgeführt, allerdings wollte SecurityCheck nicht das machen, was es vermutlich machen sollte, doch dazu mehr beim Log. ESET Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=4b6acc701a72054790eb22e2ba230a5a # engine=21347 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-12-02 01:29:32 # local_time=2014-12-02 02:29:32 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 100 94 5190330 7262209 0 0 # compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware' # compatibility_mode=5129 16777214 100 97 2847946 103913188 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 1369268 22343740 0 0 # scanned=244029 # found=149 # cleaned=0 # scan_time=66969 sh=9C74333DA903F89893748FE7E29BEC9AAFC3D83C ft=1 fh=1dafef2fd447f501 vn="Variante von Win32/BrowseFox.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Bud\AppBudBHO.dll.vir" sh=A4E37A9F9F6DC2CEF5796646C7CAB09B94F00005 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Bud\nkgehohdeddilafacnmjbjlnkomcneoi.crx.vir" sh=8840C7857F0F5BFEB9B7A9EB0057AB2133583581 ft=1 fh=e8b626984cfa6e89 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Bud\updateAppBud.exe.vir" sh=67C1384BCBF0E8FD4F63658C0D5E6CC599F4097E ft=1 fh=218f13f1f928ed6d vn="Variante von Win32/BrowseFox.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Bud\bin\AppBud.BOASHelper.exe.vir" sh=D5C42E5E4D356E8C360E1B252E7F292B0CC88256 ft=1 fh=de7978c470b91e2f vn="Variante von Win32/BrowseFox.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Bud\bin\AppBud.BrowserAdapter.exe.vir" sh=BC6ED9C79DC7BB05ED206C1AD73277AD589000B0 ft=1 fh=456f6d0eb9cdcdb5 vn="Variante von Win64/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Bud\bin\AppBud.BrowserAdapter64.exe.vir" sh=1F1338C36029CEE75A99FDE161FFEF097724F6F0 ft=1 fh=25b166b36cd4a8b6 vn="Variante von Win64/BrowseFox.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Bud\bin\AppBud.PurBrowse64.exe.vir" sh=4E5C61E9E1C0CBBB66685D3588051CB339CAF4EE ft=1 fh=41a2de530d45ab0a vn="Variante von Win32/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Bud\bin\e6ca997130ed444a9489.dll.vir" sh=3070385A97D2737DF577AE9BA55153B8E34A5AAB ft=1 fh=94caa3ebe822504c vn="Variante von Win64/BrowseFox.CI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Bud\bin\e6ca997130ed444a948964.dll.vir" sh=8840C7857F0F5BFEB9B7A9EB0057AB2133583581 ft=1 fh=e8b626984cfa6e89 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Bud\bin\utilAppBud.exe.vir" sh=F7B83CC065107BC08848C0C78FFEDD7A1C234485 ft=1 fh=fa55b7b915f32abd vn="Variante von Win32/BrowseFox.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Bud\bin\{e6ca9971-30ed-444a-9489-82fca50b2062}.dll.vir" sh=0F95D6F6E92CADC1B3D03A196DA31AF2AAC73C86 ft=1 fh=e1ac27fdbc1965ee vn="Variante von Win64/BrowseFox.CH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Bud\bin\{e6ca9971-30ed-444a-9489-82fca50b2062}64.dll.vir" sh=9C3BE640D7FE2FE2E63C31253315AA439D2759EC ft=1 fh=c1b3a9cb9eb1a475 vn="Variante von Win64/BrowseFox.BN evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Bud\bin\plugins\AppBud.BOAS.dll.vir" sh=04C28A3CC246703669FC81855D6E148ED79D8A8D ft=1 fh=c0d16481c3c633f0 vn="Variante von Win64/BrowseFox.BN evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Bud\bin\plugins\AppBud.Bromon.dll.vir" sh=DE1334D0F20C5B8872685133F5E888CD682EF5B6 ft=1 fh=72682ed3511f6a80 vn="Variante von Win64/BrowseFox.BN evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Bud\bin\plugins\AppBud.BroStats.dll.vir" sh=ABFDA7C844B149632382F85A0DAD6428A7740DBF ft=1 fh=ad944b1a22a6b3e8 vn="Variante von Win64/BrowseFox.BN evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Bud\bin\plugins\AppBud.BrowserAdapter.dll.vir" sh=2B71D158DD1D6B308FF83B50AAC232F1C592C45D ft=1 fh=7eb27d8b78784e03 vn="Variante von Win64/BrowseFox.BN evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Bud\bin\plugins\AppBud.BRT.dll.vir" sh=0EF7114455321FA8C5DA2D3D38F1FFDD9AB58855 ft=1 fh=93bb44e85d48f607 vn="Variante von Win64/BrowseFox.BN evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Bud\bin\plugins\AppBud.CompatibilityChecker.dll.vir" sh=9144D5AF552A4DDA90DF767B6D783B977506C901 ft=1 fh=5ba950a99a5bffef vn="Variante von Win64/BrowseFox.BN evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Bud\bin\plugins\AppBud.DspSvc.dll.vir" sh=07C2EE25D3611A10E97CE83D439A9F17B10D4249 ft=1 fh=c8f2dea683c103fc vn="Variante von Win64/BrowseFox.BN evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Bud\bin\plugins\AppBud.FFUpdate.dll.vir" sh=BA52EB9E30BEFF932233BAE001894001D07AE6C8 ft=1 fh=a1562ab4ef8510c7 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Bud\bin\plugins\AppBud.GCUpdate.dll.vir" sh=F7F5A2BBBC146F14783543C20FD8265265F372B9 ft=1 fh=5b3a1b8f38627d50 vn="Variante von Win64/BrowseFox.BN evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Bud\bin\plugins\AppBud.IEUpdate.dll.vir" sh=FC192205055776180EBB928285F890C31569DB43 ft=1 fh=baaf019adf908c0b vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Bud\bin\plugins\AppBud.Msvcmon.dll.vir" sh=02FB1B100618BE7EA987DF95921774266EFE1EF9 ft=1 fh=d08615cc0af3e8bc vn="Variante von Win64/BrowseFox.BN evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Bud\bin\plugins\AppBud.OfSvc.dll.vir" sh=52233AC0CF2D82C4819C1950F71FECE2B28257C1 ft=1 fh=1501c1218a4bd938 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Bud\bin\plugins\AppBud.PurBrowse.dll.vir" sh=E034C98060D18F8E856D24A3FA03B49C44367B07 ft=1 fh=08098aa2d24c6b93 vn="Variante von Win64/BrowseFox.BN evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Bud\bin\plugins\AppBud.Repmon.dll.vir" sh=0FADB783C6C38284E5819BCADED2A1C50503F7AF ft=1 fh=fcdd72b19b62f8d2 vn="Win32/AdWare.SmartApps.E Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Bench\BService\1.1\bhelper.dll.vir" sh=7BB9B28A48C61080F08A506BCE180EC51A3F36A7 ft=1 fh=973e2ab75d54163d vn="Win32/AdWare.SmartApps.E Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Bench\Proxy\cl.exe.vir" sh=558B9F18F39F980BB52F023D2AEFE3522591AAE9 ft=1 fh=44b5e41c0a9f2e66 vn="Win32/AdWare.SmartApps.E Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Bench\Wd\wd.exe.vir" sh=F3E2A81FC1F64AE23D73333153FAC3EA3507547F ft=1 fh=0be07d2b81338b0f vn="Variante von Win32/AdWare.SmartApps.H Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Browse Safe\FrameworkBHO.dll.vir" sh=BACB089BA98F8B3E48AFE80DBAABF3F0CCF92AD8 ft=1 fh=d82c468a73ae11bb vn="Variante von Win32/AdWare.SmartApps.H Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Browse Safe\FrameworkBHO64.dll.vir" sh=2F697424B0E642A54BF6E4D56A4BCA04CA7B48D2 ft=1 fh=c36b118ebb0f1983 vn="Win32/AdWare.SmartApps.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Browse Safe\FrameworkEngine.exe.vir" sh=C7CAE66C6E1B647D02DB31A30659948A103F456A ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\focusbase\oedbdopeomhfdadjfjalggcfjnfkilbn.crx.vir" sh=1E06388A527CB15BD22FCD89ADE4F797C4C586C9 ft=1 fh=ceb1126e28d28e7e vn="Variante von Win32/BrowseFox.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\focusbase\bin\focusbase.BOAS.exe.vir" sh=968079DB8592B490A1CC9E066DE81C7F34114B50 ft=1 fh=3eb87242263a9d99 vn="Variante von Win32/BrowseFox.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\focusbase\bin\focusbase.BOASPRT.exe.vir" sh=7024560BD3AFB7AB5A27B2B672BC5C244F8C5919 ft=1 fh=687f6d927a64d49d vn="Variante von Win64/BrowseFox.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\focusbase\bin\plugins\focusbase.Bromon.dll.vir" sh=21956A98C370896148A3A0E05538CEA4BFEF18A8 ft=1 fh=c6f4b4ce0b75e6b1 vn="Variante von Win64/BrowseFox.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\focusbase\bin\plugins\focusbase.BroStats.dll.vir" sh=517B02D3EEDAEAA484C95D24F975EE35AA9EF082 ft=1 fh=97b1ba6c4df0da22 vn="Variante von Win64/BrowseFox.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\focusbase\bin\plugins\focusbase.BrowserAdapter.dll.vir" sh=D075DBEF70E0C08FECE2FAECA0D68926417C851C ft=1 fh=fe9ccd00ad0a4d97 vn="Variante von Win64/BrowseFox.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\focusbase\bin\plugins\focusbase.FFUpdate.dll.vir" sh=9C0E1074595396560A7097B40627BBA5E1DF4E5C ft=1 fh=0960754f4eee4dcd vn="Variante von MSIL/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\focusbase\bin\plugins\focusbase.GCUpdate.dll.vir" sh=DA5FB42ACFBB25E7C08C8485126205916B51CE92 ft=1 fh=761e7df309291ae1 vn="Variante von Win64/BrowseFox.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\focusbase\bin\plugins\focusbase.IEUpdate.dll.vir" sh=3D1923EA525A72E031CCDAB642BA41CAF8414FF4 ft=1 fh=0ccbcd4a7933cf66 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\focusbase\bin\plugins\focusbase.Msvcmon.dll.vir" sh=1AAE05759646CEC07F2A08B7CFBA93C96585FF59 ft=1 fh=30bdeaf3a45765bd vn="Variante von MSIL/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\focusbase\bin\plugins\focusbase.PurBrowse.dll.vir" sh=7C4B58BDFF545E877AB9F27B01C1E4127143FC95 ft=1 fh=3c79e2e1058d2cb8 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mystarttb\dtuser.exe.vir" sh=8646338350283200A0C1DC8BC13AD5C7252C60F0 ft=1 fh=dfe9f7be40c54c34 vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mystarttb\mystartDx.dll.vir" sh=4622C21B6BFF84CC3DFE342A96968DAF2808CBBA ft=1 fh=ebc6ea0c8084b513 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mystarttb\mystarttb.dll.vir" sh=B053662DF60BC86E87201FFFA40D1784DB85CE9D ft=1 fh=c6a22e88dc88a6c2 vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.vir" sh=2EFF65173426CA303DEC447D66028552629836D5 ft=1 fh=c558ef1fba628ede vn="Variante von Win32/SProtector.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrash.dll.vir" sh=E0B82A0B9AFC76932FFDCA4135D8A3F4F5380C60 ft=1 fh=2a6536f89befb737 vn="Variante von Win32/Adware.SpeedingUpMyPC.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe.vir" sh=4F2D43FFB1775DFE2101529769637B9741E2D473 ft=1 fh=7bf72ba7e7e381f9 vn="MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\systweakasp.exe.vir" sh=58807952BB234090B1AAA00A6BACA12FAC3988BB ft=1 fh=87db562cf8411ab0 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir" sh=C2B0A401F2F9F819A3AD01F684906391EC3FE980 ft=1 fh=736419a4758c9f56 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir" sh=8D773D84F543A7230DB4F6C6469196EA0059C9EC ft=1 fh=f189fb1a55e354f2 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir" sh=4139F95644E13A650D4827C943BCC9F2F0F6AA93 ft=1 fh=3b96e1736604b8bc vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir" sh=64A2135BBAC2965504FEBD0704E1E772FF56C808 ft=1 fh=52d7ef4c172e8316 vn="Variante von Win32/AdWare.Vitruvian.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TermTutor\IE\TermTutorClientIE.dll.vir" sh=C0432B4C993A20388EDEE793E0FEC369AF1FD87F ft=1 fh=966ece101a06911f vn="Win32/Wajam.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\Wajam Internet Enhancer\setup.exe.vir" sh=9C6C68EFAE364FC17008C32848E148F86D468C99 ft=1 fh=c71c0011e4b098f3 vn="Variante von Win32/ELEX.BC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir" sh=E6518A880C5F3561340310F468A8FC3AE379C2DE ft=1 fh=a4ca820ae10b1ce4 vn="Win32/AdWare.SmartApps.E Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Browse Safe\storageedit.exe.vir" sh=E7284574F4C8633B099653CB78540D769178B453 ft=1 fh=ab2f07a8c6603523 vn="Win32/Adware.SmartApps.K Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Browse Safe\uninstall.exe.vir" sh=25100E772FE5BCE0D3D8CD8D1809733EF92F2C75 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkgehohdeddilafacnmjbjlnkomcneoi\1.0.1_0\background.js.vir" sh=CF31F7A0DAA6C88699867B37FD231B89E4DBD0A9 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkgehohdeddilafacnmjbjlnkomcneoi\1.0.1_0\content.js.vir" sh=075E41A9F2375DBD4EDF5163E7AF5743C2F2B836 ft=1 fh=20e59941a5cad89d vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\LPT\lrrot.dll.vir" sh=6F9717235039575412DD3E93A80EEA8200D1E624 ft=1 fh=f65a870c9efe7a2a vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir" sh=9CB7D8C822680B0225F5FE705C38876E873A77B7 ft=1 fh=dbf17d495aa00408 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\LPT\sppsm.dll.vir" sh=4C0977C2F2822899D0E47702AA99BF4B2BEDA66A ft=1 fh=025e5e3192e6617a vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\LPT\spusm.dll.vir" sh=A924C1FC2A64C63242FD8AF10431752CB69EE2C2 ft=1 fh=09d9f26e827cce90 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\LPT\srbs.dll.vir" sh=76906205B3E2894D09BE042DA6DA253B4A5640BA ft=1 fh=5cf3bf0fcea2bd34 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\LPT\srbu.dll.vir" sh=185B3997413E82CF4EBE3F2EC6950C6896C1F7E5 ft=1 fh=94e00258fa550700 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\LPT\srpt.dll.vir" sh=DB35C0408DB2C627E93EF13DE5B91E3CA7B9935E ft=1 fh=819f7ce55d4a3de5 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\LPT\srptc.dll.vir" sh=D6F54120CC4704005D3DEA373D5187F547DF08DB ft=1 fh=c71c0011033ac8fe vn="Variante von Win32/Toolbar.Montiera.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\pay-by-ads\Yahoo! Search\1.3.15.4\chromext.dll.vir" sh=88209B8E5BA98ACCBDC814D2AB65BAA060AA6DCD ft=1 fh=a006d28cea11efa8 vn="Variante von Win32/Toolbar.Montiera.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\pay-by-ads\Yahoo! Search\1.3.15.4\dsrsetup.exe.vir" sh=E37C27746F0B52BE98798A7504A05381A2E03CF3 ft=1 fh=c71c00119a2bb519 vn="Variante von Win32/Toolbar.Montiera.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\pay-by-ads\Yahoo! Search\1.3.15.4\firefoxt.dll.vir" sh=434FE6414D55E89D2979CC3120DE9890F5C1AB26 ft=1 fh=079a266c2ec07afd vn="Variante von Win32/DealPly.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\PriceMeter\pricemeter.exe.vir" sh=7A1C1D9CD254FB2FA037E1FD660E4EA8A253113B ft=1 fh=ea57897da5180217 vn="Variante von Win32/DealPly.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\PriceMeter\pricemeterd.exe.vir" sh=8E69EEC090A9E1F7A298BAB1C34CC73FD033EB8F ft=1 fh=ce645f89f6913931 vn="Variante von Win32/DealPly.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\PriceMeter\pricemeterw.exe.vir" sh=D3179022F6F8FAF94B1046B3532F7363305EE358 ft=1 fh=6d3596cd0d6be430 vn="Variante von Win32/DealPly.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\PriceMeter\uninst.exe.vir" sh=075E41A9F2375DBD4EDF5163E7AF5743C2F2B836 ft=1 fh=20e59941a5cad89d vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Smartbar\Application\lrrot.dll.vir" sh=B6D5BDC90B707AB897AC7585B28D5A14094D16D3 ft=1 fh=c5f24a9abc75e0d7 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll.vir" sh=7C6C8DD1342747EAF9576112BBEEB8FB4C21E63E ft=1 fh=53d26129d1517eac vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll.vir" sh=DFAC784A39838ACA751FC814780850A3D30C6371 ft=1 fh=71ce13b8b9d22f9e vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll.vir" sh=EDBFF9AFB2B1486DB73D2DA3A49D3B37AAE502BF ft=1 fh=f7dc2a29546ea12f vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll.vir" sh=0B97300AC278BD6DEFA6713FFB465DB54102C474 ft=1 fh=5e23809c9a29a418 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll.vir" sh=6F9717235039575412DD3E93A80EEA8200D1E624 ft=1 fh=f65a870c9efe7a2a vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir" sh=BB611D7BBAE692F00A315A6288BA50FBE66AB017 ft=1 fh=3053563e36b1d685 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir" sh=BB611D7BBAE692F00A315A6288BA50FBE66AB017 ft=1 fh=3053563e36b1d685 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir" sh=42BCACA89908BBE96CA8AA749414E411B6B0D587 ft=1 fh=9c66da23b0e6b5a1 vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir" sh=42BCACA89908BBE96CA8AA749414E411B6B0D587 ft=1 fh=9c66da23b0e6b5a1 vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir" sh=4A0612676863ECE3ADDFCEE1C36687B7706E4A78 ft=1 fh=27c1e6ba52f3daf4 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Smartbar\Application\smta.dll.vir" sh=8B01032252D4D076E975F9CFF703E96F3F6B3D2A ft=1 fh=a18cf7223c1e442f vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Smartbar\Application\smtu.dll.vir" sh=268AA200863EF2B3DC3AC319B1150DB2EC3F47D9 ft=1 fh=76e006bd8d267a72 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Smartbar\Application\spbe.dll.vir" sh=7D603B480A279853992FB76310DF57AC528BDDB8 ft=1 fh=0a8ecaab27011368 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Smartbar\Application\spbl.dll.vir" sh=9CB7D8C822680B0225F5FE705C38876E873A77B7 ft=1 fh=dbf17d495aa00408 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Smartbar\Application\sppsm.dll.vir" sh=4C0977C2F2822899D0E47702AA99BF4B2BEDA66A ft=1 fh=025e5e3192e6617a vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Smartbar\Application\spusm.dll.vir" sh=BC0C9FC763B48727FD06E985FCFD17DF9681F739 ft=1 fh=52da7af004e6d7ff vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Smartbar\Application\srau.dll.vir" sh=A924C1FC2A64C63242FD8AF10431752CB69EE2C2 ft=1 fh=09d9f26e827cce90 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Smartbar\Application\srbs.dll.vir" sh=76906205B3E2894D09BE042DA6DA253B4A5640BA ft=1 fh=5cf3bf0fcea2bd34 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Smartbar\Application\srbu.dll.vir" sh=8872ED203B70E7664DE99E8B187F940EF4FAD98B ft=1 fh=928fcd38a9b0ea57 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Smartbar\Application\srpu.dll.vir" sh=382B66F3197F6EAF3A28D73FF89047333F46CCFA ft=1 fh=ac5b30cdcc188827 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir" sh=0F471487AE6B71DC612987E9D60BA92BA2F53EF6 ft=1 fh=157500865f54afbd vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_25.dll.vir" sh=F91479B4D5D35AF13840AD77EDF3233D92409416 ft=1 fh=d6a695c8ffabdf98 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_26.dll.vir" sh=F13585922C1DE9717F25CB4CD774ACAB0F9C24FC ft=1 fh=cf6c8d88423b2499 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_27.dll.vir" sh=677E6420AA7EFEE73980EB906BEA9C2EAD0F02C9 ft=1 fh=6d4be5b0bfd794b0 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_28.dll.vir" sh=05D74759F3A9DB5B7664FBB744EC993D7130529C ft=1 fh=7149c4294690d160 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_29.dll.vir" sh=FF8EFDB0A93A0A9AE202B85B34F793B5CA23E844 ft=1 fh=43c6da0c808b8b3a vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_30.dll.vir" sh=66ADA88AB4ACDBE437EA802466F8BF2FB320D72B ft=1 fh=6d9cdc81cba715dd vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\Extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\dtuser.exe.vir" sh=272B270A8046E18846617D6090DCB7C3C49DEB35 ft=1 fh=115545687db4edda vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\Extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\mystarttb.dll.vir" sh=9E77E1D2FD7B77B0FD8A71A70C35DD5A16836CF3 ft=1 fh=b241df9fafd25e77 vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johanna\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir" sh=074EA67B4EC2DEA31E0FFA8DBE54C4DA511A5454 ft=1 fh=684ae25934125c17 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir" sh=45816DC9611D1C1F436C8719125C620B50CA32DF ft=1 fh=24446efefb4f46a4 vn="Variante von Win64/Riskware.NetFilter.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}w64.sys.vir" sh=278EE35195AE43C347F49D0CA496433998E23DD4 ft=1 fh=212c5df74415422e vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\EmailNotifier\dtuser\dtUser.exe" sh=278EE35195AE43C347F49D0CA496433998E23DD4 ft=1 fh=212c5df74415422e vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\EmailNotifier\dtuser\dtUser.exe" sh=8F667E4BC84FCBF0AC3ED22CFB7A69C660E7CC43 ft=1 fh=52851530cf4d2746 vn="Win32/AnyProtect.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Johanna\AppData\Local\nsh9414.tmp" sh=B9CC952AD46449E26DBCAB86B1BBD91F1BE6AEA9 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\oedbdopeomhfdadjfjalggcfjnfkilbn\1.0.1_0\background.js" sh=2EEE47E79077CF26A52A00B67FA15D9F13FFA1D1 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\oedbdopeomhfdadjfjalggcfjnfkilbn\1.0.1_0\content.js" sh=2C0059CD8B4F2F6324364E0DB923B0006A402ACE ft=1 fh=0c7b02e5bf62ddaf vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Johanna\AppData\Local\Temp\ICReinstall_nsg9F28.tmp" sh=56D91484B3B42D86A85C945EAEC00273B5627A00 ft=1 fh=dbb9052ecd0fa7cb vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Johanna\AppData\Local\Temp\ICReinstall_nso793E.tmp" sh=0D36C93C9EE44AC1920934FC0AD26E756CAD3692 ft=1 fh=b89a51647cb4713b vn="Variante von Win32/InstallCore.OZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Johanna\AppData\Local\Temp\nsf9A25.tmp" sh=2C0059CD8B4F2F6324364E0DB923B0006A402ACE ft=1 fh=0c7b02e5bf62ddaf vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Johanna\AppData\Local\Temp\nsg9F28.tmp" sh=B51F1A778995515810B3D0F854B5C255B3564A8D ft=1 fh=aa6412a4e1799f56 vn="Variante von Win32/InstallCore.OZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Johanna\AppData\Local\Temp\nsmA254.tmp" sh=56D91484B3B42D86A85C945EAEC00273B5627A00 ft=1 fh=dbb9052ecd0fa7cb vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Johanna\AppData\Local\Temp\nso793E.tmp" sh=C93D6EE3E1E6E83C977B72CA6C3E7470775B4C38 ft=1 fh=32ce029873cf3c41 vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Johanna\AppData\Local\Temp\nsw4792.tmp" sh=EBF1D052C13B9F415AFE09541BDAB68F37429922 ft=1 fh=c9dedb6e21153ace vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Johanna\AppData\Local\Temp\optprosetup.exe" sh=E7BB0FE13D52E217284088237A12B8552D5E1247 ft=1 fh=c71c00112042e479 vn="Variante von Win32/Adware.AddLyrics.CL Anwendung" ac=I fn="C:\Users\Johanna\AppData\Local\Temp\post1.exe" sh=52817885D9125B4B1335FBB915C1A1EA733853A9 ft=1 fh=d8eec6a8320d4d6e vn="Win32/Adware.SpeedingUpMyPC.T Anwendung" ac=I fn="C:\Users\Johanna\AppData\Local\Temp\D697tmp\superoptimizersetup.exe" sh=6EEB18AC36BE83230BE207B57FFE786BEA2611E3 ft=1 fh=3bba947735751940 vn="Win32/VOPackage.X evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Johanna\AppData\Local\Temp\is45637729\1902360_stp\Generic_vo.exe" sh=9154BEEC20B3E1B6C352045463328324F1BFEAAB ft=1 fh=f9465cf6db13493e vn="Win32/VOPackage.X evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Johanna\AppData\Local\Temp\is45637729\3195634_stp\Generic_vo.exe" sh=2B33AFC3F7CB2C9647F4AC6C29AAE07ADE3159B8 ft=1 fh=1ecf2280b4db1b6b vn="Variante von Win32/AdWare.SpeedingUpMyPC.N Anwendung" ac=I fn="C:\Users\Johanna\AppData\Local\Temp\is45637729\3196152_stp\OptimizerPro.exe" sh=FF276EB824F85628A8532B43AC3E3B767AC2BA60 ft=1 fh=5f3f7773402b313b vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Johanna\AppData\Local\Temp\MSIA04F.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll" sh=9974C92640FCAC43387558C8F6E2769F81B1A52F ft=1 fh=d53322919596b31b vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Johanna\AppData\Local\Temp\MSIA04F.tmp-\Smartbar.Resources.LanguageSettings.resources.dll" sh=DA071F5A61C64AAC05E218F82AE242FAAE6E76D9 ft=1 fh=41ca82a8584a2738 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Johanna\AppData\Local\Temp\MSIA04F.tmp-\spbe.dll" sh=4AB9806986AD0B0631AC966561F249C122932285 ft=1 fh=99f8b5663dd7185d vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Johanna\AppData\Local\Temp\MSIA04F.tmp-\spbl.dll" sh=D6D0065F4FAFED67B05D74FB8EAC3EA9BD0AFAEA ft=1 fh=87f0bd10cf61e522 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Johanna\AppData\Local\Temp\MSIA04F.tmp-\sppsm.dll" sh=E38D279DB61FCCE7F41AE7F71C21591778A9B68E ft=1 fh=7b6b1170e0adfc24 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Johanna\AppData\Local\Temp\MSIA04F.tmp-\spusm.dll" sh=BD8024CAD2C747680C7346EC136129E9E32B3EF0 ft=1 fh=76a64632e0158edc vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Johanna\AppData\Local\Temp\MSIA04F.tmp-\srbs.dll" sh=327243E5998E4CB24066CFC3946738FCDE379C93 ft=1 fh=6bac62987925d187 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Johanna\AppData\Local\Temp\MSIA04F.tmp-\srbu.dll" sh=9529EB58F271AF069A33030920E9CF4200216F31 ft=1 fh=60307bcd8b6cd08f vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Johanna\AppData\Local\Temp\MSIA04F.tmp-\srptc.dll" sh=11AF1F0F49DDDD9F44AE170A94B157E5DAAAE752 ft=1 fh=5ae74998ec61d84d vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Johanna\AppData\Local\Temp\MSIA04F.tmp-\srpu.dll" sh=67DB8A1F3E5EA4292422AE74EC224C1E7C8053F6 ft=1 fh=0d6198579596b192 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI60D0.tmp" sh=67DB8A1F3E5EA4292422AE74EC224C1E7C8053F6 ft=1 fh=0d6198579596b192 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI81A9.tmp" sh=FF276EB824F85628A8532B43AC3E3B767AC2BA60 ft=1 fh=5f3f7773402b313b vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE10E.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll" sh=9974C92640FCAC43387558C8F6E2769F81B1A52F ft=1 fh=d53322919596b31b vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE10E.tmp-\Smartbar.Resources.LanguageSettings.resources.dll" sh=DA071F5A61C64AAC05E218F82AE242FAAE6E76D9 ft=1 fh=41ca82a8584a2738 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE10E.tmp-\spbe.dll" sh=4AB9806986AD0B0631AC966561F249C122932285 ft=1 fh=99f8b5663dd7185d vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE10E.tmp-\spbl.dll" sh=D6D0065F4FAFED67B05D74FB8EAC3EA9BD0AFAEA ft=1 fh=87f0bd10cf61e522 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE10E.tmp-\sppsm.dll" sh=E38D279DB61FCCE7F41AE7F71C21591778A9B68E ft=1 fh=7b6b1170e0adfc24 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE10E.tmp-\spusm.dll" sh=BD8024CAD2C747680C7346EC136129E9E32B3EF0 ft=1 fh=76a64632e0158edc vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE10E.tmp-\srbs.dll" sh=327243E5998E4CB24066CFC3946738FCDE379C93 ft=1 fh=6bac62987925d187 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE10E.tmp-\srbu.dll" sh=9529EB58F271AF069A33030920E9CF4200216F31 ft=1 fh=60307bcd8b6cd08f vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE10E.tmp-\srptc.dll" sh=11AF1F0F49DDDD9F44AE170A94B157E5DAAAE752 ft=1 fh=5ae74998ec61d84d vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE10E.tmp-\srpu.dll" Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED! Den FRST Scan habe ich trotzdem gemacht: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014 Ran by Johanna (administrator) on JOHANNASPC on 02-12-2014 19:31:11 Running from C:\Users\Johanna\Desktop Loaded Profile: Johanna (Available profiles: Johanna) Platform: Windows 8.1 (X64) OS Language: Englisch (Vereinigte Staaten) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe (Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Spotify Ltd) C:\Users\Johanna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Dropbox, Inc.) C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.24\opera.exe () C:\Program Files (x86)\Opera\26.0.1656.24\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.24\opera.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.24\opera.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.24\opera.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.24\opera.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-14] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-13] (AVAST Software) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-07-31] ( (Atheros Communications)) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-1306114221-2738080776-3084928801-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21645408 2014-07-24] (Skype Technologies S.A.) HKU\S-1-5-21-1306114221-2738080776-3084928801-1001\...\Run: [Spotify Web Helper] => C:\Users\Johanna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-08-24] (Spotify Ltd) HKU\S-1-5-21-1306114221-2738080776-3084928801-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent Startup: C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:49735;https=127.0.0.1:49735 HKU\S-1-5-21-1306114221-2738080776-3084928801-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default FF DefaultSearchEngine: Yahoo! Search FF SelectedSearchEngine: Yahoo! Search FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll () FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Johanna\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation) FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-08-06] FF Extension: No Name - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\faststartff@gmail.com [Not Found] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com [Not Found] FF Extension: No Name - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{2b929fe1-284b-4766-afb9-19b0915b99b0}.xpi [Not Found] FF Extension: No Name - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{e6ca9971-30ed-444a-9489-82fca50b2062}.xpi [Not Found] FF Extension: No Name - C:\Program Files (x86)\ver9BlockAndSurf\178.xpi [Not Found] FF Extension: No Name - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c} [Not Found] Chrome: ======= CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=MEBA1CF47-8CB8-4AD8-98A8-B7F572AAB0B6&SearchSource=55&CUI=&UM=2&UP=SP066DE25B-C5E8-4D49-89FA-E33B4D802B18&SSPV= CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=MEBA1CF47-8CB8-4AD8-98A8-B7F572AAB0B6&SearchSource=55&CUI=&UM=2&UP=SP066DE25B-C5E8-4D49-89FA-E33B4D802B18&SSPV=" CHR DefaultSearchKeyword: Default -> trovi.com CHR DefaultSearchURL: Default -> hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=MEBA1CF47-8CB8-4AD8-98A8-B7F572AAB0B6&SearchSource=58&CUI=&UM=2&UP=SP066DE25B-C5E8-4D49-89FA-E33B4D802B18&q={searchTerms}&SSPV= CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms} CHR Profile: C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-29] CHR Extension: (Google Drive) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-29] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09] CHR Extension: (YouTube) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-29] CHR Extension: (Google-Suche) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-29] CHR Extension: (BlockAndSurf) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jakgohcoccmgmhiagfgkhmnnmnolalal [2014-08-31] CHR Extension: (Google Wallet) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-29] CHR Extension: (focusbase) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\oedbdopeomhfdadjfjalggcfjnfkilbn [2014-10-28] CHR Extension: (Google Mail) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-29] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-31] (Windows (R) Win 7 DDK provider) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-09] (AVAST Software) S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.) R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [152272 2014-09-18] (Dell Inc.) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-02-20] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-20] (Intel Corporation) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.) S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed] R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-09] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-09] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-23] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-11] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-09] () R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-08-08] (Qualcomm Atheros Communications, Inc.) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-07-31] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-08-06] (Microsoft Corporation) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [116736 2014-02-20] (Intel Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.) R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.) S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-02 19:31 - 2014-12-02 19:31 - 00000000 ____D () C:\Users\Johanna\Desktop\FRST-OlderVersion 2014-12-02 19:30 - 2014-12-02 19:30 - 00000041 _____ () C:\Users\Johanna\Desktop\checkup.txt 2014-12-02 19:28 - 2014-12-02 19:29 - 00852490 _____ () C:\Users\Johanna\Desktop\SecurityCheck.exe 2014-12-01 20:09 - 2014-12-01 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-12-01 19:49 - 2014-12-01 19:49 - 02347384 _____ (ESET) C:\Users\Johanna\Desktop\esetsmartinstaller_deu.exe 2014-12-01 14:46 - 2014-12-01 14:47 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\PCDr 2014-12-01 14:45 - 2014-12-01 14:45 - 00000000 ____D () C:\ProgramData\PCDr 2014-11-30 11:37 - 2014-11-30 11:37 - 00000930 _____ () C:\Users\Johanna\Desktop\JRT.txt 2014-11-30 11:33 - 2014-11-29 11:17 - 01707646 _____ (Thisisu) C:\Users\Johanna\Desktop\JRT_NEW.exe 2014-11-28 18:46 - 2014-11-28 18:46 - 01707532 _____ (Thisisu) C:\Users\Johanna\Desktop\JRT.exe 2014-11-28 18:42 - 2014-11-28 18:42 - 00000000 ___RD () C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-11-28 18:41 - 2014-11-28 18:41 - 00001036 _____ () C:\Users\Johanna\Desktop\AdwCleaner[S1].txt 2014-11-28 18:39 - 2014-11-28 18:39 - 02148864 _____ () C:\Users\Johanna\Desktop\AdwCleaner_4.102.exe 2014-11-28 18:38 - 2014-11-28 18:38 - 00029377 _____ () C:\Users\Johanna\Desktop\mbam.txt 2014-11-28 18:21 - 2014-11-28 18:21 - 00029377 _____ () C:\mbam.txt 2014-11-28 17:29 - 2014-11-28 18:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-28 17:29 - 2014-11-28 17:29 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-28 17:29 - 2014-11-28 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-11-28 17:29 - 2014-11-28 17:29 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-28 17:29 - 2014-11-28 17:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-28 17:29 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-28 17:29 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-28 17:29 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-28 17:28 - 2014-11-28 17:28 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Johanna\Desktop\mbam-setup-2.0.3.1025.exe 2014-11-28 17:00 - 2014-11-28 17:00 - 00001286 _____ () C:\Users\Johanna\Desktop\Revo Uninstaller.lnk 2014-11-28 17:00 - 2014-11-28 17:00 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-11-28 16:59 - 2014-11-28 16:59 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Johanna\Desktop\revosetup95.exe 2014-11-28 13:52 - 2014-11-28 13:52 - 00380416 _____ () C:\Users\Johanna\Desktop\Gmer-19357.exe 2014-11-28 13:50 - 2014-11-28 13:50 - 00030438 _____ () C:\Users\Johanna\Desktop\Addition.txt 2014-11-28 13:49 - 2014-12-02 19:31 - 00018947 _____ () C:\Users\Johanna\Desktop\FRST.txt 2014-11-28 13:48 - 2014-12-02 19:31 - 00000000 ____D () C:\FRST 2014-11-28 13:47 - 2014-12-02 19:31 - 02117120 _____ (Farbar) C:\Users\Johanna\Desktop\FRST64.exe 2014-11-28 13:43 - 2014-11-28 13:43 - 00000476 _____ () C:\Users\Johanna\Desktop\defogger_disable.log 2014-11-28 13:43 - 2014-11-28 13:43 - 00000000 _____ () C:\Users\Johanna\defogger_reenable 2014-11-28 13:40 - 2014-11-28 13:40 - 00050477 _____ () C:\Users\Johanna\Desktop\Defogger.exe 2014-11-23 17:06 - 2014-11-28 18:46 - 00000000 ____D () C:\AdwCleaner 2014-11-23 17:06 - 2014-11-23 17:07 - 02138708 _____ () C:\Users\Johanna\Downloads\adwcleaner_4.101 (1).exe 2014-11-23 17:06 - 2014-11-23 17:06 - 02140160 _____ () C:\Users\Johanna\Downloads\adwcleaner_4.101 (2).exe 2014-11-23 17:03 - 2014-11-23 17:04 - 02140160 _____ () C:\Users\Johanna\Downloads\adwcleaner_4.101.exe 2014-11-23 16:05 - 2014-11-23 16:05 - 00000000 ____D () C:\Users\Johanna\AppData\Local\Macromedia 2014-11-19 11:15 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 11:15 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 11:15 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 11:15 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-19 11:09 - 2014-11-19 11:09 - 00000000 __SHD () C:\Users\Johanna\AppData\Local\EmieBrowserModeList 2014-11-16 12:56 - 2014-09-27 08:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll 2014-11-16 12:56 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll 2014-11-16 12:56 - 2014-09-27 04:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-16 12:56 - 2014-09-27 04:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2014-11-16 12:56 - 2014-09-27 04:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-16 12:55 - 2014-10-18 10:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-11-16 12:55 - 2014-10-18 09:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-11-16 12:55 - 2014-10-18 09:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-11-16 12:55 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-11-16 12:55 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll 2014-11-16 12:55 - 2014-10-18 07:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-11-16 12:55 - 2014-10-18 07:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-11-16 12:55 - 2014-10-18 07:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-11-16 12:55 - 2014-10-18 07:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2014-11-16 12:55 - 2014-10-18 07:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-11-16 12:55 - 2014-10-18 07:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-11-16 12:55 - 2014-10-18 07:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-11-16 12:55 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-11-16 12:55 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-11-16 12:55 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-11-16 12:55 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-11-16 12:55 - 2014-10-17 08:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-16 12:55 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-16 12:55 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-11-16 12:55 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-16 12:55 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-16 12:55 - 2014-10-10 02:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-16 12:55 - 2014-10-10 02:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2014-11-16 12:55 - 2014-10-10 02:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-11-16 12:55 - 2014-10-08 08:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-16 12:55 - 2014-10-08 08:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-16 12:55 - 2014-10-08 08:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2014-11-16 12:55 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2014-11-16 12:55 - 2014-10-08 08:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll 2014-11-16 12:55 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-11-16 12:55 - 2014-10-08 07:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2014-11-16 12:55 - 2014-10-08 07:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-16 12:55 - 2014-10-08 07:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-16 12:55 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-11-16 12:55 - 2014-10-08 07:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2014-11-16 12:55 - 2014-10-08 07:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-16 12:55 - 2014-10-08 06:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-11-16 12:55 - 2014-10-08 06:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-11-16 12:55 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-11-16 12:54 - 2014-09-22 05:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2014-11-16 12:54 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-11-16 12:54 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2014-11-16 12:54 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-11-16 12:54 - 2014-09-19 01:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2014-11-16 12:54 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll 2014-11-16 12:54 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll 2014-11-16 12:53 - 2014-10-31 06:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-16 12:53 - 2014-10-31 06:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-16 12:53 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-16 12:53 - 2014-10-31 06:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-16 12:53 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-16 12:53 - 2014-10-31 05:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-11-16 12:53 - 2014-10-31 05:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-16 12:53 - 2014-10-31 05:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-16 12:53 - 2014-10-31 05:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-16 12:53 - 2014-10-31 05:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-16 12:53 - 2014-10-31 05:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2014-11-16 12:53 - 2014-10-31 05:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-11-16 12:53 - 2014-10-31 05:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-16 12:53 - 2014-10-31 05:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-16 12:53 - 2014-10-31 04:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-16 12:53 - 2014-10-31 04:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-16 12:53 - 2014-10-31 04:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2014-11-16 12:53 - 2014-10-31 04:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-16 12:53 - 2014-10-31 04:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-16 12:53 - 2014-10-31 04:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-16 12:53 - 2014-10-31 04:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-16 12:53 - 2014-10-31 04:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-16 12:53 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-16 12:53 - 2014-10-31 04:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-11-16 12:53 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-16 12:53 - 2014-10-31 04:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-16 12:53 - 2014-10-31 03:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-16 12:53 - 2014-10-31 03:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-16 12:53 - 2014-10-31 03:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2014-11-16 12:53 - 2014-10-31 03:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-11-16 12:53 - 2014-10-31 03:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-16 12:53 - 2014-10-31 03:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-16 12:53 - 2014-10-31 03:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-16 12:53 - 2014-10-31 03:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-16 12:53 - 2014-10-31 03:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-16 12:53 - 2014-10-31 03:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-16 12:53 - 2014-10-31 03:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-16 12:52 - 2014-11-05 00:38 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-16 12:52 - 2014-11-04 01:10 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-16 12:52 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-11-16 12:52 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-11-16 12:52 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-11-16 12:52 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-11-16 12:52 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-11-16 12:52 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-11-16 12:52 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-16 12:52 - 2014-10-31 06:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-11-16 12:52 - 2014-10-31 06:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-16 12:52 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-16 12:52 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-16 12:52 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-11-16 12:52 - 2014-10-31 05:53 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-11-16 12:52 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll 2014-11-16 12:52 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-16 12:52 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-16 12:52 - 2014-10-31 05:49 - 00537088 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-16 12:52 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-11-16 12:52 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-16 12:52 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-11-16 12:52 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-11-16 12:52 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-11-16 12:52 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-16 12:52 - 2014-10-31 05:24 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-11-16 12:52 - 2014-10-31 05:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-16 12:52 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-11-16 12:52 - 2014-10-31 05:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-11-16 12:52 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-11-16 12:52 - 2014-10-31 05:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-16 12:52 - 2014-10-31 05:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-16 12:52 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-11-16 12:52 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-11-16 12:52 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-11-16 12:52 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-11-16 12:52 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-11-16 12:52 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-11-16 12:52 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-11-16 12:52 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-16 12:52 - 2014-10-31 04:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-11-16 12:52 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-16 12:52 - 2014-10-31 04:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-16 12:52 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-16 12:52 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-16 12:52 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-11-16 12:52 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll 2014-11-16 12:52 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-16 12:52 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-11-16 12:52 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-16 12:52 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-11-16 12:52 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-11-16 12:52 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-11-16 12:52 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-16 12:52 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-11-16 12:52 - 2014-10-31 03:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-16 12:52 - 2014-10-31 03:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-11-16 12:52 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-11-16 12:52 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2014-11-16 12:52 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-11-16 12:52 - 2014-10-23 06:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-16 12:52 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-16 12:52 - 2014-10-07 07:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-16 12:52 - 2014-10-07 07:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-16 12:52 - 2014-10-07 07:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-16 12:52 - 2014-10-07 07:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-11-16 12:52 - 2014-10-07 07:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-16 12:52 - 2014-10-07 04:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-16 12:52 - 2014-10-07 04:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-16 12:52 - 2014-10-07 04:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-16 12:52 - 2014-10-07 04:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-16 12:52 - 2014-10-07 02:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2014-11-16 12:52 - 2014-10-07 02:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-16 12:52 - 2014-09-10 07:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-11-16 12:52 - 2014-09-08 04:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-11-16 12:52 - 2014-09-08 04:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-11-16 12:52 - 2014-09-07 23:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml 2014-11-16 12:52 - 2014-09-04 23:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2014-11-16 12:52 - 2014-09-04 23:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2014-11-16 12:52 - 2014-09-04 04:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll 2014-11-16 12:52 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll 2014-11-16 12:52 - 2014-09-04 02:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2014-11-16 12:52 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2014-11-16 12:52 - 2014-08-31 01:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2014-11-16 12:52 - 2014-08-31 01:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-11-16 12:52 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-11-16 12:52 - 2014-08-30 23:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll 2014-11-16 12:52 - 2014-08-30 22:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll 2014-11-16 12:52 - 2014-08-30 22:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll 2014-11-16 12:52 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll 2014-11-16 12:52 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2014-11-16 12:52 - 2014-08-28 03:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-11-16 12:52 - 2014-08-28 01:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-11-16 12:52 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-11-16 12:52 - 2014-08-23 06:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-16 12:52 - 2014-08-23 06:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2014-11-16 12:52 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2014-11-16 12:52 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-16 12:52 - 2014-08-23 05:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll 2014-11-16 12:52 - 2014-08-02 01:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll 2014-11-16 12:52 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll 2014-11-03 19:18 - 2014-12-02 14:10 - 00019713 _____ () C:\Windows\system32\lvcoinst.log 2014-11-03 19:18 - 2014-11-03 19:18 - 00000000 ____D () C:\Program Files\Common Files\logishrd ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-02 19:31 - 2014-08-06 02:15 - 01735383 _____ () C:\Windows\WindowsUpdate.log 2014-12-02 19:24 - 2014-10-03 14:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-02 19:24 - 2014-08-24 18:05 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-12-02 19:21 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2014-12-02 14:41 - 2014-08-24 17:45 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1306114221-2738080776-3084928801-1001 2014-12-02 14:39 - 2014-08-29 12:56 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-02 14:16 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-12-02 14:13 - 2014-08-24 17:43 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{48ECAB51-DE82-47B0-B45B-C8D6F76C3A2F} 2014-12-02 14:09 - 2014-08-06 03:00 - 00064269 _____ () C:\Windows\SysWOW64\Gms.log 2014-12-01 19:52 - 2014-08-06 02:25 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-01 19:52 - 2013-09-03 14:39 - 00763218 _____ () C:\Windows\system32\perfh007.dat 2014-12-01 19:52 - 2013-09-03 14:39 - 00159364 _____ () C:\Windows\system32\perfc007.dat 2014-12-01 19:51 - 2013-08-22 15:46 - 00016215 _____ () C:\Windows\setupact.log 2014-12-01 15:04 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-11-30 18:39 - 2014-08-29 12:56 - 00001130 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-30 17:20 - 2014-08-24 18:13 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\Skype 2014-11-30 16:44 - 2014-09-09 13:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-11-30 16:29 - 2014-09-13 11:55 - 00000000 ____D () C:\Users\Johanna\AppData\Local\CrashDumps 2014-11-28 18:50 - 2014-08-06 03:06 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery 2014-11-28 18:43 - 2014-08-24 18:41 - 00000000 ___RD () C:\Users\Johanna\Dropbox 2014-11-28 18:43 - 2014-08-24 18:15 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\Dropbox 2014-11-28 18:42 - 2014-08-29 12:56 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-11-28 18:42 - 2014-08-06 02:11 - 00088862 _____ () C:\Windows\PFRO.log 2014-11-28 18:42 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-28 18:41 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-11-28 13:43 - 2014-08-24 17:39 - 00000000 ____D () C:\Users\Johanna 2014-11-27 18:40 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-11-25 20:24 - 2014-10-03 14:44 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-23 19:11 - 2014-08-06 03:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2014-11-23 17:10 - 2014-08-24 17:51 - 00001118 _____ () C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-11-23 17:10 - 2014-08-24 17:51 - 00001088 _____ () C:\Users\Johanna\Desktop\Search.lnk 2014-11-23 16:52 - 2013-08-22 14:25 - 00000226 _____ () C:\Windows\win.ini 2014-11-23 15:50 - 2014-08-06 03:04 - 00000000 ____D () C:\Program Files (x86)\McAfee 2014-11-23 12:05 - 2014-09-09 13:13 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-11-20 21:51 - 2014-09-09 12:42 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-20 21:51 - 2014-09-09 12:42 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-20 16:10 - 2014-08-24 18:05 - 00003834 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1408899904 2014-11-20 16:10 - 2014-08-24 18:05 - 00001059 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-11-19 11:54 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2014-11-19 11:02 - 2013-08-22 15:44 - 00387328 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-16 18:08 - 2014-09-07 18:41 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-16 18:08 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData 2014-11-16 18:08 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-11-16 18:08 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-16 18:08 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-16 18:08 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-11-16 18:08 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-11-16 13:07 - 2014-08-24 18:44 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-16 13:04 - 2014-09-07 18:29 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-16 13:02 - 2014-09-07 18:29 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-16 12:43 - 2014-08-24 18:41 - 00001037 _____ () C:\Users\Johanna\Desktop\Dropbox.lnk 2014-11-16 12:43 - 2014-08-24 18:16 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-11-08 14:01 - 2014-10-28 18:50 - 00000000 ____D () C:\ProgramData\7975a309-80f8-4422-b6b0-af4fcaf5cd46 Some content of TEMP: ==================== C:\Users\Johanna\AppData\Local\Temp\COMAP.EXE C:\Users\Johanna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgwribc.dll C:\Users\Johanna\AppData\Local\Temp\installerdll8378515.dll C:\Users\Johanna\AppData\Local\Temp\installerdll8384828.dll C:\Users\Johanna\AppData\Local\Temp\optprosetup.exe C:\Users\Johanna\AppData\Local\Temp\ose00000.exe C:\Users\Johanna\AppData\Local\Temp\post1.exe C:\Users\Johanna\AppData\Local\Temp\post2.dll C:\Users\Johanna\AppData\Local\Temp\post2.exe C:\Users\Johanna\AppData\Local\Temp\Quarantine.exe C:\Users\Johanna\AppData\Local\Temp\rootsupd.exe C:\Users\Johanna\AppData\Local\Temp\Setup.exe C:\Users\Johanna\AppData\Local\Temp\sqlite3.dll C:\Users\Johanna\AppData\Local\Temp\UninstallEADM.dll C:\Users\Johanna\AppData\Local\Temp\vcredist_x64.exe C:\Users\Johanna\AppData\Local\Temp\vcredist_x86.exe C:\Users\Johanna\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-28 15:01 ==================== End Of Log ============================ Mit freundlichen Grüßen, Johanna15 |
03.12.2014, 11:55 | #6 |
/// the machine /// TB-Ausbilder | Windows 8: Mc Afee entdeckt verschiedene Viren und Trojaner, unter anderem PUP.FNK und PUP.FKS Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:49735;https=127.0.0.1:49735 FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com [Not Found] FF Extension: No Name - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{2b929fe1-284b-4766-afb9-19b0915b99b0}.xpi [Not Found] FF Extension: No Name - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{e6ca9971-30ed-444a-9489-82fca50b2062}.xpi [Not Found] FF Extension: No Name - C:\Program Files (x86)\ver9BlockAndSurf\178.xpi [Not Found] FF Extension: No Name - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c} [Not Found] CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=MEBA1CF47-8CB8-4AD8-98A8-B7F572AAB0B6&SearchSource=55&CUI=&UM=2&UP=SP066DE25B-C5E8-4D49-89FA-E33B4D802B18&SSPV= CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=MEBA1CF47-8CB8-4AD8-98A8-B7F572AAB0B6&SearchSource=55&CUI=&UM=2&UP=SP066DE25B-C5E8-4D49-89FA-E33B4D802B18&SSPV=" CHR DefaultSearchKeyword: Default -> trovi.com CHR DefaultSearchURL: Default -> hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=MEBA1CF47-8CB8-4AD8-98A8-B7F572AAB0B6&SearchSource=58&CUI=&UM=2&UP=SP066DE25B-C5E8-4D49-89FA-E33B4D802B18&q={searchTerms}&SSPV= CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms} Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST log bitte. Noch Probleme?
__________________ --> Windows 8: Mc Afee entdeckt verschiedene Viren und Trojaner, unter anderem PUP.FNK und PUP.FKS |
10.12.2014, 12:28 | #7 |
| Windows 8: Mc Afee entdeckt verschiedene Viren und Trojaner, unter anderem PUP.FNK und PUP.FKS Entschuldigung, dass ich mich so lange nicht gemeldet habe. Ich habe im Moment sehr viel zu tun und kam daher jetzt diese Woche nicht dazu, die Arbeitsschritte durchzuführen. Nun habe ich es aber geschafft hier sind die Logs: Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-12-2014 01 Ran by Johanna at 2014-12-07 11:30:27 Run:1 Running from C:\Users\Johanna\Desktop Loaded Profile: Johanna (Available profiles: Johanna) Boot Mode: Normal ============================================== Content of fixlist: ***************** GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:49735;https=127.0.0.1:49735 FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com [Not Found] FF Extension: No Name - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{2b929fe1-284b-4766-afb9-19b0915b99b0}.xpi [Not Found] FF Extension: No Name - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{e6ca9971-30ed-444a-9489-82fca50b2062}.xpi [Not Found] FF Extension: No Name - C:\Program Files (x86)\ver9BlockAndSurf\178.xpi [Not Found] FF Extension: No Name - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c} [Not Found] CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=MEBA1CF47-8CB8-4AD8-98A8-B7F572AAB0B6&SearchSource=55&CUI=&UM=2&UP=SP066DE25B-C5E8-4D49-89FA-E33B4D802B18&SSPV= CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=MEBA1CF47-8CB8-4AD8-98A8-B7F572AAB0B6&SearchSource=55&CUI=&UM=2&UP=SP066DE25B-C5E8-4D49-89FA-E33B4D802B18&SSPV=" CHR DefaultSearchKeyword: Default -> trovi.com CHR DefaultSearchURL: Default -> hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=MEBA1CF47-8CB8-4AD8-98A8-B7F572AAB0B6&SearchSource=58&CUI=&UM=2&UP=SP066DE25B-C5E8-4D49-89FA-E33B4D802B18&q={searchTerms}&SSPV= CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms} Emptytemp: ***************** C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com not found. C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{2b929fe1-284b-4766-afb9-19b0915b99b0}.xpi not found. C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{e6ca9971-30ed-444a-9489-82fca50b2062}.xpi not found. C:\Program Files (x86)\ver9BlockAndSurf\178.xpi not found. C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c} not found. Chrome HomePage deleted successfully. Chrome StartupUrls deleted successfully. Chrome DefaultSearchKeyword deleted successfully. Chrome DefaultSearchURL deleted successfully. Chrome DefaultSuggestURL deleted successfully. EmptyTemp: => Removed 2 GB temporary data. The system needed a reboot. ==== End of Fixlog ==== FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 01 Ran by Johanna (administrator) on JOHANNASPC on 10-12-2014 12:24:46 Running from C:\Users\Johanna\Desktop Loaded Profile: Johanna (Available profiles: Johanna) Platform: Windows 8.1 (X64) OS Language: Englisch (Vereinigte Staaten) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.24\opera.exe () C:\Program Files (x86)\Opera\26.0.1656.24\opera_crashreporter.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.24\opera.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.24\opera.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.24\opera.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.24\opera.exe (Spotify Ltd) C:\Users\Johanna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Dropbox, Inc.) C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (PC-Doctor, Inc.) C:\Program Files\My Dell\uaclauncher.exe (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Microsoft Corporation) C:\Windows\WinStore\WSHost.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.24\opera.exe (McAfee, Inc.) C:\Program Files\mcafee\virusscan\McVsMap.exe (McAfee, Inc.) C:\Program Files\mcafee\virusscan\McVsShld.exe () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-14] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-13] (AVAST Software) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-07-31] ( (Atheros Communications)) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-1306114221-2738080776-3084928801-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21645408 2014-07-24] (Skype Technologies S.A.) HKU\S-1-5-21-1306114221-2738080776-3084928801-1001\...\Run: [Spotify Web Helper] => C:\Users\Johanna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-08-24] (Spotify Ltd) HKU\S-1-5-21-1306114221-2738080776-3084928801-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent Startup: C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:49735;https=127.0.0.1:49735 HKU\S-1-5-21-1306114221-2738080776-3084928801-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default FF DefaultSearchEngine: Yahoo! Search FF SelectedSearchEngine: Yahoo! Search FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Johanna\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation) FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-08-06] FF Extension: No Name - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\faststartff@gmail.com [Not Found] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com [Not Found] FF Extension: No Name - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{2b929fe1-284b-4766-afb9-19b0915b99b0}.xpi [Not Found] FF Extension: No Name - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{e6ca9971-30ed-444a-9489-82fca50b2062}.xpi [Not Found] FF Extension: No Name - C:\Program Files (x86)\ver9BlockAndSurf\178.xpi [Not Found] FF Extension: No Name - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c} [Not Found] Chrome: ======= CHR Profile: C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-29] CHR Extension: (Google Drive) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-29] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09] CHR Extension: (YouTube) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-29] CHR Extension: (Google-Suche) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-29] CHR Extension: (BlockAndSurf) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jakgohcoccmgmhiagfgkhmnnmnolalal [2014-08-31] CHR Extension: (Google Wallet) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-29] CHR Extension: (focusbase) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\oedbdopeomhfdadjfjalggcfjnfkilbn [2014-10-28] CHR Extension: (Google Mail) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-29] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-31] (Windows (R) Win 7 DDK provider) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-09] (AVAST Software) S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.) R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [152272 2014-09-18] (Dell Inc.) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-02-20] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-20] (Intel Corporation) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.) S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed] R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-09] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-09] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-23] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-11] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-09] () R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-08-08] (Qualcomm Atheros Communications, Inc.) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-07-31] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-08-06] (Microsoft Corporation) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [116736 2014-02-20] (Intel Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.) R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.) S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-10 12:25 - 2014-12-10 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-12-10 12:21 - 2014-12-10 12:21 - 00000000 ___RD () C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-12-02 19:42 - 2014-12-02 19:42 - 00052354 _____ () C:\Users\Johanna\Desktop\FRST02.txt 2014-12-02 19:31 - 2014-12-07 11:30 - 00000000 ____D () C:\Users\Johanna\Desktop\FRST-OlderVersion 2014-12-02 19:30 - 2014-12-02 19:30 - 00000041 _____ () C:\Users\Johanna\Desktop\checkup.txt 2014-12-01 19:49 - 2014-12-01 19:49 - 02347384 _____ (ESET) C:\Users\Johanna\Desktop\esetsmartinstaller_deu.exe 2014-12-01 14:46 - 2014-12-01 14:47 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\PCDr 2014-12-01 14:45 - 2014-12-01 14:45 - 00000000 ____D () C:\ProgramData\PCDr 2014-11-30 11:37 - 2014-11-30 11:37 - 00000930 _____ () C:\Users\Johanna\Desktop\JRT.txt 2014-11-30 11:33 - 2014-11-29 11:17 - 01707646 _____ (Thisisu) C:\Users\Johanna\Desktop\JRT_NEW.exe 2014-11-28 18:46 - 2014-11-28 18:46 - 01707532 _____ (Thisisu) C:\Users\Johanna\Desktop\JRT.exe 2014-11-28 18:41 - 2014-11-28 18:41 - 00001036 _____ () C:\Users\Johanna\Desktop\AdwCleaner[S1].txt 2014-11-28 18:39 - 2014-11-28 18:39 - 02148864 _____ () C:\Users\Johanna\Desktop\AdwCleaner_4.102.exe 2014-11-28 18:38 - 2014-11-28 18:38 - 00029377 _____ () C:\Users\Johanna\Desktop\mbam.txt 2014-11-28 18:21 - 2014-11-28 18:21 - 00029377 _____ () C:\mbam.txt 2014-11-28 17:29 - 2014-11-28 18:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-28 17:29 - 2014-11-28 17:29 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-28 17:29 - 2014-11-28 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-11-28 17:29 - 2014-11-28 17:29 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-28 17:29 - 2014-11-28 17:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-28 17:29 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-28 17:29 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-28 17:29 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-28 17:28 - 2014-11-28 17:28 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Johanna\Desktop\mbam-setup-2.0.3.1025.exe 2014-11-28 17:00 - 2014-11-28 17:00 - 00001286 _____ () C:\Users\Johanna\Desktop\Revo Uninstaller.lnk 2014-11-28 17:00 - 2014-11-28 17:00 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-11-28 16:59 - 2014-11-28 16:59 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Johanna\Desktop\revosetup95.exe 2014-11-28 13:52 - 2014-11-28 13:52 - 00380416 _____ () C:\Users\Johanna\Desktop\Gmer-19357.exe 2014-11-28 13:50 - 2014-11-28 13:50 - 00030438 _____ () C:\Users\Johanna\Desktop\Addition.txt 2014-11-28 13:49 - 2014-12-10 12:24 - 00018323 _____ () C:\Users\Johanna\Desktop\FRST.txt 2014-11-28 13:48 - 2014-12-10 12:24 - 00000000 ____D () C:\FRST 2014-11-28 13:47 - 2014-12-07 11:30 - 02119680 _____ (Farbar) C:\Users\Johanna\Desktop\FRST64.exe 2014-11-28 13:43 - 2014-11-28 13:43 - 00000476 _____ () C:\Users\Johanna\Desktop\defogger_disable.log 2014-11-28 13:43 - 2014-11-28 13:43 - 00000000 _____ () C:\Users\Johanna\defogger_reenable 2014-11-28 13:40 - 2014-11-28 13:40 - 00050477 _____ () C:\Users\Johanna\Desktop\Defogger.exe 2014-11-23 17:06 - 2014-11-28 18:46 - 00000000 ____D () C:\AdwCleaner 2014-11-23 17:06 - 2014-11-23 17:07 - 02138708 _____ () C:\Users\Johanna\Downloads\adwcleaner_4.101 (1).exe 2014-11-23 17:06 - 2014-11-23 17:06 - 02140160 _____ () C:\Users\Johanna\Downloads\adwcleaner_4.101 (2).exe 2014-11-23 17:03 - 2014-11-23 17:04 - 02140160 _____ () C:\Users\Johanna\Downloads\adwcleaner_4.101.exe 2014-11-23 16:05 - 2014-11-23 16:05 - 00000000 ____D () C:\Users\Johanna\AppData\Local\Macromedia 2014-11-19 11:15 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 11:15 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 11:15 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 11:15 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-19 11:09 - 2014-11-19 11:09 - 00000000 __SHD () C:\Users\Johanna\AppData\Local\EmieBrowserModeList 2014-11-16 12:56 - 2014-09-27 08:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll 2014-11-16 12:56 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll 2014-11-16 12:56 - 2014-09-27 04:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-16 12:56 - 2014-09-27 04:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2014-11-16 12:56 - 2014-09-27 04:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-16 12:55 - 2014-10-18 10:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-11-16 12:55 - 2014-10-18 09:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-11-16 12:55 - 2014-10-18 09:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-11-16 12:55 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-11-16 12:55 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll 2014-11-16 12:55 - 2014-10-18 07:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-11-16 12:55 - 2014-10-18 07:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-11-16 12:55 - 2014-10-18 07:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-11-16 12:55 - 2014-10-18 07:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2014-11-16 12:55 - 2014-10-18 07:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-11-16 12:55 - 2014-10-18 07:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-11-16 12:55 - 2014-10-18 07:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-11-16 12:55 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-11-16 12:55 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-11-16 12:55 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-11-16 12:55 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-11-16 12:55 - 2014-10-17 08:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-16 12:55 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-16 12:55 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-11-16 12:55 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-16 12:55 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-16 12:55 - 2014-10-10 02:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-16 12:55 - 2014-10-10 02:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2014-11-16 12:55 - 2014-10-10 02:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-11-16 12:55 - 2014-10-08 08:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-16 12:55 - 2014-10-08 08:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-16 12:55 - 2014-10-08 08:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2014-11-16 12:55 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2014-11-16 12:55 - 2014-10-08 08:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll 2014-11-16 12:55 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-11-16 12:55 - 2014-10-08 07:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2014-11-16 12:55 - 2014-10-08 07:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-16 12:55 - 2014-10-08 07:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-16 12:55 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-11-16 12:55 - 2014-10-08 07:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2014-11-16 12:55 - 2014-10-08 07:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-16 12:55 - 2014-10-08 06:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-11-16 12:55 - 2014-10-08 06:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-11-16 12:55 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-11-16 12:54 - 2014-09-22 05:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2014-11-16 12:54 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-11-16 12:54 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2014-11-16 12:54 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-11-16 12:54 - 2014-09-19 01:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2014-11-16 12:54 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll 2014-11-16 12:54 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll 2014-11-16 12:53 - 2014-10-31 06:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-16 12:53 - 2014-10-31 06:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-16 12:53 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-16 12:53 - 2014-10-31 06:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-16 12:53 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-16 12:53 - 2014-10-31 05:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-11-16 12:53 - 2014-10-31 05:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-16 12:53 - 2014-10-31 05:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-16 12:53 - 2014-10-31 05:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-16 12:53 - 2014-10-31 05:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-16 12:53 - 2014-10-31 05:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2014-11-16 12:53 - 2014-10-31 05:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-11-16 12:53 - 2014-10-31 05:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-16 12:53 - 2014-10-31 05:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-16 12:53 - 2014-10-31 04:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-16 12:53 - 2014-10-31 04:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-16 12:53 - 2014-10-31 04:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2014-11-16 12:53 - 2014-10-31 04:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-16 12:53 - 2014-10-31 04:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-16 12:53 - 2014-10-31 04:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-16 12:53 - 2014-10-31 04:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-16 12:53 - 2014-10-31 04:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-16 12:53 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-16 12:53 - 2014-10-31 04:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-11-16 12:53 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-16 12:53 - 2014-10-31 04:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-16 12:53 - 2014-10-31 03:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-16 12:53 - 2014-10-31 03:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-16 12:53 - 2014-10-31 03:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2014-11-16 12:53 - 2014-10-31 03:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-11-16 12:53 - 2014-10-31 03:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-16 12:53 - 2014-10-31 03:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-16 12:53 - 2014-10-31 03:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-16 12:53 - 2014-10-31 03:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-16 12:53 - 2014-10-31 03:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-16 12:53 - 2014-10-31 03:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-16 12:53 - 2014-10-31 03:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-16 12:52 - 2014-11-05 00:38 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-16 12:52 - 2014-11-04 01:10 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-16 12:52 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-11-16 12:52 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-11-16 12:52 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-11-16 12:52 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-11-16 12:52 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-11-16 12:52 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-11-16 12:52 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-16 12:52 - 2014-10-31 06:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-11-16 12:52 - 2014-10-31 06:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-16 12:52 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-16 12:52 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-16 12:52 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-11-16 12:52 - 2014-10-31 05:53 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-11-16 12:52 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll 2014-11-16 12:52 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-16 12:52 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-16 12:52 - 2014-10-31 05:49 - 00537088 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-16 12:52 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-11-16 12:52 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-16 12:52 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-11-16 12:52 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-11-16 12:52 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-11-16 12:52 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-16 12:52 - 2014-10-31 05:24 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-11-16 12:52 - 2014-10-31 05:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-16 12:52 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-11-16 12:52 - 2014-10-31 05:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-11-16 12:52 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-11-16 12:52 - 2014-10-31 05:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-16 12:52 - 2014-10-31 05:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-16 12:52 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-11-16 12:52 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-11-16 12:52 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-11-16 12:52 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-11-16 12:52 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-11-16 12:52 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-11-16 12:52 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-11-16 12:52 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-16 12:52 - 2014-10-31 04:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-11-16 12:52 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-16 12:52 - 2014-10-31 04:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-16 12:52 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-16 12:52 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-16 12:52 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-11-16 12:52 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll 2014-11-16 12:52 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-16 12:52 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-11-16 12:52 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-16 12:52 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-11-16 12:52 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-11-16 12:52 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-11-16 12:52 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-16 12:52 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-11-16 12:52 - 2014-10-31 03:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-16 12:52 - 2014-10-31 03:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-11-16 12:52 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-11-16 12:52 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2014-11-16 12:52 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-11-16 12:52 - 2014-10-23 06:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-16 12:52 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-16 12:52 - 2014-10-07 07:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-16 12:52 - 2014-10-07 07:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-16 12:52 - 2014-10-07 07:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-16 12:52 - 2014-10-07 07:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-11-16 12:52 - 2014-10-07 07:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-16 12:52 - 2014-10-07 04:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-16 12:52 - 2014-10-07 04:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-16 12:52 - 2014-10-07 04:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-16 12:52 - 2014-10-07 04:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-16 12:52 - 2014-10-07 02:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2014-11-16 12:52 - 2014-10-07 02:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-16 12:52 - 2014-09-10 07:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-11-16 12:52 - 2014-09-08 04:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-11-16 12:52 - 2014-09-08 04:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-11-16 12:52 - 2014-09-07 23:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml 2014-11-16 12:52 - 2014-09-04 23:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2014-11-16 12:52 - 2014-09-04 23:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2014-11-16 12:52 - 2014-09-04 04:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll 2014-11-16 12:52 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll 2014-11-16 12:52 - 2014-09-04 02:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2014-11-16 12:52 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2014-11-16 12:52 - 2014-08-31 01:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2014-11-16 12:52 - 2014-08-31 01:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-11-16 12:52 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-11-16 12:52 - 2014-08-30 23:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll 2014-11-16 12:52 - 2014-08-30 22:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll 2014-11-16 12:52 - 2014-08-30 22:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll 2014-11-16 12:52 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll 2014-11-16 12:52 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2014-11-16 12:52 - 2014-08-28 03:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-11-16 12:52 - 2014-08-28 01:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-11-16 12:52 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-11-16 12:52 - 2014-08-23 06:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-16 12:52 - 2014-08-23 06:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2014-11-16 12:52 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2014-11-16 12:52 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-16 12:52 - 2014-08-23 05:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll 2014-11-16 12:52 - 2014-08-02 01:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll 2014-11-16 12:52 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-10 12:24 - 2014-10-03 14:44 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-10 12:24 - 2014-10-03 14:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-10 12:24 - 2014-08-24 17:45 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1306114221-2738080776-3084928801-1001 2014-12-10 12:23 - 2014-11-03 19:18 - 00021591 _____ () C:\Windows\system32\lvcoinst.log 2014-12-10 12:23 - 2014-08-24 17:43 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{48ECAB51-DE82-47B0-B45B-C8D6F76C3A2F} 2014-12-10 12:23 - 2014-08-06 03:06 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery 2014-12-10 12:23 - 2014-08-06 03:00 - 00006464 _____ () C:\Windows\SysWOW64\Gms.log 2014-12-10 12:21 - 2014-09-09 13:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-12-10 12:21 - 2014-08-24 18:41 - 00000000 ___RD () C:\Users\Johanna\Dropbox 2014-12-10 12:21 - 2014-08-24 18:15 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\Dropbox 2014-12-10 12:19 - 2014-08-29 12:56 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-10 12:19 - 2014-08-24 17:39 - 00000000 ____D () C:\Users\Johanna 2014-12-10 12:19 - 2014-08-06 03:04 - 00000000 ____D () C:\Program Files (x86)\McAfee 2014-12-10 12:19 - 2014-08-06 02:11 - 00091092 _____ () C:\Windows\PFRO.log 2014-12-10 12:19 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-10 12:19 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-12-08 01:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2014-12-07 16:10 - 2014-08-24 18:05 - 00003836 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1408899904 2014-12-07 16:10 - 2014-08-24 18:05 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-12-07 12:46 - 2014-08-31 18:25 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-12-07 11:48 - 2014-08-29 12:56 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-12-07 11:42 - 2014-08-29 12:56 - 00004112 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-12-07 11:42 - 2014-08-29 12:56 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-12-07 11:42 - 2014-08-29 12:56 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-07 11:30 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-12-07 11:14 - 2014-08-06 02:15 - 01902805 _____ () C:\Windows\WindowsUpdate.log 2014-12-07 10:55 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-12-01 19:52 - 2014-08-06 02:25 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-01 19:52 - 2013-09-03 14:39 - 00763218 _____ () C:\Windows\system32\perfh007.dat 2014-12-01 19:52 - 2013-09-03 14:39 - 00159364 _____ () C:\Windows\system32\perfc007.dat 2014-12-01 19:51 - 2013-08-22 15:46 - 00016215 _____ () C:\Windows\setupact.log 2014-11-30 17:20 - 2014-08-24 18:13 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\Skype 2014-11-30 16:29 - 2014-09-13 11:55 - 00000000 ____D () C:\Users\Johanna\AppData\Local\CrashDumps 2014-11-28 18:41 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-11-27 18:40 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-11-23 19:11 - 2014-08-06 03:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2014-11-23 17:10 - 2014-08-24 17:51 - 00001118 _____ () C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-11-23 17:10 - 2014-08-24 17:51 - 00001088 _____ () C:\Users\Johanna\Desktop\Search.lnk 2014-11-23 16:52 - 2013-08-22 14:25 - 00000226 _____ () C:\Windows\win.ini 2014-11-23 12:05 - 2014-09-09 13:13 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-11-20 21:51 - 2014-09-09 12:42 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-20 21:51 - 2014-09-09 12:42 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-20 16:10 - 2014-08-24 18:05 - 00001059 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-11-19 11:54 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2014-11-19 11:02 - 2013-08-22 15:44 - 00387328 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-16 18:08 - 2014-09-07 18:41 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-16 18:08 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData 2014-11-16 18:08 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-11-16 18:08 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-16 18:08 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-16 18:08 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-11-16 18:08 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-11-16 13:07 - 2014-08-24 18:44 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-16 13:04 - 2014-09-07 18:29 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-16 13:02 - 2014-09-07 18:29 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-16 12:43 - 2014-08-24 18:41 - 00001037 _____ () C:\Users\Johanna\Desktop\Dropbox.lnk 2014-11-16 12:43 - 2014-08-24 18:16 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox Some content of TEMP: ==================== C:\Users\Johanna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmtaxny.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-07 11:06 ==================== End Of Log ============================ Probleme sind mir jetzt vorerst keine mehr aufgefallen. Gruß, Johanna15 |
10.12.2014, 19:23 | #8 |
/// the machine /// TB-Ausbilder | Windows 8: Mc Afee entdeckt verschiedene Viren und Trojaner, unter anderem PUP.FNK und PUP.FKS Lösche mal bitte FRST, lade es neu und scanne, setz nen Haken bei Addition damit 2 Logs entstehen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
14.12.2014, 11:19 | #9 |
| Windows 8: Mc Afee entdeckt verschiedene Viren und Trojaner, unter anderem PUP.FNK und PUP.FKS Habe die Arbeitsschritte ausgeführt, hier sind die Logs: FRST Log: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2014 Ran by Johanna (administrator) on JOHANNASPC on 14-12-2014 11:12:29 Running from C:\Users\Johanna\Desktop Loaded Profile: Johanna (Available profiles: Johanna) Platform: Windows 8.1 (X64) OS Language: Englisch (Vereinigte Staaten) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Spotify Ltd) C:\Users\Johanna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Dropbox, Inc.) C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Aviata Inc) C:\Program Files (x86)\Dell Product Registration\prodreg.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-14] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-12-14] (AVAST Software) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-07-31] ( (Atheros Communications)) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-1306114221-2738080776-3084928801-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21645408 2014-07-24] (Skype Technologies S.A.) HKU\S-1-5-21-1306114221-2738080776-3084928801-1001\...\Run: [Spotify Web Helper] => C:\Users\Johanna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-08-24] (Spotify Ltd) HKU\S-1-5-21-1306114221-2738080776-3084928801-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent Startup: C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:49735;https=127.0.0.1:49735 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-1306114221-2738080776-3084928801-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default FF DefaultSearchEngine: Yahoo! Search FF SelectedSearchEngine: Yahoo! Search FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Johanna\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation) FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-08-06] FF Extension: No Name - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\faststartff@gmail.com [Not Found] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com [Not Found] FF Extension: No Name - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{2b929fe1-284b-4766-afb9-19b0915b99b0}.xpi [Not Found] FF Extension: No Name - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{e6ca9971-30ed-444a-9489-82fca50b2062}.xpi [Not Found] FF Extension: No Name - C:\Program Files (x86)\ver9BlockAndSurf\178.xpi [Not Found] FF Extension: No Name - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c} [Not Found] Chrome: ======= CHR Profile: C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-29] CHR Extension: (Google Drive) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-29] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09] CHR Extension: (YouTube) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-29] CHR Extension: (Google-Suche) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-29] CHR Extension: (BlockAndSurf) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jakgohcoccmgmhiagfgkhmnnmnolalal [2014-08-31] CHR Extension: (Google Wallet) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-29] CHR Extension: (focusbase) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\oedbdopeomhfdadjfjalggcfjnfkilbn [2014-10-28] CHR Extension: (Google Mail) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-29] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-31] (Windows (R) Win 7 DDK provider) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-14] (AVAST Software) S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.) S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [152272 2014-09-18] (Dell Inc.) S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation) S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-02-20] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-20] (Intel Corporation) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.) S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed] S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor) S2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-14] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-14] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-14] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-14] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-14] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-14] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-14] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-14] () R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-08-08] (Qualcomm Atheros Communications, Inc.) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-07-31] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-08-06] (Microsoft Corporation) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [116736 2014-02-20] (Intel Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.) R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.) S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-14 11:11 - 2014-12-14 11:11 - 00000000 ___RD () C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-12-14 11:10 - 2014-12-14 11:10 - 00001982 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2014-12-14 11:09 - 2014-12-14 11:09 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-12-14 11:09 - 2014-12-14 11:09 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-12-14 11:08 - 2014-12-14 11:08 - 02119168 _____ (Farbar) C:\Users\Johanna\Desktop\FRST64.exe 2014-12-14 11:08 - 2014-12-14 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-12-14 11:00 - 2014-12-14 11:00 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-11 20:31 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll 2014-12-11 20:31 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-11 20:31 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-11 20:31 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-11 20:31 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-12-11 20:31 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-12-11 20:16 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-11 20:16 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-11 20:16 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-11 20:16 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-11 20:16 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-11 20:16 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-11 20:16 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-11 20:15 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys 2014-12-11 20:15 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys 2014-12-11 20:15 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys 2014-12-11 20:15 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys 2014-12-11 20:14 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll 2014-12-11 20:14 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll 2014-12-11 20:13 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-11 20:13 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-11 20:13 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-11 20:13 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-12-11 20:13 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-11 20:13 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-12-11 20:13 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-11 20:13 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-11 20:13 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-11 20:13 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-11 20:13 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-12-11 20:13 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-12-11 20:13 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-11 20:13 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-11 20:13 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-11 20:13 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2014-12-11 20:13 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-12-11 20:13 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-12-11 20:13 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-11 20:13 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-11 20:13 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-11 20:13 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-11 20:13 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-11 20:13 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-11 20:13 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-12-11 20:13 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-11 20:13 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-11 20:13 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2014-12-11 20:13 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-11 20:13 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-12-11 20:13 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-11 20:13 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-11 20:13 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-11 20:13 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-11 20:13 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-11 20:13 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-11 20:13 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-11 20:13 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-11 20:13 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-10 12:25 - 2014-12-10 12:25 - 00051062 _____ () C:\Users\Johanna\Desktop\FRST03.txt 2014-12-02 19:42 - 2014-12-02 19:42 - 00052354 _____ () C:\Users\Johanna\Desktop\FRST02.txt 2014-12-02 19:31 - 2014-12-14 11:07 - 00000000 ____D () C:\Users\Johanna\Desktop\FRST-OlderVersion 2014-12-02 19:30 - 2014-12-02 19:30 - 00000041 _____ () C:\Users\Johanna\Desktop\checkup.txt 2014-12-01 19:49 - 2014-12-01 19:49 - 02347384 _____ (ESET) C:\Users\Johanna\Desktop\esetsmartinstaller_deu.exe 2014-12-01 14:46 - 2014-12-01 14:47 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\PCDr 2014-12-01 14:45 - 2014-12-01 14:45 - 00000000 ____D () C:\ProgramData\PCDr 2014-11-30 11:37 - 2014-11-30 11:37 - 00000930 _____ () C:\Users\Johanna\Desktop\JRT.txt 2014-11-30 11:33 - 2014-11-29 11:17 - 01707646 _____ (Thisisu) C:\Users\Johanna\Desktop\JRT_NEW.exe 2014-11-28 18:46 - 2014-11-28 18:46 - 01707532 _____ (Thisisu) C:\Users\Johanna\Desktop\JRT.exe 2014-11-28 18:41 - 2014-11-28 18:41 - 00001036 _____ () C:\Users\Johanna\Desktop\AdwCleaner[S1].txt 2014-11-28 18:39 - 2014-11-28 18:39 - 02148864 _____ () C:\Users\Johanna\Desktop\AdwCleaner_4.102.exe 2014-11-28 18:38 - 2014-11-28 18:38 - 00029377 _____ () C:\Users\Johanna\Desktop\mbam.txt 2014-11-28 18:21 - 2014-11-28 18:21 - 00029377 _____ () C:\mbam.txt 2014-11-28 17:29 - 2014-11-28 18:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-28 17:29 - 2014-11-28 17:29 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-28 17:29 - 2014-11-28 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-11-28 17:29 - 2014-11-28 17:29 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-28 17:29 - 2014-11-28 17:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-28 17:29 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-28 17:29 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-28 17:29 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-28 17:28 - 2014-11-28 17:28 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Johanna\Desktop\mbam-setup-2.0.3.1025.exe 2014-11-28 17:00 - 2014-11-28 17:00 - 00001286 _____ () C:\Users\Johanna\Desktop\Revo Uninstaller.lnk 2014-11-28 17:00 - 2014-11-28 17:00 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-11-28 16:59 - 2014-11-28 16:59 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Johanna\Desktop\revosetup95.exe 2014-11-28 13:52 - 2014-11-28 13:52 - 00380416 _____ () C:\Users\Johanna\Desktop\Gmer-19357.exe 2014-11-28 13:50 - 2014-11-28 13:50 - 00030438 _____ () C:\Users\Johanna\Desktop\Addition.txt 2014-11-28 13:49 - 2014-12-14 11:12 - 00017497 _____ () C:\Users\Johanna\Desktop\FRST.txt 2014-11-28 13:48 - 2014-12-14 11:12 - 00000000 ____D () C:\FRST 2014-11-28 13:43 - 2014-11-28 13:43 - 00000476 _____ () C:\Users\Johanna\Desktop\defogger_disable.log 2014-11-28 13:43 - 2014-11-28 13:43 - 00000000 _____ () C:\Users\Johanna\defogger_reenable 2014-11-28 13:40 - 2014-11-28 13:40 - 00050477 _____ () C:\Users\Johanna\Desktop\Defogger.exe 2014-11-23 17:06 - 2014-11-28 18:46 - 00000000 ____D () C:\AdwCleaner 2014-11-23 17:06 - 2014-11-23 17:07 - 02138708 _____ () C:\Users\Johanna\Downloads\adwcleaner_4.101 (1).exe 2014-11-23 17:06 - 2014-11-23 17:06 - 02140160 _____ () C:\Users\Johanna\Downloads\adwcleaner_4.101 (2).exe 2014-11-23 17:03 - 2014-11-23 17:04 - 02140160 _____ () C:\Users\Johanna\Downloads\adwcleaner_4.101.exe 2014-11-23 16:05 - 2014-11-23 16:05 - 00000000 ____D () C:\Users\Johanna\AppData\Local\Macromedia 2014-11-19 11:15 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 11:15 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 11:15 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 11:15 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-19 11:09 - 2014-11-19 11:09 - 00000000 __SHD () C:\Users\Johanna\AppData\Local\EmieBrowserModeList 2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL 2014-11-16 12:56 - 2014-09-27 08:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll 2014-11-16 12:56 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll 2014-11-16 12:56 - 2014-09-27 04:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-16 12:56 - 2014-09-27 04:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2014-11-16 12:56 - 2014-09-27 04:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-16 12:55 - 2014-10-18 10:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-11-16 12:55 - 2014-10-18 09:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-11-16 12:55 - 2014-10-18 09:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-11-16 12:55 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-11-16 12:55 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll 2014-11-16 12:55 - 2014-10-18 07:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-11-16 12:55 - 2014-10-18 07:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-11-16 12:55 - 2014-10-18 07:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-11-16 12:55 - 2014-10-18 07:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2014-11-16 12:55 - 2014-10-18 07:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-11-16 12:55 - 2014-10-18 07:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-11-16 12:55 - 2014-10-18 07:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-11-16 12:55 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-11-16 12:55 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-11-16 12:55 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-11-16 12:55 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-11-16 12:55 - 2014-10-17 08:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-16 12:55 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-16 12:55 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-11-16 12:55 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-16 12:55 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-16 12:55 - 2014-10-10 02:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-16 12:55 - 2014-10-10 02:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2014-11-16 12:55 - 2014-10-10 02:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-11-16 12:55 - 2014-10-08 08:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-16 12:55 - 2014-10-08 08:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-16 12:55 - 2014-10-08 08:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2014-11-16 12:55 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2014-11-16 12:55 - 2014-10-08 08:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll 2014-11-16 12:55 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-11-16 12:55 - 2014-10-08 07:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2014-11-16 12:55 - 2014-10-08 07:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-16 12:55 - 2014-10-08 07:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-16 12:55 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-11-16 12:55 - 2014-10-08 07:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2014-11-16 12:55 - 2014-10-08 07:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-16 12:55 - 2014-10-08 06:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-11-16 12:55 - 2014-10-08 06:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-11-16 12:55 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-11-16 12:54 - 2014-09-22 05:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2014-11-16 12:54 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-11-16 12:54 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2014-11-16 12:54 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-11-16 12:54 - 2014-09-19 01:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2014-11-16 12:54 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll 2014-11-16 12:54 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll 2014-11-16 12:53 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-16 12:53 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-16 12:53 - 2014-10-31 05:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-16 12:53 - 2014-10-31 05:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-16 12:53 - 2014-10-31 04:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2014-11-16 12:53 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-16 12:53 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-16 12:53 - 2014-10-31 04:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-16 12:52 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-11-16 12:52 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-11-16 12:52 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-11-16 12:52 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-11-16 12:52 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-11-16 12:52 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-11-16 12:52 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-16 12:52 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-16 12:52 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-16 12:52 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-11-16 12:52 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll 2014-11-16 12:52 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-16 12:52 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-16 12:52 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-11-16 12:52 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-16 12:52 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-11-16 12:52 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-11-16 12:52 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-11-16 12:52 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-16 12:52 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-11-16 12:52 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-11-16 12:52 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-11-16 12:52 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-11-16 12:52 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-11-16 12:52 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-11-16 12:52 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-11-16 12:52 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-11-16 12:52 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-11-16 12:52 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-16 12:52 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-16 12:52 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-16 12:52 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-16 12:52 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-11-16 12:52 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll 2014-11-16 12:52 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-16 12:52 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-11-16 12:52 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-16 12:52 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-11-16 12:52 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-11-16 12:52 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-11-16 12:52 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-16 12:52 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-11-16 12:52 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-11-16 12:52 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2014-11-16 12:52 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-11-16 12:52 - 2014-10-23 06:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-16 12:52 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-16 12:52 - 2014-10-07 07:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-16 12:52 - 2014-10-07 07:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-16 12:52 - 2014-10-07 07:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-16 12:52 - 2014-10-07 07:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-11-16 12:52 - 2014-10-07 07:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-16 12:52 - 2014-10-07 04:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-16 12:52 - 2014-10-07 04:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-16 12:52 - 2014-10-07 04:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-16 12:52 - 2014-10-07 04:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-16 12:52 - 2014-10-07 02:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2014-11-16 12:52 - 2014-10-07 02:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-16 12:52 - 2014-09-10 07:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-11-16 12:52 - 2014-09-08 04:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-11-16 12:52 - 2014-09-08 04:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-11-16 12:52 - 2014-09-07 23:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml 2014-11-16 12:52 - 2014-09-04 23:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2014-11-16 12:52 - 2014-09-04 23:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2014-11-16 12:52 - 2014-09-04 04:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll 2014-11-16 12:52 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll 2014-11-16 12:52 - 2014-09-04 02:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2014-11-16 12:52 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2014-11-16 12:52 - 2014-08-31 01:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2014-11-16 12:52 - 2014-08-31 01:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-11-16 12:52 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-11-16 12:52 - 2014-08-30 23:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll 2014-11-16 12:52 - 2014-08-30 22:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll 2014-11-16 12:52 - 2014-08-30 22:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll 2014-11-16 12:52 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll 2014-11-16 12:52 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2014-11-16 12:52 - 2014-08-28 03:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-11-16 12:52 - 2014-08-28 01:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-11-16 12:52 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-11-16 12:52 - 2014-08-23 06:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-16 12:52 - 2014-08-23 06:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2014-11-16 12:52 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2014-11-16 12:52 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-16 12:52 - 2014-08-23 05:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll 2014-11-16 12:52 - 2014-08-02 01:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll 2014-11-16 12:52 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-14 11:12 - 2014-08-24 18:41 - 00000000 ___RD () C:\Users\Johanna\Dropbox 2014-12-14 11:12 - 2014-08-24 18:15 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\Dropbox 2014-12-14 11:11 - 2014-08-29 12:56 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-14 11:11 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-14 11:10 - 2014-08-06 03:00 - 00009728 _____ () C:\Windows\SysWOW64\Gms.log 2014-12-14 11:10 - 2014-08-06 02:11 - 00092634 _____ () C:\Windows\PFRO.log 2014-12-14 11:09 - 2014-09-09 13:13 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-12-14 11:09 - 2014-09-09 13:13 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-12-14 11:09 - 2014-09-09 13:13 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-12-14 11:09 - 2014-09-09 13:13 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-12-14 11:09 - 2014-09-09 13:13 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-12-14 11:09 - 2014-09-09 13:13 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-12-14 11:09 - 2014-09-09 13:13 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-12-14 11:09 - 2014-09-09 13:13 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-12-14 11:09 - 2014-09-09 13:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-12-14 11:09 - 2014-08-24 17:45 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1306114221-2738080776-3084928801-1001 2014-12-14 11:05 - 2014-08-06 03:06 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery 2014-12-14 11:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2014-12-14 11:02 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-12-14 11:00 - 2014-09-07 18:41 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-14 11:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-14 11:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppCompat 2014-12-14 10:57 - 2014-08-06 03:04 - 00000000 ____D () C:\Program Files (x86)\McAfee 2014-12-14 10:57 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-12-13 10:44 - 2014-08-06 02:15 - 01464421 _____ () C:\Windows\WindowsUpdate.log 2014-12-13 10:40 - 2014-08-24 17:43 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{48ECAB51-DE82-47B0-B45B-C8D6F76C3A2F} 2014-12-13 10:31 - 2014-08-24 18:13 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\Skype 2014-12-13 04:46 - 2014-08-29 12:56 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-12-13 04:31 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-12-13 04:24 - 2014-10-03 14:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-13 04:20 - 2014-11-03 19:18 - 00022847 _____ () C:\Windows\system32\lvcoinst.log 2014-12-11 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2014-12-11 20:58 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-12-11 20:57 - 2014-09-07 18:29 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-11 20:57 - 2014-08-24 18:44 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-11 20:57 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS 2014-12-11 20:57 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS 2014-12-11 20:55 - 2014-09-07 18:29 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-10 12:24 - 2014-10-03 14:44 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-10 12:19 - 2014-08-24 17:39 - 00000000 ____D () C:\Users\Johanna 2014-12-07 16:10 - 2014-08-24 18:05 - 00003836 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1408899904 2014-12-07 16:10 - 2014-08-24 18:05 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-12-07 12:46 - 2014-08-31 18:25 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-12-07 11:42 - 2014-08-29 12:56 - 00004112 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-12-07 11:42 - 2014-08-29 12:56 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-12-07 11:42 - 2014-08-29 12:56 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-07 11:30 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-12-01 19:52 - 2014-08-06 02:25 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-01 19:52 - 2013-09-03 14:39 - 00763218 _____ () C:\Windows\system32\perfh007.dat 2014-12-01 19:52 - 2013-09-03 14:39 - 00159364 _____ () C:\Windows\system32\perfc007.dat 2014-12-01 19:51 - 2013-08-22 15:46 - 00016215 _____ () C:\Windows\setupact.log 2014-11-30 16:29 - 2014-09-13 11:55 - 00000000 ____D () C:\Users\Johanna\AppData\Local\CrashDumps 2014-11-26 22:10 - 2014-09-09 12:42 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-26 22:10 - 2014-09-09 12:42 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-23 19:11 - 2014-08-06 03:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2014-11-23 17:10 - 2014-08-24 17:51 - 00001118 _____ () C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-11-23 17:10 - 2014-08-24 17:51 - 00001088 _____ () C:\Users\Johanna\Desktop\Search.lnk 2014-11-23 16:52 - 2013-08-22 14:25 - 00000226 _____ () C:\Windows\win.ini 2014-11-20 16:10 - 2014-08-24 18:05 - 00001059 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-11-19 11:02 - 2013-08-22 15:44 - 00387328 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-16 18:08 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData 2014-11-16 18:08 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-11-16 18:08 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-16 18:08 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-16 18:08 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-11-16 18:08 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-11-16 12:43 - 2014-08-24 18:41 - 00001037 _____ () C:\Users\Johanna\Desktop\Dropbox.lnk 2014-11-16 12:43 - 2014-08-24 18:16 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox Some content of TEMP: ==================== C:\Users\Johanna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwdru6r.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-07 11:06 ==================== End Of Log ============================ Addition Log: FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-12-2014 Ran by Johanna at 2014-12-14 11:13:44 Running from C:\Users\Johanna\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5000 - CDBurnerXP) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP) Dell Product Registration (HKLM-x32\...\{17FFE63C-6734-4950-B488-134B5A2505F7}) (Version: 2.04.0280 - Aviata Inc.) Dell Update (HKLM-x32\...\{66F942CD-BCA2-4D4C-84B8-8B6B09F9CE5D}) (Version: 1.2.1004.0 - Dell Inc.) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.50.56 - Electronic Arts) Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts) Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts) Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts) Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts) Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts) Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts) Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts) Dropbox (HKU\S-1-5-21-1306114221-2738080776-3084928801-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.) DSC/AA Factory Installer (Version: 3.5.6426.22 - PC-Doctor, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Update Helper (x32 Version: 1.3.23.0 - PriceMeter) Hidden <==== ATTENTION Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation) Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) Mozilla Thunderbird 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.0 (x86 en-US)) (Version: 31.0 - Mozilla) My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.) My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell) My Dell Client Framework (x32 Version: 1.0.0.3 - Dell) Hidden Opera Stable 26.0.1656.24 (HKLM-x32\...\Opera 26.0.1656.24) (Version: 26.0.1656.24 - Opera Software ASA) Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.) paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.232 - Qualcomm Atheros Communications) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Skype™ 6.18 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.18.106 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-1306114221-2738080776-3084928801-1001\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1306114221-2738080776-3084928801-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1306114221-2738080776-3084928801-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1306114221-2738080776-3084928801-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1306114221-2738080776-3084928801-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1306114221-2738080776-3084928801-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1306114221-2738080776-3084928801-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1306114221-2738080776-3084928801-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1306114221-2738080776-3084928801-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1306114221-2738080776-3084928801-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 27-11-2014 17:40:13 Windows Update 05-12-2014 13:36:32 Scheduled Checkpoint 11-12-2014 19:53:44 Windows Update 14-12-2014 10:08:35 avast! antivirus system restore point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0BD03B63-AE51-4204-B893-279DFAFDAA94} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {40DDD976-6DD4-4B69-8D04-A6DAA864F541} - System32\Tasks\Opera scheduled Autoupdate 1408899904 => C:\Program Files (x86)\Opera\launcher.exe [2014-11-20] (Opera Software) Task: {4141D152-ACCC-42BB-80D9-1CD705D7A14B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-14] (AVAST Software) Task: {6245BE63-5C66-4CB1-AEFE-764A7C7326E3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-11] (Microsoft Corporation) Task: {74BC64DE-57A3-406D-9B4D-202A5B20E6D7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated) Task: {7EA815A2-6BF3-47D9-A729-A94363F38976} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {93C6AC38-50EA-43BD-941E-03713910E59C} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink) Task: {941C35F2-8B57-44BF-8B4F-6F74822A7C93} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {AD5EA72D-F1D7-44B7-B7BA-57C068B152F7} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc) Task: {C8A79AF3-60E3-45EF-A265-93974C31BB94} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.) Task: {D2A4E0BB-6725-43CC-80DF-F440D3222EFD} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.) Task: {D916DF9D-4CFA-48C0-81EE-DA9E7FA569C4} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc) Task: {E10E826E-C912-442F-8A63-08D906E9A095} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-29] (Google Inc.) Task: {F9701AAC-0812-46C0-922D-66935CFBCB5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-29] (Google Inc.) Task: {F9B45DFC-1CCB-4132-A9F0-D57820F5D3E5} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-10] (PC-Doctor, Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-08-06 02:15 - 2014-01-08 01:48 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-08-06 03:08 - 2014-03-12 20:22 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll 2014-08-06 03:08 - 2014-03-12 20:22 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll 2014-01-10 22:53 - 2014-01-10 22:53 - 00016384 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Interfaces.dll 2014-01-10 22:53 - 2014-01-10 22:53 - 00081408 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Objects.dll 2014-01-10 22:53 - 2014-01-10 22:53 - 00815616 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Resources.dll 2014-01-10 23:24 - 2014-01-10 23:24 - 00052736 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Plugins.SelfUpdate.dll 2014-01-10 23:24 - 2014-01-10 23:24 - 00019968 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Common.dll 2013-07-31 05:59 - 2013-07-31 05:59 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-07-31 05:55 - 2013-07-31 05:55 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll 2013-07-31 06:04 - 2013-07-31 06:04 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe 2014-12-14 10:59 - 2014-12-14 10:59 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121400\algo.dll 2014-12-14 11:11 - 2014-12-14 11:11 - 00043008 _____ () c:\users\johanna\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwdru6r.dll 2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Johanna\AppData\Roaming\Dropbox\bin\libcef.dll 2014-12-14 11:09 - 2014-12-14 11:09 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-08-06 02:59 - 2013-03-05 04:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-03-05 19:41 - 2013-03-05 19:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-04-10 22:30 - 2014-04-10 22:30 - 00134664 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1306114221-2738080776-3084928801-500 - Administrator - Disabled) Guest (S-1-5-21-1306114221-2738080776-3084928801-501 - Limited - Disabled) Johanna (S-1-5-21-1306114221-2738080776-3084928801-1001 - Administrator - Enabled) => C:\Users\Johanna ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/14/2014 11:12:07 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. Error: (12/14/2014 11:11:37 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (12/14/2014 11:09:27 AM) (Source: iumsvc) (EventID: 255) (User: ) Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] No connection could be made because the target machine actively refused it.',),)) Error: (12/14/2014 11:09:26 AM) (Source: iumsvc) (EventID: 255) (User: ) Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] No connection could be made because the target machine actively refused it.',),)) Error: (12/14/2014 11:09:24 AM) (Source: iumsvc) (EventID: 255) (User: ) Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] No connection could be made because the target machine actively refused it.',),)) Error: (12/14/2014 11:09:23 AM) (Source: iumsvc) (EventID: 255) (User: ) Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] No connection could be made because the target machine actively refused it.',),)) Error: (12/14/2014 11:09:22 AM) (Source: iumsvc) (EventID: 255) (User: ) Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] No connection could be made because the target machine actively refused it.',),)) Error: (12/14/2014 11:09:21 AM) (Source: iumsvc) (EventID: 255) (User: ) Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] No connection could be made because the target machine actively refused it.',),)) Error: (12/14/2014 11:04:22 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. Error: (12/13/2014 10:47:00 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. System errors: ============= Error: (12/14/2014 11:10:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (12/14/2014 11:03:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "My Dell Client Framework" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (12/14/2014 11:03:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst My Dell Client Framework erreicht. Error: (12/14/2014 11:02:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Dell Digital Delivery Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%109 Error: (12/14/2014 10:58:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "McAfee Personal Firewall Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (12/14/2014 10:58:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Personal Firewall Service erreicht. Error: (12/14/2014 10:58:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "My Dell Client Framework" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (12/14/2014 10:57:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst My Dell Client Framework erreicht. Error: (12/14/2014 10:57:12 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 13.12.2014 um 10:49:10 unerwartet heruntergefahren. Error: (12/13/2014 04:31:25 AM) (Source: DCOM) (EventID: 10010) (User: JohannasPC) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz Percentage of memory in use: 23% Total physical RAM: 8143.21 MB Available physical RAM: 6241.57 MB Total Pagefile: 10575.21 MB Available Pagefile: 8598.69 MB Total Virtual: 131072 MB Available Virtual: 131071.85 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:915.38 GB) (Free:838.31 GB) NTFS Drive j: (Dell Portable Hard Drive) (Fixed) (Total:931.51 GB) (Free:924.23 GB) NTFS Drive k: (JOHANNA) (Removable) (Total:3.82 GB) (Free:3.4 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 7E166D55) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 3.8 GB) (Disk ID: A15B2514) Partition 1: (Not Active) - (Size=3.8 GB) - (Type=0B) ==================== End Of Log ============================ Grüße, Johanna15 |
14.12.2014, 18:16 | #10 |
/// the machine /// TB-Ausbilder | Windows 8: Mc Afee entdeckt verschiedene Viren und Trojaner, unter anderem PUP.FNK und PUP.FKS Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:49735;https=127.0.0.1:49735 Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
11.01.2015, 12:10 | #11 |
| Windows 8: Mc Afee entdeckt verschiedene Viren und Trojaner, unter anderem PUP.FNK und PUP.FKS Fixlog.txt: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-01-2015 Ran by Johanna at 2015-01-11 12:01:34 Run:2 Running from C:\Users\Johanna\Desktop Loaded Profile: Johanna (Available profiles: Johanna) Boot Mode: Normal ============================================== Content of fixlist: ***************** ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:49735;https=127.0.0.1:49735 ***************** HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. ==== End of Fixlog 12:01:34 ==== FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-01-2015 Ran by Johanna at 2015-01-11 12:02:48 Running from C:\Users\Johanna\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated) Adobe Flash Player 16 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5000 - CDBurnerXP) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP) Dell Product Registration (HKLM-x32\...\{17FFE63C-6734-4950-B488-134B5A2505F7}) (Version: 2.04.0280 - Aviata Inc.) Dell Update (HKLM-x32\...\{66F942CD-BCA2-4D4C-84B8-8B6B09F9CE5D}) (Version: 1.2.1004.0 - Dell Inc.) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.54.95 - Electronic Arts) Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts) Die Sims™ 3 Inselparadies (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts) Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts) Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts) Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts) Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts) Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts) Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts) Dropbox (HKU\S-1-5-21-1306114221-2738080776-3084928801-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.) DSC/AA Factory Installer (Version: 3.5.6426.22 - PC-Doctor, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Update Helper (x32 Version: 1.3.23.0 - PriceMeter) Hidden <==== ATTENTION Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation) Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) Mozilla Thunderbird 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.0 (x86 en-US)) (Version: 31.0 - Mozilla) My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.) My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell) My Dell Client Framework (x32 Version: 1.0.0.3 - Dell) Hidden Opera Stable 26.0.1656.60 (HKLM-x32\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA) Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.) paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.232 - Qualcomm Atheros Communications) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Skype™ 6.18 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.18.106 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-1306114221-2738080776-3084928801-1001\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1306114221-2738080776-3084928801-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1306114221-2738080776-3084928801-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1306114221-2738080776-3084928801-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1306114221-2738080776-3084928801-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1306114221-2738080776-3084928801-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1306114221-2738080776-3084928801-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1306114221-2738080776-3084928801-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1306114221-2738080776-3084928801-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1306114221-2738080776-3084928801-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 25-12-2014 12:38:50 Installiert The Sims 3 02-01-2015 19:33:48 Scheduled Checkpoint 10-01-2015 12:40:53 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0BD03B63-AE51-4204-B893-279DFAFDAA94} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {4141D152-ACCC-42BB-80D9-1CD705D7A14B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-14] (AVAST Software) Task: {74BC64DE-57A3-406D-9B4D-202A5B20E6D7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-15] (Adobe Systems Incorporated) Task: {7EA815A2-6BF3-47D9-A729-A94363F38976} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {93C6AC38-50EA-43BD-941E-03713910E59C} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink) Task: {941C35F2-8B57-44BF-8B4F-6F74822A7C93} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {AD5EA72D-F1D7-44B7-B7BA-57C068B152F7} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc) Task: {C8A79AF3-60E3-45EF-A265-93974C31BB94} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.) Task: {D2A4E0BB-6725-43CC-80DF-F440D3222EFD} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.) Task: {D916DF9D-4CFA-48C0-81EE-DA9E7FA569C4} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc) Task: {E10E826E-C912-442F-8A63-08D906E9A095} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-29] (Google Inc.) Task: {EF9886E6-6233-44AE-BB1D-725605C9BECF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-11] (Microsoft Corporation) Task: {F381E1DB-137B-430C-A9FA-EEBB7C5DB6DE} - System32\Tasks\Opera scheduled Autoupdate 1408899904 => C:\Program Files (x86)\Opera\launcher.exe [2014-12-16] (Opera Software) Task: {F9701AAC-0812-46C0-922D-66935CFBCB5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-29] (Google Inc.) Task: {F9B45DFC-1CCB-4132-A9F0-D57820F5D3E5} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-10] (PC-Doctor, Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-08-06 02:15 - 2014-01-08 01:48 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-08-06 03:08 - 2014-03-12 20:22 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll 2014-08-06 03:08 - 2014-03-12 20:22 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll 2014-01-10 22:53 - 2014-01-10 22:53 - 00016384 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Interfaces.dll 2014-01-10 22:53 - 2014-01-10 22:53 - 00081408 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Objects.dll 2014-01-10 22:53 - 2014-01-10 22:53 - 00815616 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Resources.dll 2014-01-10 23:24 - 2014-01-10 23:24 - 00052736 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Plugins.SelfUpdate.dll 2014-01-10 23:24 - 2014-01-10 23:24 - 00019968 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Common.dll 2014-12-14 11:09 - 2014-12-14 11:09 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll 2014-12-14 11:09 - 2014-12-14 11:09 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll 2013-07-31 05:59 - 2013-07-31 05:59 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-07-31 05:55 - 2013-07-31 05:55 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll 2013-07-31 06:04 - 2013-07-31 06:04 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe 2014-12-22 13:41 - 2014-12-16 16:34 - 00535160 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\opera_crashreporter.exe 2014-08-06 03:08 - 2014-04-30 18:35 - 00486880 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe 2014-08-06 03:08 - 2014-04-07 05:12 - 03927056 _____ () C:\Program Files (x86)\Dell Backup and Recovery\QTtool Lite.exe 2014-11-23 12:07 - 2014-11-23 12:07 - 00081920 _____ () C:\Program Files\WindowsApps\McAfeeInc.01.McAfeeSecurityAdvisorforDell_4.0.140.1_x64__n49tcsmxt2t2c\McCloudShim.dll 2014-10-31 13:28 - 2014-10-31 13:28 - 00229504 _____ () C:\Program Files\WindowsApps\McAfeeInc.01.McAfeeSecurityAdvisorforDell_4.0.140.1_x64__n49tcsmxt2t2c\McIHART.dll 2015-01-10 13:16 - 2015-01-10 13:16 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011000\algo.dll 2014-12-14 11:09 - 2014-12-14 11:09 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll 2015-01-11 11:28 - 2015-01-11 11:28 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011100\algo.dll 2014-12-14 11:09 - 2014-12-14 11:09 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Johanna\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-01-11 11:29 - 2015-01-11 11:29 - 00043008 _____ () c:\users\johanna\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpn1ut6b.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Johanna\AppData\Roaming\Dropbox\bin\libEGL.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Johanna\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Johanna\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2014-08-06 02:59 - 2013-03-05 04:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-03-05 19:41 - 2013-03-05 19:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-04-10 22:30 - 2014-04-10 22:30 - 00134664 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll 2014-12-22 13:41 - 2014-12-16 16:34 - 00156792 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\message_center_win8.dll 2014-12-22 13:41 - 2014-12-16 16:34 - 01358456 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\libglesv2.dll 2014-12-22 13:41 - 2014-12-16 16:34 - 00219256 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\libegl.dll 2014-12-22 13:41 - 2014-12-16 16:34 - 09312888 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\pdf.dll 2014-12-22 13:41 - 2014-12-16 16:34 - 00991352 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\ffmpegsumo.dll 2014-02-20 02:51 - 2014-02-20 02:51 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2014-08-06 03:08 - 2013-12-18 01:47 - 01904928 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll 2014-08-06 03:08 - 2012-11-26 07:20 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll 2014-08-06 03:08 - 2012-11-26 07:20 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1306114221-2738080776-3084928801-500 - Administrator - Disabled) Guest (S-1-5-21-1306114221-2738080776-3084928801-501 - Limited - Disabled) Johanna (S-1-5-21-1306114221-2738080776-3084928801-1001 - Administrator - Enabled) => C:\Users\Johanna ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/11/2015 11:59:46 AM) (Source: Dbr.exe) (EventID: 0) (User: ) Description: mscorlib encountered an unhandled exception. Stack: Die COM-Klassenfactory für die Komponente mit CLSID {56FDF344-FD6D-11D0-958A-006097C9A090} konnte aufgrund des folgenden Fehlers nicht abgerufen werden: 80040154 Klasse nicht registriert (Ausnahme von HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)). Source: bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark) bei System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark) bei System.Activator.CreateInstance(Type type, Boolean nonPublic) bei System.Activator.CreateInstance(Type type) bei System.Windows.Window.ApplyTaskbarItemInfo() bei System.Windows.Window.WindowFilterMessage(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) bei System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) bei MS.Win32.HwndWrapper.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object o) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler) Error: (01/11/2015 11:59:03 AM) (Source: Dbr.exe) (EventID: 0) (User: ) Description: mscorlib encountered an unhandled exception. Stack: Die COM-Klassenfactory für die Komponente mit CLSID {56FDF344-FD6D-11D0-958A-006097C9A090} konnte aufgrund des folgenden Fehlers nicht abgerufen werden: 80040154 Klasse nicht registriert (Ausnahme von HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)). Source: bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark) bei System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark) bei System.Activator.CreateInstance(Type type, Boolean nonPublic) bei System.Activator.CreateInstance(Type type) bei System.Windows.Window.ApplyTaskbarItemInfo() bei System.Windows.Window.WindowFilterMessage(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) bei System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) bei MS.Win32.HwndWrapper.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object o) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler) Error: (01/11/2015 11:51:59 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: DBRFactorySetup.exe, Version: 1.0.1.55, Zeitstempel: 0x53a99857 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb460 Ausnahmecode: 0xe0434352 Fehleroffset: 0x00012f71 ID des fehlerhaften Prozesses: 0x144c Startzeit der fehlerhaften Anwendung: 0xDBRFactorySetup.exe0 Pfad der fehlerhaften Anwendung: DBRFactorySetup.exe1 Pfad des fehlerhaften Moduls: DBRFactorySetup.exe2 Berichtskennung: DBRFactorySetup.exe3 Vollständiger Name des fehlerhaften Pakets: DBRFactorySetup.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DBRFactorySetup.exe5 Error: (01/11/2015 11:51:58 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: DBRFactorySetup.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Runtime.InteropServices.COMException Stack: at System.RuntimeTypeHandle.CreateInstance(System.RuntimeType, Boolean, Boolean, Boolean ByRef, System.RuntimeMethodHandleInternal ByRef, Boolean ByRef) at System.RuntimeType.CreateInstanceSlow(Boolean, Boolean, Boolean, System.Threading.StackCrawlMark ByRef) at System.RuntimeType.CreateInstanceDefaultCtor(Boolean, Boolean, Boolean, System.Threading.StackCrawlMark ByRef) at System.Activator.CreateInstance(System.Type, Boolean) at System.Activator.CreateInstance(System.Type) at System.Windows.Window.ApplyTaskbarItemInfo() at System.Windows.Window.WindowFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame) at System.Windows.Threading.Dispatcher.Run() at System.Windows.Application.RunDispatcher(System.Object) at System.Windows.Application.RunInternal(System.Windows.Window) at System.Windows.Application.Run(System.Windows.Window) at DsFactorySetup.App.Main() Error: (01/11/2015 11:47:00 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. Error: (01/11/2015 11:41:15 AM) (Source: iumsvc) (EventID: 255) (User: ) Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] No connection could be made because the target machine actively refused it.',),)) Error: (01/11/2015 11:41:14 AM) (Source: iumsvc) (EventID: 255) (User: ) Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] No connection could be made because the target machine actively refused it.',),)) Error: (01/11/2015 11:41:13 AM) (Source: iumsvc) (EventID: 255) (User: ) Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] No connection could be made because the target machine actively refused it.',),)) Error: (01/11/2015 11:41:12 AM) (Source: iumsvc) (EventID: 255) (User: ) Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] No connection could be made because the target machine actively refused it.',),)) Error: (01/11/2015 11:41:11 AM) (Source: iumsvc) (EventID: 255) (User: ) Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] No connection could be made because the target machine actively refused it.',),)) System errors: ============= Error: (01/11/2015 11:59:17 AM) (Source: Virtual Disk Service) (EventID: 9) (User: ) Description: Unerwarteter Anbieterfehler. Möglicherweise kann das Problem durch erneutes Starten des Dienstes behoben werden. Fehlercode: 8007001F@02000014 Error: (01/11/2015 11:59:17 AM) (Source: Virtual Disk Service) (EventID: 9) (User: ) Description: Unerwarteter Anbieterfehler. Möglicherweise kann das Problem durch erneutes Starten des Dienstes behoben werden. Fehlercode: 8007001F@02000014 Error: (01/11/2015 11:59:17 AM) (Source: Virtual Disk Service) (EventID: 9) (User: ) Description: Unerwarteter Anbieterfehler. Möglicherweise kann das Problem durch erneutes Starten des Dienstes behoben werden. Fehlercode: 8007001F@02000014 Error: (01/11/2015 11:59:17 AM) (Source: Virtual Disk Service) (EventID: 9) (User: ) Description: Unerwarteter Anbieterfehler. Möglicherweise kann das Problem durch erneutes Starten des Dienstes behoben werden. Fehlercode: 8007001F@02000014 Error: (01/11/2015 11:26:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (01/11/2015 11:22:22 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY) Description: In der Dateisystemstruktur auf Volume "OS" wurde eine Beschädigung erkannt. The exact nature of the corruption is unknown. The file system structures need to be scanned online. Error: (01/11/2015 11:22:22 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY) Description: In der Dateisystemstruktur auf Volume "OS" wurde eine Beschädigung erkannt. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x100000000d0db. The name of the file is "<unable to determine file name>". Error: (01/11/2015 11:22:22 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY) Description: In der Dateisystemstruktur auf Volume "OS" wurde eine Beschädigung erkannt. The exact nature of the corruption is unknown. The file system structures need to be scanned online. Error: (01/11/2015 11:22:22 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY) Description: In der Dateisystemstruktur auf Volume "OS" wurde eine Beschädigung erkannt. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x200000003ff11. The name of the file is "<unable to determine file name>". Error: (01/11/2015 11:22:22 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY) Description: In der Dateisystemstruktur auf Volume "OS" wurde eine Beschädigung erkannt. The exact nature of the corruption is unknown. The file system structures need to be scanned online. Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz Percentage of memory in use: 32% Total physical RAM: 8143.21 MB Available physical RAM: 5518.68 MB Total Pagefile: 10191.21 MB Available Pagefile: 7260.44 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:915.38 GB) (Free:833.72 GB) NTFS Drive d: (Sims3EP10) (CDROM) (Total:4.37 GB) (Free:0 GB) UDF Drive i: (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32 Drive j: (Dell Portable Hard Drive) (Fixed) (Total:931.51 GB) (Free:924.23 GB) NTFS Drive x: (WINRETOOLS) (Fixed) (Total:2 GB) (Free:1.53 GB) NTFS Drive y: (PBR Image) (Fixed) (Total:13.48 GB) (Free:0.67 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: D2F52B02) Partition: GPT Partition Type. ======================================================== Disk: 5 (Size: 931.5 GB) (Disk ID: 7E166D55) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2015 Ran by Johanna (administrator) on JOHANNASPC on 11-01-2015 12:02:15 Running from C:\Users\Johanna\Desktop Loaded Profile: Johanna (Available profiles: Johanna) Platform: Windows 8.1 (X64) OS Language: Englisch (Vereinigte Staaten) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe (Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Spotify Ltd) C:\Users\Johanna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Dropbox, Inc.) C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe () C:\Program Files (x86)\Opera\26.0.1656.60\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (McAfee, Inc.) C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\Core\mchost.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe () C:\Program Files (x86)\Dell Backup and Recovery\QTtool Lite.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-14] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-12-14] (AVAST Software) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-07-31] ( (Atheros Communications)) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-1306114221-2738080776-3084928801-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21645408 2014-07-24] (Skype Technologies S.A.) HKU\S-1-5-21-1306114221-2738080776-3084928801-1001\...\Run: [Spotify Web Helper] => C:\Users\Johanna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-08-24] (Spotify Ltd) HKU\S-1-5-21-1306114221-2738080776-3084928801-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent HKU\S-1-5-21-1306114221-2738080776-3084928801-1001\...\MountPoints2: {9a167b0d-1d06-11e4-824c-806e6f6e6963} - "D:\Autorun.exe" Startup: C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:49735;https=127.0.0.1:49735 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-1306114221-2738080776-3084928801-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default FF DefaultSearchEngine: Yahoo! Search FF SelectedSearchEngine: Yahoo! Search FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll () FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Johanna\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation) FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-08-06] FF Extension: No Name - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\faststartff@gmail.com [Not Found] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com [Not Found] FF Extension: No Name - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{2b929fe1-284b-4766-afb9-19b0915b99b0}.xpi [Not Found] FF Extension: No Name - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{e6ca9971-30ed-444a-9489-82fca50b2062}.xpi [Not Found] FF Extension: No Name - C:\Program Files (x86)\ver9BlockAndSurf\178.xpi [Not Found] FF Extension: No Name - C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\vyn29is2.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c} [Not Found] Chrome: ======= CHR Profile: C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-29] CHR Extension: (Google Drive) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-29] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09] CHR Extension: (YouTube) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-29] CHR Extension: (Google-Suche) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-29] CHR Extension: (BlockAndSurf) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jakgohcoccmgmhiagfgkhmnnmnolalal [2014-08-31] CHR Extension: (Google Wallet) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-29] CHR Extension: (focusbase) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\oedbdopeomhfdadjfjalggcfjnfkilbn [2014-10-28] CHR Extension: (Google Mail) - C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-29] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-31] (Windows (R) Win 7 DDK provider) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-14] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-14] (Avast Software) S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.) R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [152272 2014-09-18] (Dell Inc.) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-02-20] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-20] (Intel Corporation) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.) S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed] R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-14] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-14] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-14] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-14] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-14] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-14] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-14] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-14] () R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-08-08] (Qualcomm Atheros Communications, Inc.) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-07-31] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-08-06] (Microsoft Corporation) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [116736 2014-02-20] (Intel Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.) R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.) S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-14] (Avast Software) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-11 11:48 - 2015-01-11 11:48 - 00000247 _____ () C:\Windows\system32\2015-01-11-10-48-29.095-aswFe.exe-6484.log 2015-01-11 11:44 - 2015-01-11 11:48 - 00000247 _____ () C:\Windows\system32\2015-01-11-10-44-16.006-aswFe.exe-6884.log 2015-01-11 11:44 - 2015-01-11 11:44 - 00000197 _____ () C:\Windows\system32\2015-01-11-10-44-14.006-AvastVBoxSVC.exe-1372.log 2015-01-11 11:33 - 2015-01-11 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2015-01-11 11:29 - 2015-01-11 11:29 - 00000000 ___RD () C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-12-25 12:45 - 2014-12-25 12:45 - 00002266 _____ () C:\Users\Public\Desktop\Die Sims™ 3 Inselparadies.lnk 2014-12-22 15:10 - 2014-12-22 15:11 - 00000197 _____ () C:\Windows\system32\2014-12-22-14-10-36.025-AvastVBoxSVC.exe-3704.log 2014-12-15 17:17 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2014-12-15 17:17 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2014-12-14 11:23 - 2014-12-14 11:23 - 00000247 _____ () C:\Windows\system32\2014-12-14-10-23-03.097-aswFe.exe-6176.log 2014-12-14 11:18 - 2014-12-14 11:22 - 00000247 _____ () C:\Windows\system32\2014-12-14-10-18-09.021-aswFe.exe-6812.log 2014-12-14 11:18 - 2014-12-14 11:18 - 00000197 _____ () C:\Windows\system32\2014-12-14-10-18-07.063-AvastVBoxSVC.exe-5224.log 2014-12-14 11:14 - 2014-12-14 11:14 - 00000000 ____D () C:\Windows\SysWOW64\vbox 2014-12-14 11:14 - 2014-12-14 11:14 - 00000000 ____D () C:\Windows\system32\vbox 2014-12-14 11:10 - 2014-12-14 11:10 - 00001982 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2014-12-14 11:09 - 2014-12-14 11:09 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-12-14 11:09 - 2014-12-14 11:09 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-12-14 11:08 - 2015-01-11 11:35 - 02124288 _____ (Farbar) C:\Users\Johanna\Desktop\FRST64.exe 2014-12-14 11:00 - 2014-12-14 11:00 - 00000000 ____D () C:\Windows\system32\appraiser ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-11 12:02 - 2014-11-28 13:49 - 00019588 _____ () C:\Users\Johanna\Desktop\FRST.txt 2015-01-11 12:02 - 2014-11-28 13:48 - 00000000 ____D () C:\FRST 2015-01-11 12:02 - 2014-09-09 13:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2015-01-11 12:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2015-01-11 11:59 - 2014-08-24 17:46 - 00000000 ____D () C:\ProgramData\softthinks 2015-01-11 11:59 - 2014-08-06 03:06 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery 2015-01-11 11:59 - 2014-08-06 02:15 - 01847005 _____ () C:\Windows\WindowsUpdate.log 2015-01-11 11:57 - 2014-09-13 11:55 - 00000000 ____D () C:\Users\Johanna\AppData\Local\CrashDumps 2015-01-11 11:56 - 2014-08-24 17:45 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1306114221-2738080776-3084928801-1001 2015-01-11 11:47 - 2014-08-29 12:56 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-11 11:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-01-11 11:35 - 2014-12-02 19:31 - 00000000 ____D () C:\Users\Johanna\Desktop\FRST-OlderVersion 2015-01-11 11:35 - 2014-08-24 17:43 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{48ECAB51-DE82-47B0-B45B-C8D6F76C3A2F} 2015-01-11 11:31 - 2014-08-06 03:00 - 00006464 _____ () C:\Windows\SysWOW64\Gms.log 2015-01-11 11:29 - 2014-08-24 18:41 - 00000000 ___RD () C:\Users\Johanna\Dropbox 2015-01-11 11:29 - 2014-08-24 18:15 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\Dropbox 2015-01-11 11:28 - 2014-08-06 03:04 - 00000000 ____D () C:\Program Files (x86)\McAfee 2015-01-11 11:28 - 2014-08-06 02:11 - 00099774 _____ () C:\Windows\PFRO.log 2015-01-11 11:28 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-11 11:27 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-01-11 11:24 - 2014-10-03 14:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-11 11:24 - 2014-08-24 18:13 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\Skype 2015-01-10 12:18 - 2014-11-03 19:18 - 00036639 _____ () C:\Windows\system32\lvcoinst.log 2015-01-10 11:03 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-12-25 12:45 - 2014-10-28 12:22 - 00000997 _____ () C:\Users\Public\Desktop\Origin.lnk 2014-12-25 12:45 - 2014-10-28 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2014-12-25 12:45 - 2014-10-28 12:21 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-12-25 12:42 - 2014-10-28 10:43 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts 2014-12-25 12:42 - 2014-08-06 02:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-12-22 15:15 - 2014-08-24 18:05 - 00003852 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1408899904 2014-12-22 15:15 - 2014-08-24 18:05 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-12-22 13:41 - 2014-08-24 18:05 - 00001153 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-12-18 13:57 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-12-18 13:44 - 2014-08-24 18:41 - 00001037 _____ () C:\Users\Johanna\Desktop\Dropbox.lnk 2014-12-18 13:44 - 2014-08-24 18:16 - 00000000 ____D () C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-12-16 05:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2014-12-15 16:22 - 2014-10-03 14:44 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-15 16:22 - 2014-08-29 13:56 - 00000000 ____D () C:\Users\Johanna\AppData\Local\Adobe 2014-12-14 11:14 - 2014-11-28 13:50 - 00025269 _____ () C:\Users\Johanna\Desktop\Addition.txt 2014-12-14 11:09 - 2014-09-09 13:13 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-12-14 11:09 - 2014-09-09 13:13 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-12-14 11:09 - 2014-09-09 13:13 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-12-14 11:09 - 2014-09-09 13:13 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-12-14 11:09 - 2014-09-09 13:13 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-12-14 11:09 - 2014-09-09 13:13 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-12-14 11:09 - 2014-09-09 13:13 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-12-14 11:09 - 2014-09-09 13:13 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-12-14 11:00 - 2014-09-07 18:41 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-14 11:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-14 11:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppCompat 2014-12-13 04:46 - 2014-08-29 12:56 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk Some content of TEMP: ==================== C:\Users\Johanna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpn1ut6b.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-05 04:05 ==================== End Of Log ============================ --- --- --- |
11.01.2015, 13:59 | #12 |
/// the machine /// TB-Ausbilder | Windows 8: Mc Afee entdeckt verschiedene Viren und Trojaner, unter anderem PUP.FNK und PUP.FKS Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:49735;https=127.0.0.1:49735 Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
11.01.2015, 22:12 | #13 |
| Windows 8: Mc Afee entdeckt verschiedene Viren und Trojaner, unter anderem PUP.FNK und PUP.FKS Hier das Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-01-2015 Ran by Johanna at 2015-01-11 22:10:55 Run:3 Running from C:\Users\Johanna\Desktop Loaded Profile: Johanna (Available profiles: Johanna) Boot Mode: Normal ============================================== Content of fixlist: ***************** ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:49735;https=127.0.0.1:49735 ***************** HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. ==== End of Fixlog 22:10:55 ==== |
12.01.2015, 08:55 | #14 |
/// the machine /// TB-Ausbilder | Windows 8: Mc Afee entdeckt verschiedene Viren und Trojaner, unter anderem PUP.FNK und PUP.FKS fertig
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |