Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   CPU zu hoch (https://www.trojaner-board.de/161564-cpu-hoch.html)

schojathan 06.12.2014 13:50
CPU zu hoch
 
Liste der Anhänge anzeigen (Anzahl: 2)
Hallo Community...

Also mein Problem ist bei meinem Laptop(Hp probook 470g1 mit windows 7) ist die CPU ist immer zu hoch, sogar im Leerlauf läuft sie auf 70-100%.
Viren Programme finden nichts.
Habe auch schon malwearbytes drüberlaufen lassen und Sophos Anti-Rootkit jedoch fundlos.
Als Virenprogramme verwende ich Avira.
Der Laptop startet auch ziemlich schnell aber halt sobald man Firefox oder sonst was öffnet geht gar nichts mehr. Nach langer Zeit im Leerlauf kommt die CPU ca auf 5-10% runter, aber wenn ich die Maus bewege hat sie sofort wieder 50%

Mit Processexplorer sehe ich auch nicht im Taskmanager welcher Prozess soviel CPU braucht(Im Anhang ist ein screenshot)


hier die frst.logfile


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014
Ran by jonathan (administrator) on JONATHAN-HP on 23-11-2014 14:45:26
Running from C:\Users\jonathan\Desktop
Loaded Profile: jonathan (Available profiles: jonathan)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CryptoMill Technologies Ltd.) C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\CreoSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CORESHREDDER.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Sysinternals - www.sysinternals.com) C:\Users\jonathan\Downloads\ProcessExplorer\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\jonathan\AppData\Local\Temp\procexp64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-30] (Intel Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2013-08-16] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-08-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe [2213592 2013-08-07] (Hewlett-Packard)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-13] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-06-28] ( (Atheros Communications))
AppInit_DLLs: C:\Program Files => C:\Program Files [0 2014-11-11] ()
AppInit_DLLs-x32: C:\Program Files => C:\Program Files [0 2014-11-11] ()
IFEO\taskmgr.exe: [Debugger] "C:\USERS\JONATHAN\DOWNLOADS\PROCESSEXPLORER\PROCEXP.EXE"
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [+1TBIcon] -> {B9C55E85-DED6-4911-82F3-83CF1CAB2898} => C:\Program Files\Hewlett-Packard\HP Trust Circles\tbicon.dll (CryptoMill Technologies Ltd.)
ShellIconOverlayIdentifiers-x32: [+1TBIcon] -> {B9C55E85-DED6-4911-82F3-83CF1CAB2898} => C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\tbicon.dll (CryptoMill Technologies Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49775;https=127.0.0.1:49775
HKU\S-1-5-21-3450173882-3803936789-2498958683-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS
HKU\S-1-5-21-3450173882-3803936789-2498958683-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMNTDFJS
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMNTDFJS
SearchScopes: HKU\S-1-5-21-3450173882-3803936789-2498958683-1002 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3450173882-3803936789-2498958683-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M0867B338-7044-412C-906B-D193B16AC2BB&SearchSource=58&CUI=&UM=6&UP=SPDCBCE200-D903-49F9-B51E-7B18B891E059&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3450173882-3803936789-2498958683-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS&q={searchTerms}
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: HP File Sanitizer -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\RRhJxWYk.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll (DigitalPersona, Inc.)
FF Extension: Avira Browser Safety - C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\RRhJxWYk.default\Extensions\abs@avira.com [2014-11-03]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2014-06-08]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2014-11-04]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-11-04]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-04]
CHR Extension: (Google Docs) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-04]
CHR Extension: (Google Drive) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-04]
CHR Extension: (YouTube) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-04]
CHR Extension: (Google-Suche) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-04]
CHR Extension: (Google Tabellen) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-04]
CHR Extension: (Avira Browserschutz) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-04]
CHR Extension: (AdBlock) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-13]
CHR Extension: (DigitalPersona-Erweiterung) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2014-11-04]
CHR Extension: (Google Wallet) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-04]
CHR Extension: (Google Mail) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-04]
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\dpchrome.crx [2013-08-05]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://istart.webssearches.com/?type=sc&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS
hier die Additions.txt
FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014
Ran by jonathan at 2014-11-23 14:41:00
Running from C:\Users\jonathan\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
AMD Catalyst Install Manager (HKLM\...\{C4CB2534-82F4-F4AF-5767-9EE64EF9EB64}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2921 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3115 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.2.1.4224 - CyberLink Corp.)
Drakonia Configurator (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version:  - )
Elevated Installer (x32 Version: 3.2.21.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version:  - SEIKO EPSON Corporation)
Free YouTube Download version 3.2.49.1022 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1022 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.50.1107 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1107 - DVDVideoSoft Ltd.)
Garmin Express (HKLM-x32\...\{045320b6-c340-4960-aefd-57bf08a9b425}) (Version: 3.2.21.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.21.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.21.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.2 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.2.0.1663 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{7ED7BF91-D145-480A-B206-6891576F6935}) (Version: 4.6.12.1 - Hewlett-Packard Company)
HP Device Access Manager (HKLM\...\{9F7FF800-8C11-4741-8D20-92E43CA02FD6}) (Version: 8.2.0.10 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{7940DAB9-AC72-4422-8908-DCF58C2C1D21}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Drive Encryption (HKLM\...\HPDriveEncryption) (Version: 8.6.1.160 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company)
HP File Sanitizer (HKLM-x32\...\{547607B0-3294-4ECA-8F5E-921404676CBB}) (Version: 8.4.11.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10242 - Realtek Semiconductor Corp.)
HP Hotkey Support (HKLM-x32\...\{C807BEFB-0F17-41AC-B307-D7B5E1553040}) (Version: 5.0.20.1 - Hewlett-Packard Company)
HP PageLift (HKLM-x32\...\{708ABF62-5D7A-4550-823A-1F9EFA63645A}) (Version: 1.0.11.1 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{5C2D96B7-0468-4450-8BD9-63AB796D72CF}) (Version: 3.4.11.0 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{7EF08127-4C30-4C05-8CEB-544F8A71C080}) (Version: 8.7.1.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{A3B64280-DE4C-40F0-86BB-CCB2A6056BA2}) (Version: 7.3.32.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP System Default Settings (HKLM-x32\...\{3A61A282-4F08-4D43-920C-DC30ECE528E8}) (Version: 2.6.1 - Hewlett-Packard Company)
HP Theft Recovery (HKLM-x32\...\InstallShield_{BAC712C6-4061-4C9F-AB58-A5C53E76704A}) (Version: 8.2.0.9 - Hewlett-Packard Company)
HP Trust Circles (HKLM-x32\...\HP Trust Circles) (Version: 8.2.15.16418 - CryptoMill Technologies)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6486.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.12.1688 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3324 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{54194F60-988C-4D03-B922-C2B00EFDA39A}) (Version: 9.10.0222 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{CCBD6679-C7CF-2030-2A1F-3640781DF4F4}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.50 - PDF Complete, Inc)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.230 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.18 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
S.T.A.L.K.E.R. - Shadow of Chernobyl (HKLM-x32\...\S.T.A.L.K.E.R. - Shadow of Chernobyl_is1) (Version: 1.0000 - THQ)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3450173882-3803936789-2498958683-1002\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.3 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Validity Fingerprint Sensor Driver (HKLM\...\{F5850B80-27F9-406E-91D3-1329F813BA63}) (Version: 4.5.130.0 - Validity Sensors, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

20-11-2014 20:24:17 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {176D0F84-3664-4CAC-9771-7B84432AD161} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-09] (Hewlett-Packard Company)
Task: {37F580BF-A256-4B3E-8ADA-9B1AECFFF83B} - System32\Tasks\HPCeeScheduleForjonathan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {48DAFDA7-2230-408C-9284-21CCB5B9A5D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.)
Task: {4D13A6D9-A9A3-4458-B96E-F58135973325} - System32\Tasks\{7CD6B624-EA89-4E20-B8D5-FEB610F4CDAA} => C:\Games\World_of_Tanks\WoTLauncher.exe
Task: {69CCDF10-54E3-4511-93DA-0688208E8787} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {6B97E839-1E05-404D-A447-B118E521CE6B} - System32\Tasks\AdobeAAMUpdater-1.0-jonathan-HP-jonathan => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)
Task: {6BB08731-843B-4BA2-AF93-326EE4EFB00C} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2012-03-21] ()
Task: {79D60C4C-CF39-4843-A58C-7E53C98857A5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-09] (Hewlett-Packard Company)
Task: {8C2FDFD0-A904-4ADF-B1FA-B8A58A771DED} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {989A3707-7D42-4AB9-A4DB-F06EEC97A1B9} - System32\Tasks\{855184D1-D157-407F-9351-B69A1EF26B9D} => C:\Games\World_of_Tanks\WoTLauncher.exe
Task: {AEBF4488-99B4-46E5-911A-EE3BAA38A9D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.)
Task: {B7C738C8-B96E-4BA9-830D-466B4E7A14B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2014-10-21] (Microsoft)
Task: {E493270A-6F2D-4DF2-98E2-CD98CCDE87C7} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-10-21] ()
Task: {E7C7436A-8E0C-4632-A585-42921D6F1667} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForjonathan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-05-22 21:21 - 2013-05-22 21:21 - 00299832 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2013-08-07 23:02 - 2013-08-07 23:02 - 00007168 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
2013-08-07 22:01 - 2013-08-07 22:01 - 02654936 _____ () C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\ShredContextMenu.dll
2013-06-28 14:00 - 2013-06-28 14:00 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-08 14:09 - 2013-07-26 06:24 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-06-05 19:35 - 2013-06-05 19:35 - 00514570 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-11-04 14:51 - 2014-10-22 05:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-11-04 14:51 - 2014-10-22 05:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-11-04 14:51 - 2014-10-22 05:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-11-04 14:51 - 2014-10-22 05:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 00237352 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: CLMLServer_For_P2G8 => "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
MSCONFIG\startupreg: CLVirtualDrive => "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
MSCONFIG\startupreg: CryptoMill Refresh => C:\Program Files\Hewlett-Packard\HP Trust Circles\ceflauncher -m refresh
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: GamingMouse => C:\Program Files (x86)\Drakonia Configurator\hid.exe
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: RtsCM => RTSCM64.EXE
MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: YouCam Mirage => "c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s

========================= Accounts: ==========================

Administrator (S-1-5-21-3450173882-3803936789-2498958683-500 - Administrator - Disabled)
Gast (S-1-5-21-3450173882-3803936789-2498958683-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3450173882-3803936789-2498958683-1003 - Limited - Enabled)
jonathan (S-1-5-21-3450173882-3803936789-2498958683-1002 - Administrator - Enabled) => C:\Users\jonathan

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/23/2014 02:44:07 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (11/23/2014 02:43:06 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (11/23/2014 02:42:05 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (11/23/2014 02:41:03 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (11/23/2014 02:40:02 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (11/23/2014 02:39:00 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (11/23/2014 02:37:58 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (11/23/2014 02:36:57 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (11/23/2014 02:35:55 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (11/23/2014 02:34:53 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start


System errors:
=============
Error: (11/23/2014 02:08:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (11/23/2014 01:47:16 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (11/21/2014 08:33:01 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (11/21/2014 08:24:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/21/2014 06:51:28 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (11/21/2014 06:48:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (11/21/2014 06:47:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (11/21/2014 06:24:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {24DB46C8-C842-4E91-9AC4-8A9525A5551D}

Error: (11/21/2014 06:22:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/21/2014 06:21:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.


Microsoft Office Sessions:
=========================
Error: (11/23/2014 02:45:08 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (11/23/2014 02:44:07 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (11/23/2014 02:43:06 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (11/23/2014 02:42:05 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (11/23/2014 02:41:03 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (11/23/2014 02:40:02 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (11/23/2014 02:39:00 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (11/23/2014 02:37:58 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (11/23/2014 02:36:57 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (11/23/2014 02:35:55 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 57%
Total physical RAM: 3977.11 MB
Available physical RAM: 1702.3 MB
Total Pagefile: 7954.22 MB
Available Pagefile: 4264.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:450.29 GB) (Free:321.4 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.47 GB) (Free:1.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.99 GB) FAT32
Drive f: (Drakonia) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 206BA7A1)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0B)

==================== End Of Log ============================
--- --- ---

--- --- ---
[/CODE]

schrauber 06.12.2014 15:23
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

schojathan 06.12.2014 16:35
Hi Danke für die Antwort!

Bei mir hat es leider keine Logfile erstellt weiß auch nicht warum..

schrauber 07.12.2014 13:47
Poste bitte mal ein frisches FRST Log.

schojathan 08.12.2014 14:57
Zitat:
Zitat von schrauber (Beitrag 1393687)
Poste bitte mal ein frisches FRST Log.
Hi,

Ja mache ich :D
Und danke für die Rückantwort, ihr macht eine super arbeit!!!:applaus:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 02
Ran by jonathan (administrator) on JONATHAN-HP on 08-12-2014 14:25:10
Running from C:\Users\jonathan\Desktop\Müll\Log Datein
Loaded Profile: jonathan (Available profiles: jonathan)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CORESHREDDER.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.189.1564.0.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-30] (Intel Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-25] (Synaptics Incorporated)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2013-08-16] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-08-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe [2213592 2013-08-07] (Hewlett-Packard)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-13] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Lsa: [Notification Packages] DPPassFilter scecli

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49775;https=127.0.0.1:49775
HKU\S-1-5-21-3450173882-3803936789-2498958683-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS
HKU\S-1-5-21-3450173882-3803936789-2498958683-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-3450173882-3803936789-2498958683-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M0867B338-7044-412C-906B-D193B16AC2BB&SearchSource=58&CUI=&UM=6&UP=SPDCBCE200-D903-49F9-B51E-7B18B891E059&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3450173882-3803936789-2498958683-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M0867B338-7044-412C-906B-D193B16AC2BB&SearchSource=58&CUI=&UM=6&UP=SPDCBCE200-D903-49F9-B51E-7B18B891E059&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3450173882-3803936789-2498958683-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS&q={searchTerms}
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: HP File Sanitizer -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\RRhJxWYk.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll (DigitalPersona, Inc.)
FF Extension: Avira Browser Safety - C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\RRhJxWYk.default\Extensions\abs@avira.com [2014-11-26]
FF Extension: Adblock Plus - C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\RRhJxWYk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-29]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2014-06-08]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2014-11-04]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-11-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-04]
CHR Extension: (Google Docs) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-04]
CHR Extension: (Google Drive) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-04]
CHR Extension: (YouTube) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-04]
CHR Extension: (Google-Suche) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-04]
CHR Extension: (Google Tabellen) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-04]
CHR Extension: (Avira Browserschutz) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-04]
CHR Extension: (AdBlock) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-13]
CHR Extension: (DigitalPersona-Erweiterung) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2014-11-04]
CHR Extension: (Google Wallet) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-04]
CHR Extension: (Google Mail) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-04]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\dpchrome.crx [2013-08-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-13] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-28] (Windows (R) Win 7 DDK provider)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 CtAgentService; C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [7168 2013-08-07] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-07-15] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-07-15] (CyberLink)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2013-08-05] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [558392 2013-08-06] (Hewlett-Packard Company)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-08-01] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-26] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-07-26] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-07-18] (PDF Complete Inc)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [337920 2013-07-04] (IDT, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-28] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [35936 2013-04-10] (Advanced Micro Devices, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-06-28] (Qualcomm Atheros)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-27] (CyberLink)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [65752 2013-06-13] (Hewlett-Packard Company)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-07-30] (Intel Corporation)
S3 lehidmini; C:\Windows\system32\drivers\leath_hid.sys [39704 2013-06-28] (Atheros)
R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [99288 2013-07-26] (Intel Corporation)
S3 MEMSWEEP2; C:\Windows\system32\CEA2.tmp [6144 2009-06-18] (Sophos Plc) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R0 PinFile; C:\Windows\System32\DRIVERS\PinFile.sys [49856 2013-07-16] (WinMagic Inc.)
S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [418520 2013-06-17] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8873688 2013-08-02] (Realtek Semiconductor Corp.)
R0 SDDisk2K; C:\Windows\System32\DRIVERS\SDDisk2K.sys [228544 2013-07-16] (WinMagic Inc.)
R0 SDDToki; C:\Windows\System32\DRIVERS\SDDToki.sys [131264 2013-07-16] (WinMagic Inc.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-19] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [34544 2013-08-19] (Synaptics Incorporated)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-08 14:21 - 2014-12-08 14:21 - 00057627 _____ () C:\Users\jonathan\Desktop\FRST.txt
2014-12-08 14:20 - 2014-12-08 14:20 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForjonathan
2014-12-08 14:20 - 2014-12-08 14:20 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForjonathan.job
2014-12-08 14:05 - 2014-12-08 14:18 - 00001078 _____ () C:\Windows\system32dbgraw.bmp
2014-12-06 16:06 - 2014-12-06 16:25 - 00000000 ____D () C:\Windows\Minidump
2014-12-06 16:05 - 2014-12-06 16:05 - 00000000 ____D () C:\Qoobox
2014-12-06 16:04 - 2014-12-06 16:04 - 00000000 ____D () C:\Windows\erdnt
2014-12-06 16:03 - 2014-12-06 16:24 - 00000000 ___SD () C:\32788R22FWJFW
2014-12-06 16:02 - 2014-12-06 16:02 - 05600479 ____R (Swearware) C:\Users\jonathan\Desktop\ComboFix.exe
2014-12-06 14:24 - 2014-12-06 14:29 - 130049328 _____ (Hewlett-Packard Company ) C:\Users\jonathan\Downloads\sp64284.exe
2014-12-06 14:19 - 2014-12-06 14:19 - 05152768 _____ () C:\Users\jonathan\Downloads\HPSupportSolutionsFramework-11.51.0027.msi
2014-12-01 22:03 - 2014-12-08 14:04 - 00001317 _____ () C:\Windows\setupact.log
2014-12-01 22:03 - 2014-12-01 22:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-01 21:10 - 2014-12-01 21:10 - 00000000 ____D () C:\ProgramData\TaskManager
2014-12-01 21:07 - 2014-12-01 21:07 - 01174352 _____ () C:\Users\jonathan\Downloads\Free Extended Task Manager - CHIP-Installer.exe
2014-12-01 21:02 - 2014-12-01 21:02 - 04036200 _____ (Piriform Ltd) C:\Users\jonathan\Downloads\ccsetup500_slim.exe
2014-12-01 21:01 - 2014-12-01 21:01 - 05249448 _____ (ParetoLogic Inc.) C:\Users\jonathan\Downloads\ParetoLogic PC Health Advisor_de(1).exe
2014-12-01 20:21 - 2014-12-01 21:46 - 00000000 ____D () C:\Users\jonathan\Desktop\Anti-Rootkit
2014-11-30 11:49 - 2014-11-30 11:49 - 00204496 _____ (Malwarebytes) C:\Users\jonathan\Downloads\startuplite-setup-1.07.exe
2014-11-30 11:49 - 2014-11-30 11:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-30 11:46 - 2014-11-30 14:24 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-30 11:46 - 2014-11-30 11:46 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-30 11:44 - 2014-11-30 11:44 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-30 11:42 - 2014-11-30 11:43 - 16448208 _____ (Malwarebytes Corp.) C:\Users\jonathan\Downloads\mbar-1.08.2.1001.exe
2014-11-29 16:47 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\CEA2.tmp
2014-11-29 16:37 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\332D.tmp
2014-11-28 15:37 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\471F.tmp
2014-11-28 15:27 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\7925.tmp
2014-11-28 14:42 - 2014-11-28 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2014-11-27 15:23 - 2014-11-27 15:24 - 00000000 ____D () C:\ProgramData\Sophos
2014-11-27 15:23 - 2014-11-27 15:23 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-11-27 15:10 - 2014-11-27 15:12 - 106741912 _____ (Sophos Limited) C:\Users\jonathan\Downloads\Sophos Virus Removal Tool.exe
2014-11-27 14:57 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\845B.tmp
2014-11-26 19:14 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\43C5.tmp
2014-11-26 18:58 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\3C93.tmp
2014-11-26 18:56 - 2014-11-27 15:21 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-11-26 18:41 - 2014-11-26 18:42 - 01169232 _____ () C:\Users\jonathan\Downloads\Sophos Anti Rootkit - CHIP-Installer.exe
2014-11-26 17:44 - 2014-11-26 17:44 - 00002256 _____ () C:\Users\jonathan\Desktop\HP Support Assistant.lnk
2014-11-26 17:23 - 2014-11-26 17:23 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-11-26 15:14 - 2014-11-26 15:14 - 00001186 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-26 15:14 - 2014-11-26 15:14 - 00001174 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-26 15:14 - 2014-11-26 15:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-26 15:13 - 2014-11-26 15:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-26 15:07 - 2014-11-26 15:08 - 00244392 _____ () C:\Users\jonathan\Downloads\Firefox Setup Stub 33.1.1.exe
2014-11-26 15:06 - 2014-11-26 15:06 - 00000000 __SHD () C:\Users\jonathan\AppData\Local\EmieUserList
2014-11-26 15:06 - 2014-11-26 15:06 - 00000000 __SHD () C:\Users\jonathan\AppData\Local\EmieSiteList
2014-11-26 15:06 - 2014-11-26 15:06 - 00000000 __SHD () C:\Users\jonathan\AppData\Local\EmieBrowserModeList
2014-11-24 17:28 - 2014-11-24 17:28 - 00000863 _____ () C:\Users\Public\Desktop\Sirius MT2.lnk
2014-11-24 17:28 - 2014-11-24 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sirius MT2
2014-11-24 17:16 - 2014-11-26 15:34 - 00000000 ____D () C:\Program Files\Sirius MT2
2014-11-24 16:21 - 2014-11-24 16:21 - 00836112 _____ (SiriusMT2) C:\Users\jonathan\Downloads\sirius.20.13.rev.installer.exe
2014-11-24 16:18 - 2014-11-24 16:19 - 00836112 _____ (SiriusMT2) C:\Users\jonathan\Downloads\sirius.20.13.rev.installer (1).exe
2014-11-23 14:37 - 2014-11-23 14:37 - 00000000 ____D () C:\Users\jonathan\Downloads\ProcessExplorer
2014-11-23 14:34 - 2014-11-23 14:34 - 01188194 _____ () C:\Users\jonathan\Downloads\ProcessExplorer.zip
2014-11-23 14:23 - 2014-11-23 14:23 - 00380416 _____ () C:\Users\jonathan\Downloads\Gmer-19357.exe
2014-11-23 14:22 - 2014-12-08 14:25 - 00000000 ____D () C:\FRST
2014-11-23 14:21 - 2014-11-23 14:21 - 00000250 _____ () C:\Users\jonathan\Downloads\defogger_enable.log
2014-11-23 14:20 - 2014-11-23 14:21 - 00000478 _____ () C:\Users\jonathan\Downloads\defogger_disable.log
2014-11-23 14:19 - 2014-11-23 14:19 - 00050477 _____ () C:\Users\jonathan\Downloads\Defogger.exe
2014-11-21 18:38 - 2014-11-21 18:38 - 00007625 _____ () C:\Users\jonathan\AppData\Local\Resmon.ResmonCfg
2014-11-20 21:23 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-11-20 21:23 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-11-19 19:23 - 2014-11-19 19:23 - 08050514 _____ () C:\Users\jonathan\Downloads\TheMilkyWay.themepack
2014-11-19 19:22 - 2014-11-19 19:23 - 13034045 _____ () C:\Users\jonathan\Downloads\Footpaths.themepack
2014-11-19 18:57 - 2014-11-19 18:57 - 00581607 _____ () C:\Users\jonathan\Downloads\UKF Dubstep Dreamscene Part 1 (1).wmv
2014-11-19 18:41 - 2014-11-19 18:42 - 00581607 _____ () C:\Users\jonathan\Downloads\UKF Dubstep Dreamscene Part 1.wmv
2014-11-19 18:34 - 2014-11-19 18:34 - 00424812 _____ () C:\Users\jonathan\Downloads\W7DSA (2).zip
2014-11-19 18:29 - 2014-11-19 19:13 - 00008107 _____ () C:\Windows\w7dsd.reg
2014-11-19 18:29 - 2014-11-19 19:13 - 00008089 _____ () C:\Windows\w7dse.reg
2014-11-19 18:29 - 2014-11-19 18:29 - 00275360 _____ (Microsoft Corporation) C:\Windows\system32\DreamScene.dll
2014-11-19 15:18 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-11-19 15:18 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-11-19 15:18 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-11-19 15:18 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-11-19 15:18 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-11-19 15:18 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-11-19 15:18 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-11-19 15:18 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-11-19 15:18 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-11-19 15:18 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-11-19 15:18 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-11-19 15:18 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-11-19 15:18 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-11-19 15:18 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-11-19 15:18 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-11-19 15:18 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-11-19 15:08 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-19 15:08 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-19 15:08 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-19 15:08 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-19 15:08 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-19 15:08 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-19 15:08 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-19 15:08 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-19 15:08 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-19 15:08 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-19 15:08 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-19 15:08 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-19 15:08 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-19 15:08 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-19 15:08 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-19 15:08 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-19 15:08 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-19 15:08 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-19 15:08 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-19 15:08 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-19 15:08 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-19 15:08 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-19 15:08 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-19 15:08 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-19 15:08 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-19 15:08 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-19 15:08 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-19 15:08 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-19 15:08 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-19 15:08 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-19 15:08 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-19 15:08 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-19 15:08 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-19 15:08 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-19 15:08 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-19 15:08 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-19 15:08 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-19 15:08 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-19 15:08 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-19 15:08 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-19 15:08 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-19 15:08 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-19 15:08 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-19 15:08 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-19 15:08 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-19 15:08 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-19 15:08 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-19 15:08 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-19 15:08 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-19 15:08 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-19 15:08 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-19 15:08 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-19 15:08 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-19 15:08 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-19 15:08 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-19 15:08 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-19 15:07 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 15:07 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 15:07 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 15:07 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 15:07 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-19 15:07 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-19 15:07 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-19 15:07 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-19 15:07 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-19 15:07 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-19 15:07 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-19 15:07 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-19 15:07 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-19 15:07 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-19 15:07 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-19 15:07 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-19 15:07 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-19 15:07 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-19 15:07 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-19 15:07 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-19 15:07 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-19 15:07 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-19 15:07 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-19 15:07 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-19 15:07 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-19 15:07 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-19 15:07 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-19 15:07 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-19 15:07 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-19 15:07 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-19 15:07 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-19 15:07 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-19 15:07 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-19 15:07 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-19 15:07 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-19 15:07 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-19 15:07 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-19 15:07 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-19 15:07 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-19 15:07 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-19 15:07 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-19 15:07 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-19 15:07 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-19 15:06 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-19 15:06 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-19 15:03 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-19 15:03 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-19 15:03 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-19 15:03 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-19 14:47 - 2011-05-23 06:33 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2014-11-19 14:47 - 2011-05-23 06:32 - 00213888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2014-11-19 14:44 - 2011-05-23 02:11 - 01527684 _____ () C:\Windows6.1-KB2555428-x64.msu
2014-11-19 14:43 - 2014-11-19 14:43 - 01656968 _____ () C:\Users\jonathan\Downloads\433314_intl_x64_zip.exe
2014-11-18 15:31 - 2014-11-18 15:31 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-14 14:56 - 2014-11-14 14:56 - 00684416 _____ () C:\Users\jonathan\Downloads\ashampoo_mousetracer_1.0.1_sm-Downloader.exe
2014-11-13 14:48 - 2014-11-13 14:48 - 00018054 _____ () C:\Windows\unins000.dat
2014-11-13 14:48 - 2014-11-13 14:48 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\MingGuan
2014-11-13 14:48 - 2014-11-13 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHARKOON Drakonia
2014-11-13 14:48 - 2014-11-13 14:48 - 00000000 ____D () C:\Program Files (x86)\Drakonia Configurator
2014-11-13 14:48 - 2014-11-13 14:47 - 01192533 _____ () C:\Windows\unins000.exe
2014-11-12 16:55 - 2014-11-12 16:55 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\IDT
2014-11-11 21:09 - 2014-12-01 21:44 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-11-11 21:07 - 2014-11-11 21:08 - 30014480 _____ (TeamSpeak Systems GmbH) C:\Users\jonathan\Downloads\TeamSpeak3-Client-win64-3.0.16.exe
2014-11-11 18:51 - 2014-11-19 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-11-11 18:50 - 2014-11-19 18:50 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-11-11 18:50 - 2014-11-19 18:49 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2014-11-11 18:44 - 2014-11-11 18:45 - 34712552 _____ (DVDVideoSoft Ltd. ) C:\Users\jonathan\Downloads\FreeYouTubeToMP3Converter.exe
2014-11-10 15:09 - 2014-11-10 15:09 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\Wargaming.net
2014-11-10 15:04 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-11-10 15:04 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-11-10 15:04 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-11-10 15:04 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-11-10 15:04 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-11-10 15:04 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-11-10 15:03 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-11-10 15:03 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-11-10 15:03 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-11-10 15:03 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-11-10 15:03 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-11-10 15:03 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-11-10 15:03 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-11-10 15:03 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-11-10 15:03 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-11-10 15:03 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-11-10 14:59 - 2014-11-10 14:59 - 00292184 _____ (Microsoft Corporation) C:\Users\jonathan\Downloads\dxwebsetup.exe
2014-11-10 14:58 - 2014-11-10 14:58 - 00002956 _____ () C:\Windows\System32\Tasks\{855184D1-D157-407F-9351-B69A1EF26B9D}
2014-11-10 14:58 - 2014-11-10 14:58 - 00002956 _____ () C:\Windows\System32\Tasks\{7CD6B624-EA89-4E20-B8D5-FEB610F4CDAA}
2014-11-10 14:58 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-10 14:58 - 2014-05-08 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-11-10 14:47 - 2014-11-10 14:47 - 05249448 _____ (ParetoLogic Inc.) C:\Users\jonathan\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-11-09 20:28 - 2014-11-10 15:04 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-11-09 20:28 - 2014-11-10 15:03 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-11-09 20:28 - 2014-11-09 20:28 - 00000000 ____D () C:\Games
2014-11-09 20:27 - 2014-11-09 20:27 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-09 20:26 - 2014-11-09 20:26 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\jonathan\Downloads\revosetup95.exe
2014-11-09 20:25 - 2014-11-09 20:25 - 05993984 _____ (Wargaming.net ) C:\Users\jonathan\Downloads\WoT_internet_install_eu.exe
2014-11-09 17:17 - 2014-11-09 17:17 - 00431456 _____ () C:\Users\jonathan\Downloads\W7DSA (1).zip
2014-11-09 17:17 - 2014-11-09 17:17 - 00000000 ____D () C:\Users\jonathan\Downloads\W7DSA (1)
2014-11-09 17:15 - 2014-11-09 17:16 - 62967296 _____ () C:\Users\jonathan\Downloads\wz190gev-64.msi
2014-11-09 17:15 - 2014-11-09 17:15 - 00000000 ____D () C:\Users\jonathan\Downloads\W7DSA
2014-11-09 17:14 - 2014-11-09 17:15 - 00431456 _____ () C:\Users\jonathan\Downloads\W7DSA.zip
2014-11-09 16:12 - 2014-11-09 16:12 - 00000000 ____D () C:\Users\jonathan\AppData\Local\TuneUp Software
2014-11-09 16:09 - 2014-11-09 16:13 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-11-09 16:08 - 2014-11-09 16:08 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-11-09 16:06 - 2014-11-09 16:06 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\RHEng
2014-11-09 16:05 - 2014-11-19 18:49 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\DVDVideoSoft
2014-11-09 16:03 - 2014-11-09 16:04 - 33453848 _____ (DVDVideoSoft Ltd. ) C:\Users\jonathan\Downloads\FreeYouTubeDownload.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-08 14:26 - 2014-11-03 15:29 - 01883846 _____ () C:\Windows\WindowsUpdate.log
2014-12-08 14:25 - 2014-03-18 20:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-08 14:14 - 2009-07-14 05:45 - 00037408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-08 14:14 - 2009-07-14 05:45 - 00037408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-08 14:06 - 2014-03-18 20:50 - 00000000 ____D () C:\ProgramData\PDFC
2014-12-08 14:05 - 2014-11-04 14:50 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-08 14:05 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-07 16:01 - 2014-11-04 14:50 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-07 15:03 - 2014-11-03 15:33 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5B3B4F1F-4406-4D27-9CB4-252D56545BE5}
2014-12-06 16:24 - 2014-11-04 00:26 - 00320869 ____N () C:\Windows\Minidump\120614-20841-01.dmp
2014-12-06 16:06 - 2014-11-04 00:26 - 00320869 ____N () C:\Windows\Minidump\120614-21808-01.dmp
2014-12-06 14:45 - 2014-06-08 14:06 - 00001336 _____ () C:\Windows\Synaptics.log
2014-12-06 14:45 - 2014-06-08 13:58 - 00022684 _____ () C:\Windows\DPINST.LOG
2014-12-06 14:30 - 2011-02-11 17:32 - 00000000 ____D () C:\SWSETUP
2014-12-02 20:12 - 2014-11-05 17:46 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-01 22:03 - 2010-11-21 04:47 - 00296830 _____ () C:\Windows\PFRO.log
2014-12-01 21:15 - 2014-11-04 18:48 - 00000000 ____D () C:\Users\jonathan\AppData\Local\CrashDumps
2014-12-01 21:15 - 2014-11-04 16:19 - 00000000 ___DC () C:\Users\jonathan\AppData\Local\MigWiz
2014-12-01 21:15 - 2011-02-11 14:38 - 00000000 ____D () C:\Windows\Panther
2014-12-01 15:25 - 2014-06-08 14:36 - 00700190 _____ () C:\Windows\system32\perfh007.dat
2014-12-01 15:25 - 2014-06-08 14:36 - 00149796 _____ () C:\Windows\system32\perfc007.dat
2014-12-01 15:25 - 2009-07-14 06:13 - 01621934 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-26 19:09 - 2014-03-18 20:48 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-11-26 19:08 - 2014-06-08 13:58 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2014-11-26 19:08 - 2014-03-18 20:47 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-11-26 18:56 - 2014-03-18 20:48 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-26 18:55 - 2014-11-04 21:00 - 00000000 ____D () C:\Users\jonathan\Documents\Garmin
2014-11-26 18:55 - 2014-11-04 20:58 - 00000000 ____D () C:\Users\jonathan\AppData\Local\Garmin
2014-11-26 18:55 - 2014-11-04 20:57 - 00000000 ____D () C:\ProgramData\Garmin
2014-11-26 18:54 - 2014-11-04 20:58 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\Garmin
2014-11-26 18:54 - 2014-11-04 20:56 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-11-26 17:44 - 2014-03-18 20:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-11-26 17:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2014-11-26 17:33 - 2014-03-18 20:49 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-26 17:26 - 2014-03-18 20:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 17:26 - 2014-03-18 20:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 17:26 - 2014-03-18 20:50 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 17:16 - 2014-03-18 20:49 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-11-26 17:13 - 2014-11-03 15:34 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\hpqLog
2014-11-26 15:00 - 2014-11-04 15:14 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\Spotify
2014-11-26 14:59 - 2014-11-04 15:18 - 00000000 ____D () C:\Users\jonathan\AppData\Local\Spotify
2014-11-26 14:41 - 2014-06-08 14:32 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.001
2014-11-26 14:30 - 2014-06-08 14:32 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.002
2014-11-25 14:29 - 2014-06-08 14:32 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.003
2014-11-24 18:47 - 2014-11-04 15:53 - 00000000 ____D () C:\Users\jonathan\Desktop\Müll
2014-11-24 16:06 - 2014-11-04 21:42 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\vlc
2014-11-24 14:32 - 2014-06-08 14:32 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.004
2014-11-23 14:21 - 2014-11-03 15:32 - 00000000 ____D () C:\Users\jonathan
2014-11-23 13:46 - 2014-06-08 14:32 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.005
2014-11-21 20:14 - 2014-11-03 15:33 - 00001444 _____ () C:\Users\jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-21 01:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-20 18:07 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-19 17:41 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-19 17:40 - 2009-07-14 05:45 - 04831000 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-19 17:37 - 2014-11-04 18:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-19 15:15 - 2014-11-05 22:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-19 15:10 - 2014-11-05 22:01 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-15 16:56 - 2014-11-04 14:50 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-15 16:56 - 2014-11-04 14:50 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 15:33 - 2014-11-03 15:34 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\Hewlett-Packard
2014-11-13 15:33 - 2014-11-03 15:33 - 00003772 _____ () C:\Windows\System32\Tasks\Registration
2014-11-10 15:01 - 2014-03-18 20:51 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-11-10 15:01 - 2014-03-18 20:51 - 00002144 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-11-10 15:00 - 2014-03-18 20:51 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-11-10 15:00 - 2014-03-18 20:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-11-09 18:11 - 2014-11-04 20:18 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\Apple Computer
2014-11-08 13:51 - 2014-11-04 14:49 - 00000000 ____D () C:\Users\jonathan\AppData\Local\Google

Some content of TEMP:
====================
C:\Users\jonathan\AppData\Local\Temp\avgnt.exe
C:\Users\jonathan\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\jonathan\AppData\Local\Temp\sp64126.exe
C:\Users\jonathan\AppData\Local\Temp\UninstallHPSA.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 22:46

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2014 02
Ran by jonathan at 2014-12-08 14:30:11
Running from C:\Users\jonathan\Desktop\Müll\Log Datein
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
AMD Catalyst Install Manager (HKLM\...\{C4CB2534-82F4-F4AF-5767-9EE64EF9EB64}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2921 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3115 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.2.1.4224 - CyberLink Corp.)
Drakonia Configurator (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version:  - )
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version:  - SEIKO EPSON Corporation)
Free YouTube Download version 3.2.49.1022 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1022 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.50.1107 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1107 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.2.0.1663 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{7ED7BF91-D145-480A-B206-6891576F6935}) (Version: 4.6.12.1 - Hewlett-Packard Company)
HP Device Access Manager (HKLM\...\{9F7FF800-8C11-4741-8D20-92E43CA02FD6}) (Version: 8.2.0.10 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{7940DAB9-AC72-4422-8908-DCF58C2C1D21}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Drive Encryption (HKLM\...\HPDriveEncryption) (Version: 8.6.1.160 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company)
HP File Sanitizer (HKLM-x32\...\{547607B0-3294-4ECA-8F5E-921404676CBB}) (Version: 8.4.11.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10242 - Realtek Semiconductor Corp.)
HP Hotkey Support (HKLM-x32\...\{C807BEFB-0F17-41AC-B307-D7B5E1553040}) (Version: 5.0.20.1 - Hewlett-Packard Company)
HP PageLift (HKLM-x32\...\{708ABF62-5D7A-4550-823A-1F9EFA63645A}) (Version: 1.0.11.1 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{5C2D96B7-0468-4450-8BD9-63AB796D72CF}) (Version: 3.4.11.0 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{7EF08127-4C30-4C05-8CEB-544F8A71C080}) (Version: 8.7.1.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP System Default Settings (HKLM-x32\...\{3A61A282-4F08-4D43-920C-DC30ECE528E8}) (Version: 2.6.1 - Hewlett-Packard Company)
HP Theft Recovery (HKLM-x32\...\InstallShield_{BAC712C6-4061-4C9F-AB58-A5C53E76704A}) (Version: 8.2.0.9 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6486.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.12.1688 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3324 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
MFC RunTime files x64 (Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 de)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{54194F60-988C-4D03-B922-C2B00EFDA39A}) (Version: 9.10.0222 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{CCBD6679-C7CF-2030-2A1F-3640781DF4F4}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.50 - PDF Complete, Inc)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.230 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.18 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
S.T.A.L.K.E.R. - Shadow of Chernobyl (HKLM-x32\...\S.T.A.L.K.E.R. - Shadow of Chernobyl_is1) (Version: 1.0000 - THQ)
Sirius MT2 Version 20.13 (HKLM-x32\...\{831D4B74-7A92-4363-869D-524876C480B1}_is1) (Version: 20.13 - Sirius MT2)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sophos Anti-Rootkit 1.5.0 (HKLM-x32\...\Sophos-AntiRootkit) (Version: 1.5.0 - Sophos Plc)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited)
Spotify (HKU\S-1-5-21-3450173882-3803936789-2498958683-1002\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
Validity Fingerprint Sensor Driver (HKLM\...\{F5850B80-27F9-406E-91D3-1329F813BA63}) (Version: 4.5.130.0 - Validity Sensors, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

28-11-2014 13:41:31 Removed Sophos Virus Removal Tool.
30-11-2014 14:51:32 Windows Update
03-12-2014 15:27:59 Windows Update
06-12-2014 13:19:37 Installed HP Support Solutions Framework
07-12-2014 12:32:38 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A86CCFF-A8B0-4A87-8772-4D86899080EC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {3ACE64E2-E015-4308-8D60-CE43E02EAAF2} - System32\Tasks\HPCeeScheduleForjonathan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {48DAFDA7-2230-408C-9284-21CCB5B9A5D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.)
Task: {4D13A6D9-A9A3-4458-B96E-F58135973325} - System32\Tasks\{7CD6B624-EA89-4E20-B8D5-FEB610F4CDAA} => C:\Games\World_of_Tanks\WoTLauncher.exe
Task: {69CCDF10-54E3-4511-93DA-0688208E8787} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {6B97E839-1E05-404D-A447-B118E521CE6B} - System32\Tasks\AdobeAAMUpdater-1.0-jonathan-HP-jonathan => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)
Task: {6BB08731-843B-4BA2-AF93-326EE4EFB00C} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2012-03-21] ()
Task: {8C2FDFD0-A904-4ADF-B1FA-B8A58A771DED} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {900651A6-3A7B-40A2-9549-B014C9EB9858} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {90AAC942-8F0F-43AD-83FC-15C9E95DC9F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {989A3707-7D42-4AB9-A4DB-F06EEC97A1B9} - System32\Tasks\{855184D1-D157-407F-9351-B69A1EF26B9D} => C:\Games\World_of_Tanks\WoTLauncher.exe
Task: {AEBF4488-99B4-46E5-911A-EE3BAA38A9D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.)
Task: {B7C738C8-B96E-4BA9-830D-466B4E7A14B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForjonathan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-05-22 21:21 - 2013-05-22 21:21 - 00299832 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2013-08-07 23:02 - 2013-08-07 23:02 - 00007168 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-26 15:13 - 2014-11-14 03:42 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-06-05 19:35 - 2013-06-05 19:35 - 00514570 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-06-08 14:09 - 2013-07-26 06:24 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: CLMLServer_For_P2G8 => "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
MSCONFIG\startupreg: CLVirtualDrive => "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
MSCONFIG\startupreg: CryptoMill Refresh => C:\Program Files\Hewlett-Packard\HP Trust Circles\ceflauncher -m refresh
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: GamingMouse => C:\Program Files (x86)\Drakonia Configurator\hid.exe
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: RtsCM => RTSCM64.EXE
MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: YouCam Mirage => "c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s

========================= Accounts: ==========================

Administrator (S-1-5-21-3450173882-3803936789-2498958683-500 - Administrator - Disabled)
Gast (S-1-5-21-3450173882-3803936789-2498958683-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3450173882-3803936789-2498958683-1003 - Limited - Enabled)
jonathan (S-1-5-21-3450173882-3803936789-2498958683-1002 - Administrator - Enabled) => C:\Users\jonathan

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/08/2014 02:39:54 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/08/2014 02:38:53 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/08/2014 02:37:51 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/08/2014 02:36:49 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/08/2014 02:35:47 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/08/2014 02:34:45 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/08/2014 02:33:43 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/08/2014 02:32:41 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/08/2014 02:31:41 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/08/2014 02:31:37 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start


System errors:
=============
Error: (12/08/2014 02:06:21 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (12/07/2014 01:16:06 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (12/06/2014 04:26:43 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (12/06/2014 04:25:09 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000c4 (0x00000000000000f6, 0x00000000000000dc, 0xfffffa800b345b30, 0xfffff8800afa65e5)C:\Windows\Minidump\120614-20841-01.dmp120614-20841-01

Error: (12/06/2014 04:25:08 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎06.‎12.‎2014 um 16:23:46 unerwartet heruntergefahren.

Error: (12/06/2014 04:08:37 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (12/06/2014 04:07:04 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000c4 (0x00000000000000f6, 0x00000000000000dc, 0xfffffa8008d4a900, 0xfffff880061ee5e5)C:\Windows\Minidump\120614-21808-01.dmp120614-21808-01

Error: (12/06/2014 04:07:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎06.‎12.‎2014 um 16:05:32 unerwartet heruntergefahren.

Error: (12/06/2014 03:17:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/06/2014 02:49:01 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (12/08/2014 02:40:55 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/08/2014 02:39:54 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/08/2014 02:38:53 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/08/2014 02:37:51 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/08/2014 02:36:49 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/08/2014 02:35:47 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/08/2014 02:34:45 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/08/2014 02:33:43 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/08/2014 02:32:41 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/08/2014 02:31:41 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:


CodeIntegrity Errors:
===================================
  Date: 2014-11-29 16:48:00.290
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\CEA2.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-29 16:47:57.637
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\CEA2.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-29 16:42:08.726
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\332D.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-29 16:42:06.149
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\332D.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-29 16:37:34.520
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\332D.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-29 16:37:30.586
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\332D.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-28 19:37:03.837
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\471F.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-28 19:37:02.355
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\471F.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-28 19:36:58.673
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\471F.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-28 19:36:57.098
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\471F.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 52%
Total physical RAM: 3977.11 MB
Available physical RAM: 1871.04 MB
Total Pagefile: 7954.22 MB
Available Pagefile: 4583.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:450.29 GB) (Free:325.52 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.47 GB) (Free:1.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.99 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 206BA7A1)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0B)

==================== End Of Log ============================

schrauber 09.12.2014 11:32
Schritt 1
Downloade Dir HitmanProhttp://deeprybka.trojaner-board.de/b.../hitmanpro.pngauf Deinen Desktop:

HitmanPro-32 Bit Version
HitmanPro-64 Bit Version




Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

schojathan 09.12.2014 14:57
Hi erstmals Danke für die Antwort, aber HitmanPro stürzt immer ab bei mir mit der Meldung:"Windows wird zur Sicherheit heruntergefahren dann startet der Laptop sich neu..." (in pixel schrift und mit blauen Hintergrund).
Soll ich den Pc dann im Abgesicherten Modes oder normal starten?

Lg

schrauber 09.12.2014 19:06
Lass Hitman weg.

schojathan 09.12.2014 21:48
Danke für die rasche Antwort!!!

Also hier mal die mbam.txt
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 09.12.2014
Suchlauf-Zeit: 19:25:58
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.12.09.07
Rootkit Datenbank: v2014.12.08.03
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: jonathan

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 328262
Verstrichene Zeit: 59 Min, 12 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 5
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3450173882-3803936789-2498958683-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Löschen bei Neustart, [7952cb951a621c1aca5ba724db27a45c],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [35965e02b0cc280ee352962b41c3c33d],
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, In Quarantäne, [d2f92d338cf04beb3ba0cdb1d3301ee2],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [9833204018641a1cd02279d7d231c23e],
PUP.Optional.Qone8, HKU\S-1-5-21-3450173882-3803936789-2498958683-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Löschen bei Neustart, [c7044818631941f5a634c0ece61e44bc],

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 6
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS),Ersetzt,[6665a5bb8eee04326db3a7b62adb02fe]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[06c59cc4087452e478bba2c52ed7837d]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS),Ersetzt,[9a31d48c92ea91a5d24e3e1fee17cd33]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[03c800608af278be74bfe97ec243fd03]
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-3450173882-3803936789-2498958683-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS),Löschen bei Neustart,[408b2f31304c3bfb4dcde17cb84d2dd3]
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-3450173882-3803936789-2498958683-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS),Löschen bei Neustart,[c10a1947e894c373e234fb621ee754ac]

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 2
PUP.Optional.Conduit.A, C:\Users\jonathan\AppData\Roaming\RHEng\5D42806FBDE94E54AB1DB86D75DE2BAB\sp-downloader.exe, In Quarantäne, [2aa12838a1db52e4035f083159a82ed2],
PUP.Optional.Eguide, C:\Users\jonathan\Downloads\ashampoo_mousetracer_1.0.1_sm-Downloader.exe, In Quarantäne, [7259c69a9edea195f3284717c13f0df3],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
hier die adw.cleaner vorher die [SO] dann die [RO]

Code:
# AdwCleaner v4.105 - Bericht erstellt am 09/12/2014 um 20:39:52
# Aktualisiert 08/12/2014 von Xplode
# Database : 2014-12-08.2 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : jonathan - JONATHAN-HP
# Gestartet von : C:\Users\jonathan\Desktop\AdwCleaner_4.105.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gefunden : C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab
Ordner Gefunden : C:\Users\jonathan\AppData\Roaming\RHEng

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v34.0.5 (x86 de)


-\\ Google Chrome v39.0.2171.71

[C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M0867B338-7044-412C-906B-D193B16AC2BB&SearchSource=58&CUI=&UM=6&UP=SPDCBCE200-D903-49F9-B51E-7B18B891E059&q={searchTerms}&SSPV=
[C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M0867B338-7044-412C-906B-D193B16AC2BB&SearchSource=58&CUI=&UM=6&UP=SPDCBCE200-D903-49F9-B51E-7B18B891E059&q={searchTerms}&SSPV=
[C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS&q={searchTerms}
[C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS&q={searchTerms}
[C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS&q={searchTerms}
[C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS&q={searchTerms}

*************************

AdwCleaner[R0].txt - [2621 octets] - [09/12/2014 20:39:52]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2681 octets] ##########
hier die [SO]
Code:
# AdwCleaner v4.105 - Bericht erstellt am 09/12/2014 um 21:06:22
# Aktualisiert 08/12/2014 von Xplode
# Database : 2014-12-08.2 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : jonathan - JONATHAN-HP
# Gestartet von : C:\Users\jonathan\Desktop\AdwCleaner_4.105.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\jonathan\AppData\Roaming\RHEng
Ordner Gelöscht : C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\jonathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v34.0.5 (x86 de)


-\\ Google Chrome v39.0.2171.71

[C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M0867B338-7044-412C-906B-D193B16AC2BB&SearchSource=58&CUI=&UM=6&UP=SPDCBCE200-D903-49F9-B51E-7B18B891E059&q={searchTerms}&SSPV=
[C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M0867B338-7044-412C-906B-D193B16AC2BB&SearchSource=58&CUI=&UM=6&UP=SPDCBCE200-D903-49F9-B51E-7B18B891E059&q={searchTerms}&SSPV=
[C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS&q={searchTerms}
[C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS&q={searchTerms}
[C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS&q={searchTerms}
[C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS&q={searchTerms}

*************************

AdwCleaner[R0].txt - [2765 octets] - [09/12/2014 20:39:52]
AdwCleaner[S0].txt - [2940 octets] - [09/12/2014 21:06:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3000 octets] ##########
Leider bekam ich beim Junkware remove tool eine fehlermeldung
Non 7z Archive und das Programm schloß sich.

und hier die FRST logs

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 02
Ran by jonathan (administrator) on JONATHAN-HP on 09-12-2014 21:25:21
Running from C:\Users\jonathan\Desktop\Müll\Log Datein
Loaded Profile: jonathan (Available profiles: jonathan)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CORESHREDDER.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-30] (Intel Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-25] (Synaptics Incorporated)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2013-08-16] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-08-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe [2213592 2013-08-07] (Hewlett-Packard)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-13] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Lsa: [Notification Packages] DPPassFilter scecli

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49775;https=127.0.0.1:49775
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: HP File Sanitizer -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\RRhJxWYk.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll (DigitalPersona, Inc.)
FF Extension: Avira Browser Safety - C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\RRhJxWYk.default\Extensions\abs@avira.com [2014-11-26]
FF Extension: Adblock Plus - C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\RRhJxWYk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-29]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2014-06-08]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2014-11-04]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-11-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-04]
CHR Extension: (Google Docs) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-04]
CHR Extension: (Google Drive) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-04]
CHR Extension: (YouTube) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-04]
CHR Extension: (Google-Suche) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-04]
CHR Extension: (Google Tabellen) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-04]
CHR Extension: (Avira Browserschutz) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-04]
CHR Extension: (AdBlock) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-13]
CHR Extension: (Google Wallet) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-04]
CHR Extension: (Google Mail) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-04]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-13] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-28] (Windows (R) Win 7 DDK provider)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 CtAgentService; C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [7168 2013-08-07] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-07-15] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-07-15] (CyberLink)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2013-08-05] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [558392 2013-08-06] (Hewlett-Packard Company)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-08-01] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-26] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-07-26] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-07-18] (PDF Complete Inc)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [337920 2013-07-04] (IDT, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-28] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [35936 2013-04-10] (Advanced Micro Devices, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-06-28] (Qualcomm Atheros)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-27] (CyberLink)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [65752 2013-06-13] (Hewlett-Packard Company)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-12-09] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-07-30] (Intel Corporation)
S3 lehidmini; C:\Windows\system32\drivers\leath_hid.sys [39704 2013-06-28] (Atheros)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-09] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [99288 2013-07-26] (Intel Corporation)
S3 MEMSWEEP2; C:\Windows\system32\CEA2.tmp [6144 2009-06-18] (Sophos Plc) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R0 PinFile; C:\Windows\System32\DRIVERS\PinFile.sys [49856 2013-07-16] (WinMagic Inc.)
S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [418520 2013-06-17] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8873688 2013-08-02] (Realtek Semiconductor Corp.)
R0 SDDisk2K; C:\Windows\System32\DRIVERS\SDDisk2K.sys [228544 2013-07-16] (WinMagic Inc.)
R0 SDDToki; C:\Windows\System32\DRIVERS\SDDToki.sys [131264 2013-07-16] (WinMagic Inc.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-19] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [34544 2013-08-19] (Synaptics Incorporated)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 21:27 - 2014-12-09 21:27 - 00004896 _____ () C:\Users\jonathan\Desktop\mbam.txt
2014-12-09 21:13 - 2014-12-09 21:14 - 01103469 _____ (Thisisu) C:\Users\jonathan\Desktop\JRT.exe
2014-12-09 21:10 - 2014-12-09 21:10 - 00003080 _____ () C:\Users\jonathan\Desktop\AdwCleaner[S0]1.txt
2014-12-09 21:06 - 2014-12-09 21:06 - 00002765 _____ () C:\Users\jonathan\Desktop\AdwCleaner[R0].txt
2014-12-09 20:37 - 2014-12-09 21:09 - 00000000 ____D () C:\AdwCleaner
2014-12-09 19:23 - 2014-12-09 19:23 - 00001139 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-09 19:23 - 2014-12-09 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-09 19:23 - 2014-12-09 19:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-09 19:23 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-09 19:23 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-09 19:11 - 2014-12-09 19:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-09 17:04 - 2014-12-09 21:09 - 00001078 _____ () C:\Windows\system32dbgraw.bmp
2014-12-09 15:04 - 2014-12-09 15:04 - 00000166 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-12-09 14:41 - 2014-12-09 14:41 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-12-09 14:40 - 2014-12-09 14:40 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-09 14:38 - 2014-12-09 14:39 - 11222744 _____ (SurfRight B.V.) C:\Users\jonathan\Desktop\HitmanPro_x64.exe
2014-12-09 14:38 - 2014-12-09 14:38 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\jonathan\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-09 14:38 - 2014-12-09 14:38 - 02166272 _____ () C:\Users\jonathan\Desktop\AdwCleaner_4.105.exe
2014-12-08 14:20 - 2014-12-09 20:29 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForjonathan.job
2014-12-08 14:20 - 2014-12-09 14:56 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForjonathan
2014-12-06 16:06 - 2014-12-09 14:50 - 00000000 ____D () C:\Windows\Minidump
2014-12-06 16:05 - 2014-12-06 16:05 - 00000000 ____D () C:\Qoobox
2014-12-06 16:04 - 2014-12-06 16:04 - 00000000 ____D () C:\Windows\erdnt
2014-12-06 16:03 - 2014-12-06 16:24 - 00000000 ___SD () C:\32788R22FWJFW
2014-12-06 14:24 - 2014-12-06 14:29 - 130049328 _____ (Hewlett-Packard Company ) C:\Users\jonathan\Downloads\sp64284.exe
2014-12-06 14:19 - 2014-12-06 14:19 - 05152768 _____ () C:\Users\jonathan\Downloads\HPSupportSolutionsFramework-11.51.0027.msi
2014-12-01 22:03 - 2014-12-09 21:08 - 00001709 _____ () C:\Windows\setupact.log
2014-12-01 22:03 - 2014-12-01 22:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-01 21:10 - 2014-12-01 21:10 - 00000000 ____D () C:\ProgramData\TaskManager
2014-12-01 21:07 - 2014-12-01 21:07 - 01174352 _____ () C:\Users\jonathan\Downloads\Free Extended Task Manager - CHIP-Installer.exe
2014-12-01 21:02 - 2014-12-01 21:02 - 04036200 _____ (Piriform Ltd) C:\Users\jonathan\Downloads\ccsetup500_slim.exe
2014-12-01 21:01 - 2014-12-01 21:01 - 05249448 _____ (ParetoLogic Inc.) C:\Users\jonathan\Downloads\ParetoLogic PC Health Advisor_de(1).exe
2014-12-01 20:21 - 2014-12-08 15:15 - 00000000 ____D () C:\Users\jonathan\Desktop\Anti-Rootkit
2014-11-30 11:49 - 2014-12-09 19:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-30 11:49 - 2014-11-30 11:49 - 00204496 _____ (Malwarebytes) C:\Users\jonathan\Downloads\startuplite-setup-1.07.exe
2014-11-30 11:46 - 2014-12-09 21:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-30 11:46 - 2014-12-09 20:31 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-30 11:44 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-30 11:42 - 2014-11-30 11:43 - 16448208 _____ (Malwarebytes Corp.) C:\Users\jonathan\Downloads\mbar-1.08.2.1001.exe
2014-11-29 16:47 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\CEA2.tmp
2014-11-29 16:37 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\332D.tmp
2014-11-28 15:37 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\471F.tmp
2014-11-28 15:27 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\7925.tmp
2014-11-28 14:42 - 2014-11-28 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2014-11-27 15:23 - 2014-11-27 15:24 - 00000000 ____D () C:\ProgramData\Sophos
2014-11-27 15:23 - 2014-11-27 15:23 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-11-27 15:10 - 2014-11-27 15:12 - 106741912 _____ (Sophos Limited) C:\Users\jonathan\Downloads\Sophos Virus Removal Tool.exe
2014-11-27 14:57 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\845B.tmp
2014-11-26 19:14 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\43C5.tmp
2014-11-26 18:58 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\3C93.tmp
2014-11-26 18:56 - 2014-11-27 15:21 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-11-26 18:41 - 2014-11-26 18:42 - 01169232 _____ () C:\Users\jonathan\Downloads\Sophos Anti Rootkit - CHIP-Installer.exe
2014-11-26 17:44 - 2014-11-26 17:44 - 00002256 _____ () C:\Users\jonathan\Desktop\HP Support Assistant.lnk
2014-11-26 17:23 - 2014-11-26 17:23 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-11-26 15:14 - 2014-12-09 20:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-26 15:14 - 2014-11-26 15:14 - 00001186 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-26 15:14 - 2014-11-26 15:14 - 00001174 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-26 15:07 - 2014-11-26 15:08 - 00244392 _____ () C:\Users\jonathan\Downloads\Firefox Setup Stub 33.1.1.exe
2014-11-26 15:06 - 2014-11-26 15:06 - 00000000 __SHD () C:\Users\jonathan\AppData\Local\EmieUserList
2014-11-26 15:06 - 2014-11-26 15:06 - 00000000 __SHD () C:\Users\jonathan\AppData\Local\EmieSiteList
2014-11-26 15:06 - 2014-11-26 15:06 - 00000000 __SHD () C:\Users\jonathan\AppData\Local\EmieBrowserModeList
2014-11-24 17:28 - 2014-11-24 17:28 - 00000863 _____ () C:\Users\Public\Desktop\Sirius MT2.lnk
2014-11-24 17:28 - 2014-11-24 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sirius MT2
2014-11-24 17:16 - 2014-11-26 15:34 - 00000000 ____D () C:\Program Files\Sirius MT2
2014-11-24 16:21 - 2014-11-24 16:21 - 00836112 _____ (SiriusMT2) C:\Users\jonathan\Downloads\sirius.20.13.rev.installer.exe
2014-11-24 16:18 - 2014-11-24 16:19 - 00836112 _____ (SiriusMT2) C:\Users\jonathan\Downloads\sirius.20.13.rev.installer (1).exe
2014-11-23 14:37 - 2014-11-23 14:37 - 00000000 ____D () C:\Users\jonathan\Downloads\ProcessExplorer
2014-11-23 14:34 - 2014-11-23 14:34 - 01188194 _____ () C:\Users\jonathan\Downloads\ProcessExplorer.zip
2014-11-23 14:23 - 2014-11-23 14:23 - 00380416 _____ () C:\Users\jonathan\Downloads\Gmer-19357.exe
2014-11-23 14:22 - 2014-12-09 21:25 - 00000000 ____D () C:\FRST
2014-11-23 14:21 - 2014-11-23 14:21 - 00000250 _____ () C:\Users\jonathan\Downloads\defogger_enable.log
2014-11-23 14:20 - 2014-11-23 14:21 - 00000478 _____ () C:\Users\jonathan\Downloads\defogger_disable.log
2014-11-23 14:19 - 2014-11-23 14:19 - 00050477 _____ () C:\Users\jonathan\Downloads\Defogger.exe
2014-11-21 18:38 - 2014-11-21 18:38 - 00007625 _____ () C:\Users\jonathan\AppData\Local\Resmon.ResmonCfg
2014-11-20 21:23 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-11-20 21:23 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-11-19 19:23 - 2014-11-19 19:23 - 08050514 _____ () C:\Users\jonathan\Downloads\TheMilkyWay.themepack
2014-11-19 19:22 - 2014-11-19 19:23 - 13034045 _____ () C:\Users\jonathan\Downloads\Footpaths.themepack
2014-11-19 18:57 - 2014-11-19 18:57 - 00581607 _____ () C:\Users\jonathan\Downloads\UKF Dubstep Dreamscene Part 1 (1).wmv
2014-11-19 18:41 - 2014-11-19 18:42 - 00581607 _____ () C:\Users\jonathan\Downloads\UKF Dubstep Dreamscene Part 1.wmv
2014-11-19 18:34 - 2014-11-19 18:34 - 00424812 _____ () C:\Users\jonathan\Downloads\W7DSA (2).zip
2014-11-19 18:29 - 2014-11-19 19:13 - 00008107 _____ () C:\Windows\w7dsd.reg
2014-11-19 18:29 - 2014-11-19 19:13 - 00008089 _____ () C:\Windows\w7dse.reg
2014-11-19 18:29 - 2014-11-19 18:29 - 00275360 _____ (Microsoft Corporation) C:\Windows\system32\DreamScene.dll
2014-11-19 15:18 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-11-19 15:18 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-11-19 15:18 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-11-19 15:18 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-11-19 15:18 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-11-19 15:18 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-11-19 15:18 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-11-19 15:18 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-11-19 15:18 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-11-19 15:18 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-11-19 15:18 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-11-19 15:18 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-11-19 15:18 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-11-19 15:18 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-11-19 15:18 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-11-19 15:18 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-11-19 15:08 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-19 15:08 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-19 15:08 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-19 15:08 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-19 15:08 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-19 15:08 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-19 15:08 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-19 15:08 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-19 15:08 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-19 15:08 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-19 15:08 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-19 15:08 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-19 15:08 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-19 15:08 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-19 15:08 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-19 15:08 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-19 15:08 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-19 15:08 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-19 15:08 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-19 15:08 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-19 15:08 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-19 15:08 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-19 15:08 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-19 15:08 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-19 15:08 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-19 15:08 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-19 15:08 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-19 15:08 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-19 15:08 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-19 15:08 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-19 15:08 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-19 15:08 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-19 15:08 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-19 15:08 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-19 15:08 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-19 15:08 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-19 15:08 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-19 15:08 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-19 15:08 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-19 15:08 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-19 15:08 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-19 15:08 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-19 15:08 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-19 15:08 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-19 15:08 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-19 15:08 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-19 15:08 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-19 15:08 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-19 15:08 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-19 15:08 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-19 15:08 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-19 15:08 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-19 15:08 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-19 15:08 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-19 15:08 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-19 15:08 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-19 15:07 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 15:07 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 15:07 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 15:07 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 15:07 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-19 15:07 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-19 15:07 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-19 15:07 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-19 15:07 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-19 15:07 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-19 15:07 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-19 15:07 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-19 15:07 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-19 15:07 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-19 15:07 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-19 15:07 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-19 15:07 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-19 15:07 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-19 15:07 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-19 15:07 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-19 15:07 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-19 15:07 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-19 15:07 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-19 15:07 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-19 15:07 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-19 15:07 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-19 15:07 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-19 15:07 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-19 15:07 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-19 15:07 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-19 15:07 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-19 15:07 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-19 15:07 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-19 15:07 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-19 15:07 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-19 15:07 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-19 15:07 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-19 15:07 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-19 15:07 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-19 15:07 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-19 15:07 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-19 15:07 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-19 15:07 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-19 15:06 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-19 15:06 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-19 15:03 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-19 15:03 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-19 15:03 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-19 15:03 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-19 14:47 - 2011-05-23 06:33 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2014-11-19 14:47 - 2011-05-23 06:32 - 00213888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2014-11-19 14:44 - 2011-05-23 02:11 - 01527684 _____ () C:\Windows6.1-KB2555428-x64.msu
2014-11-19 14:43 - 2014-11-19 14:43 - 01656968 _____ () C:\Users\jonathan\Downloads\433314_intl_x64_zip.exe
2014-11-18 15:31 - 2014-11-18 15:31 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-13 14:48 - 2014-11-13 14:48 - 00018054 _____ () C:\Windows\unins000.dat
2014-11-13 14:48 - 2014-11-13 14:48 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\MingGuan
2014-11-13 14:48 - 2014-11-13 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHARKOON Drakonia
2014-11-13 14:48 - 2014-11-13 14:48 - 00000000 ____D () C:\Program Files (x86)\Drakonia Configurator
2014-11-13 14:48 - 2014-11-13 14:47 - 01192533 _____ () C:\Windows\unins000.exe
2014-11-12 16:55 - 2014-11-12 16:55 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\IDT
2014-11-11 21:09 - 2014-12-01 21:44 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-11-11 21:07 - 2014-11-11 21:08 - 30014480 _____ (TeamSpeak Systems GmbH) C:\Users\jonathan\Downloads\TeamSpeak3-Client-win64-3.0.16.exe
2014-11-11 18:51 - 2014-11-19 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-11-11 18:50 - 2014-11-19 18:50 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-11-11 18:50 - 2014-11-19 18:49 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2014-11-11 18:44 - 2014-11-11 18:45 - 34712552 _____ (DVDVideoSoft Ltd. ) C:\Users\jonathan\Downloads\FreeYouTubeToMP3Converter.exe
2014-11-10 15:09 - 2014-11-10 15:09 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\Wargaming.net
2014-11-10 15:04 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-11-10 15:04 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-11-10 15:04 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-11-10 15:04 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-11-10 15:04 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-11-10 15:04 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-11-10 15:03 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-11-10 15:03 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-11-10 15:03 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-11-10 15:03 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-11-10 15:03 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-11-10 15:03 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-11-10 15:03 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-11-10 15:03 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-11-10 15:03 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-11-10 15:03 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-11-10 14:59 - 2014-11-10 14:59 - 00292184 _____ (Microsoft Corporation) C:\Users\jonathan\Downloads\dxwebsetup.exe
2014-11-10 14:58 - 2014-11-10 14:58 - 00002956 _____ () C:\Windows\System32\Tasks\{855184D1-D157-407F-9351-B69A1EF26B9D}
2014-11-10 14:58 - 2014-11-10 14:58 - 00002956 _____ () C:\Windows\System32\Tasks\{7CD6B624-EA89-4E20-B8D5-FEB610F4CDAA}
2014-11-10 14:58 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-10 14:58 - 2014-05-08 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-11-10 14:47 - 2014-11-10 14:47 - 05249448 _____ (ParetoLogic Inc.) C:\Users\jonathan\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-11-09 20:28 - 2014-11-10 15:04 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-11-09 20:28 - 2014-11-10 15:03 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-11-09 20:28 - 2014-11-09 20:28 - 00000000 ____D () C:\Games
2014-11-09 20:27 - 2014-11-09 20:27 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-09 20:26 - 2014-11-09 20:26 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\jonathan\Downloads\revosetup95.exe
2014-11-09 20:25 - 2014-11-09 20:25 - 05993984 _____ (Wargaming.net ) C:\Users\jonathan\Downloads\WoT_internet_install_eu.exe
2014-11-09 17:17 - 2014-11-09 17:17 - 00431456 _____ () C:\Users\jonathan\Downloads\W7DSA (1).zip
2014-11-09 17:17 - 2014-11-09 17:17 - 00000000 ____D () C:\Users\jonathan\Downloads\W7DSA (1)
2014-11-09 17:15 - 2014-11-09 17:16 - 62967296 _____ () C:\Users\jonathan\Downloads\wz190gev-64.msi
2014-11-09 17:15 - 2014-11-09 17:15 - 00000000 ____D () C:\Users\jonathan\Downloads\W7DSA
2014-11-09 17:14 - 2014-11-09 17:15 - 00431456 _____ () C:\Users\jonathan\Downloads\W7DSA.zip
2014-11-09 16:12 - 2014-11-09 16:12 - 00000000 ____D () C:\Users\jonathan\AppData\Local\TuneUp Software
2014-11-09 16:09 - 2014-11-09 16:13 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-11-09 16:08 - 2014-11-09 16:08 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-11-09 16:05 - 2014-11-19 18:49 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\DVDVideoSoft
2014-11-09 16:03 - 2014-11-09 16:04 - 33453848 _____ (DVDVideoSoft Ltd. ) C:\Users\jonathan\Downloads\FreeYouTubeDownload.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 21:25 - 2014-03-18 20:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-09 21:18 - 2014-11-03 15:29 - 01984312 _____ () C:\Windows\WindowsUpdate.log
2014-12-09 21:18 - 2009-07-14 05:45 - 00037408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-09 21:18 - 2009-07-14 05:45 - 00037408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-09 21:10 - 2014-03-18 20:50 - 00000000 ____D () C:\ProgramData\PDFC
2014-12-09 21:09 - 2014-11-04 14:50 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-09 21:08 - 2010-11-21 04:47 - 00298370 _____ () C:\Windows\PFRO.log
2014-12-09 21:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-09 21:01 - 2014-11-04 14:50 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-09 14:50 - 2014-11-04 00:26 - 00320869 ____N () C:\Windows\Minidump\120914-58968-01.dmp
2014-12-09 14:42 - 2014-11-04 00:26 - 00320869 ____N () C:\Windows\Minidump\120914-63820-01.dmp
2014-12-08 20:28 - 2014-11-03 15:33 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5B3B4F1F-4406-4D27-9CB4-252D56545BE5}
2014-12-06 16:24 - 2014-11-04 00:26 - 00320869 ____N () C:\Windows\Minidump\120614-20841-01.dmp
2014-12-06 16:06 - 2014-11-04 00:26 - 00320869 ____N () C:\Windows\Minidump\120614-21808-01.dmp
2014-12-06 14:45 - 2014-06-08 14:06 - 00001336 _____ () C:\Windows\Synaptics.log
2014-12-06 14:45 - 2014-06-08 13:58 - 00022684 _____ () C:\Windows\DPINST.LOG
2014-12-06 14:30 - 2011-02-11 17:32 - 00000000 ____D () C:\SWSETUP
2014-12-02 20:12 - 2014-11-05 17:46 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-01 21:15 - 2014-11-04 18:48 - 00000000 ____D () C:\Users\jonathan\AppData\Local\CrashDumps
2014-12-01 21:15 - 2014-11-04 16:19 - 00000000 ___DC () C:\Users\jonathan\AppData\Local\MigWiz
2014-12-01 21:15 - 2011-02-11 14:38 - 00000000 ____D () C:\Windows\Panther
2014-12-01 15:25 - 2014-06-08 14:36 - 00700190 _____ () C:\Windows\system32\perfh007.dat
2014-12-01 15:25 - 2014-06-08 14:36 - 00149796 _____ () C:\Windows\system32\perfc007.dat
2014-12-01 15:25 - 2009-07-14 06:13 - 01621934 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-26 19:09 - 2014-03-18 20:48 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-11-26 19:08 - 2014-06-08 13:58 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2014-11-26 19:08 - 2014-03-18 20:47 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-11-26 18:56 - 2014-03-18 20:48 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-26 18:55 - 2014-11-04 21:00 - 00000000 ____D () C:\Users\jonathan\Documents\Garmin
2014-11-26 18:55 - 2014-11-04 20:58 - 00000000 ____D () C:\Users\jonathan\AppData\Local\Garmin
2014-11-26 18:55 - 2014-11-04 20:57 - 00000000 ____D () C:\ProgramData\Garmin
2014-11-26 18:54 - 2014-11-04 20:58 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\Garmin
2014-11-26 18:54 - 2014-11-04 20:56 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-11-26 17:44 - 2014-03-18 20:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-11-26 17:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2014-11-26 17:33 - 2014-03-18 20:49 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-26 17:26 - 2014-03-18 20:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 17:26 - 2014-03-18 20:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 17:26 - 2014-03-18 20:50 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 17:16 - 2014-03-18 20:49 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-11-26 17:13 - 2014-11-03 15:34 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\hpqLog
2014-11-26 15:00 - 2014-11-04 15:14 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\Spotify
2014-11-26 14:59 - 2014-11-04 15:18 - 00000000 ____D () C:\Users\jonathan\AppData\Local\Spotify
2014-11-26 14:41 - 2014-06-08 14:32 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.001
2014-11-26 14:30 - 2014-06-08 14:32 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.002
2014-11-25 14:29 - 2014-06-08 14:32 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.003
2014-11-24 18:47 - 2014-11-04 15:53 - 00000000 ____D () C:\Users\jonathan\Desktop\Müll
2014-11-24 16:06 - 2014-11-04 21:42 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\vlc
2014-11-24 14:32 - 2014-06-08 14:32 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.004
2014-11-23 14:21 - 2014-11-03 15:32 - 00000000 ____D () C:\Users\jonathan
2014-11-23 13:46 - 2014-06-08 14:32 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.005
2014-11-21 20:14 - 2014-11-03 15:33 - 00001444 _____ () C:\Users\jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-21 01:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-20 18:07 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-19 17:41 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-19 17:40 - 2009-07-14 05:45 - 04831000 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-19 17:37 - 2014-11-04 18:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-19 15:15 - 2014-11-05 22:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-19 15:10 - 2014-11-05 22:01 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-15 16:56 - 2014-11-04 14:50 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-15 16:56 - 2014-11-04 14:50 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 15:33 - 2014-11-03 15:34 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\Hewlett-Packard
2014-11-13 15:33 - 2014-11-03 15:33 - 00003772 _____ () C:\Windows\System32\Tasks\Registration
2014-11-10 15:01 - 2014-03-18 20:51 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-11-10 15:01 - 2014-03-18 20:51 - 00002144 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-11-10 15:00 - 2014-03-18 20:51 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-11-10 15:00 - 2014-03-18 20:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-11-09 18:11 - 2014-11-04 20:18 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\Apple Computer

Some content of TEMP:
====================
C:\Users\jonathan\AppData\Local\Temp\avgnt.exe
C:\Users\jonathan\AppData\Local\Temp\Quarantine.exe
C:\Users\jonathan\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\jonathan\AppData\Local\Temp\sp64126.exe
C:\Users\jonathan\AppData\Local\Temp\sqlite3.dll
C:\Users\jonathan\AppData\Local\Temp\UninstallHPSA.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-09 21:01

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2014 02
Ran by jonathan at 2014-12-09 21:30:50
Running from C:\Users\jonathan\Desktop\Müll\Log Datein
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
AMD Catalyst Install Manager (HKLM\...\{C4CB2534-82F4-F4AF-5767-9EE64EF9EB64}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2921 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3115 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.2.1.4224 - CyberLink Corp.)
Drakonia Configurator (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version:  - )
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version:  - SEIKO EPSON Corporation)
Free YouTube Download version 3.2.49.1022 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1022 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.50.1107 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1107 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.2.0.1663 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{7ED7BF91-D145-480A-B206-6891576F6935}) (Version: 4.6.12.1 - Hewlett-Packard Company)
HP Device Access Manager (HKLM\...\{9F7FF800-8C11-4741-8D20-92E43CA02FD6}) (Version: 8.2.0.10 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{7940DAB9-AC72-4422-8908-DCF58C2C1D21}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Drive Encryption (HKLM\...\HPDriveEncryption) (Version: 8.6.1.160 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company)
HP File Sanitizer (HKLM-x32\...\{547607B0-3294-4ECA-8F5E-921404676CBB}) (Version: 8.4.11.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10242 - Realtek Semiconductor Corp.)
HP Hotkey Support (HKLM-x32\...\{C807BEFB-0F17-41AC-B307-D7B5E1553040}) (Version: 5.0.20.1 - Hewlett-Packard Company)
HP PageLift (HKLM-x32\...\{708ABF62-5D7A-4550-823A-1F9EFA63645A}) (Version: 1.0.11.1 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{5C2D96B7-0468-4450-8BD9-63AB796D72CF}) (Version: 3.4.11.0 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{7EF08127-4C30-4C05-8CEB-544F8A71C080}) (Version: 8.7.1.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP System Default Settings (HKLM-x32\...\{3A61A282-4F08-4D43-920C-DC30ECE528E8}) (Version: 2.6.1 - Hewlett-Packard Company)
HP Theft Recovery (HKLM-x32\...\InstallShield_{BAC712C6-4061-4C9F-AB58-A5C53E76704A}) (Version: 8.2.0.9 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6486.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.12.1688 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3324 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
MFC RunTime files x64 (Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{54194F60-988C-4D03-B922-C2B00EFDA39A}) (Version: 9.10.0222 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{CCBD6679-C7CF-2030-2A1F-3640781DF4F4}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.50 - PDF Complete, Inc)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.230 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.18 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
S.T.A.L.K.E.R. - Shadow of Chernobyl (HKLM-x32\...\S.T.A.L.K.E.R. - Shadow of Chernobyl_is1) (Version: 1.0000 - THQ)
Sirius MT2 Version 20.13 (HKLM-x32\...\{831D4B74-7A92-4363-869D-524876C480B1}_is1) (Version: 20.13 - Sirius MT2)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sophos Anti-Rootkit 1.5.0 (HKLM-x32\...\Sophos-AntiRootkit) (Version: 1.5.0 - Sophos Plc)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited)
Spotify (HKU\S-1-5-21-3450173882-3803936789-2498958683-1002\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
Validity Fingerprint Sensor Driver (HKLM\...\{F5850B80-27F9-406E-91D3-1329F813BA63}) (Version: 4.5.130.0 - Validity Sensors, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

28-11-2014 13:41:31 Removed Sophos Virus Removal Tool.
30-11-2014 14:51:32 Windows Update
03-12-2014 15:27:59 Windows Update
06-12-2014 13:19:37 Installed HP Support Solutions Framework
07-12-2014 12:32:38 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A86CCFF-A8B0-4A87-8772-4D86899080EC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {30268E0C-97D0-4E6B-BF07-72671B59E2FA} - System32\Tasks\HPCeeScheduleForjonathan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {48DAFDA7-2230-408C-9284-21CCB5B9A5D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.)
Task: {4D13A6D9-A9A3-4458-B96E-F58135973325} - System32\Tasks\{7CD6B624-EA89-4E20-B8D5-FEB610F4CDAA} => C:\Games\World_of_Tanks\WoTLauncher.exe
Task: {69CCDF10-54E3-4511-93DA-0688208E8787} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {6B97E839-1E05-404D-A447-B118E521CE6B} - System32\Tasks\AdobeAAMUpdater-1.0-jonathan-HP-jonathan => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)
Task: {6BB08731-843B-4BA2-AF93-326EE4EFB00C} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2012-03-21] ()
Task: {8C2FDFD0-A904-4ADF-B1FA-B8A58A771DED} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {900651A6-3A7B-40A2-9549-B014C9EB9858} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {90AAC942-8F0F-43AD-83FC-15C9E95DC9F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {989A3707-7D42-4AB9-A4DB-F06EEC97A1B9} - System32\Tasks\{855184D1-D157-407F-9351-B69A1EF26B9D} => C:\Games\World_of_Tanks\WoTLauncher.exe
Task: {AEBF4488-99B4-46E5-911A-EE3BAA38A9D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.)
Task: {B7C738C8-B96E-4BA9-830D-466B4E7A14B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForjonathan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-05-22 21:21 - 2013-05-22 21:21 - 00299832 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2013-08-07 23:02 - 2013-08-07 23:02 - 00007168 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
2013-08-07 22:01 - 2013-08-07 22:01 - 02654936 _____ () C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\ShredContextMenu.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-05 19:35 - 2013-06-05 19:35 - 00514570 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-06-08 14:09 - 2013-07-26 06:24 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-12-09 19:11 - 2014-12-09 19:11 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: CLMLServer_For_P2G8 => "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
MSCONFIG\startupreg: CLVirtualDrive => "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
MSCONFIG\startupreg: CryptoMill Refresh => C:\Program Files\Hewlett-Packard\HP Trust Circles\ceflauncher -m refresh
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: GamingMouse => C:\Program Files (x86)\Drakonia Configurator\hid.exe
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: RtsCM => RTSCM64.EXE
MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: YouCam Mirage => "c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s

========================= Accounts: ==========================

Administrator (S-1-5-21-3450173882-3803936789-2498958683-500 - Administrator - Disabled)
Gast (S-1-5-21-3450173882-3803936789-2498958683-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3450173882-3803936789-2498958683-1003 - Limited - Enabled)
jonathan (S-1-5-21-3450173882-3803936789-2498958683-1002 - Administrator - Enabled) => C:\Users\jonathan

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/09/2014 09:33:12 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/09/2014 09:32:12 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/09/2014 09:31:11 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/09/2014 09:30:10 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/09/2014 09:29:09 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/09/2014 09:28:09 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/09/2014 09:27:08 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/09/2014 09:26:07 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/09/2014 09:25:06 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/09/2014 09:24:05 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start


System errors:
=============
Error: (12/09/2014 09:09:55 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (12/09/2014 09:07:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Druckwarteschlange" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (12/09/2014 09:07:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (12/09/2014 09:07:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Apple Mobile Device erreicht.

Error: (12/09/2014 09:07:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HP Support Assistant Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%109

Error: (12/09/2014 09:07:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\system32\athihvs.dll

Error: (12/09/2014 09:07:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\system32\athihvs.dll

Error: (12/09/2014 09:07:12 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\system32\athihvs.dll

Error: (12/09/2014 09:06:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PDF Document Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/09/2014 09:06:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (12/09/2014 09:33:12 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/09/2014 09:32:12 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/09/2014 09:31:11 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/09/2014 09:30:10 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/09/2014 09:29:09 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/09/2014 09:28:09 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/09/2014 09:27:08 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/09/2014 09:26:07 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/09/2014 09:25:06 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/09/2014 09:24:05 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:


CodeIntegrity Errors:
===================================
  Date: 2014-11-29 16:48:00.290
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\CEA2.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-29 16:47:57.637
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\CEA2.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-29 16:42:08.726
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\332D.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-29 16:42:06.149
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\332D.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-29 16:37:34.520
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\332D.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-29 16:37:30.586
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\332D.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-28 19:37:03.837
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\471F.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-28 19:37:02.355
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\471F.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-28 19:36:58.673
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\471F.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-28 19:36:57.098
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\471F.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 51%
Total physical RAM: 3977.11 MB
Available physical RAM: 1943.58 MB
Total Pagefile: 7954.22 MB
Available Pagefile: 4618.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:450.29 GB) (Free:323.51 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.47 GB) (Free:1.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.99 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 206BA7A1)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0B)

==================== End Of Log ============================

mfg jonathan

schrauber 10.12.2014 19:00
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49775;https=127.0.0.1:49775

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

schojathan 11.12.2014 14:46
Liste der Anhänge anzeigen (Anzahl: 1)
Ich habe im Anhang einen Screenshot vom Programm(esetonlinecleaner)
Schon beim letzten mal ist er einfach bei 20% hängen geblieben...

schrauber 12.12.2014 10:14
Lass ESET weg und mach dafür einen Vollscan mit deinem AV Programm.

schojathan 13.12.2014 16:33
Vielen Dank für die Antwort!

Also, leider habe ich das Problem noch immer weil ich kann noch immer nicht z.B. Metro 2033 spielen(vorher auf ultra und jetzt ruckelt es auf mittel noch immer so das es unspielbar ist).
Auf Facebook spielt es die Videos ruckelnt ab so wie auf Youtube etc.

Hier das Check up
Code:
Results of screen317's Security Check version 0.99.91 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop                 
Microsoft Security Essentials 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Sophos Anti-Rootkit 1.5.0 
 Adobe Flash Player 15.0.0.246 
 Mozilla Firefox (34.0.5)
 Google Chrome (39.0.2171.71)
 Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
Code:
dditional scan result of Farbar Recovery Scan Tool (x64) Version: 13-12-2014
Ran by jonathan at 2014-12-13 16:02:29
Running from C:\Users\jonathan\Desktop\Anti-Rootkit\Log Datein\FRST-OlderVersion
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
AMD Catalyst Install Manager (HKLM\...\{C4CB2534-82F4-F4AF-5767-9EE64EF9EB64}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2921 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3115 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.2.1.4224 - CyberLink Corp.)
Drakonia Configurator (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version:  - )
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Free YouTube Download version 3.2.49.1022 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1022 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.50.1107 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1107 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2014
Ran by jonathan (administrator) on JONATHAN-HP on 13-12-2014 15:58:48
Running from C:\Users\jonathan\Desktop\Anti-Rootkit\Log Datein\FRST-OlderVersion
Loaded Profile: jonathan (Available profiles: jonathan)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CORESHREDDER.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-30] (Intel Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-25] (Synaptics Incorporated)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2013-08-16] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-08-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe [2213592 2013-08-07] (Hewlett-Packard)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-13] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Lsa: [Notification Packages] DPPassFilter scecli

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49775;https=127.0.0.1:49775
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: HP File Sanitizer -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\RRhJxWYk.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll (DigitalPersona, Inc.)
FF Extension: Avira Browser Safety - C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\RRhJxWYk.default\Extensions\abs@avira.com [2014-12-11]
FF Extension: Adblock Plus - C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\RRhJxWYk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-29]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2014-06-08]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2014-11-04]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-11-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1415973513&from=cvs2&uid=TOSHIBAXMQ01ABF050_5482SHTSSXX5482SHTSS"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-04]
CHR Extension: (Google Docs) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-04]
CHR Extension: (Google Drive) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-04]
CHR Extension: (YouTube) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-04]
CHR Extension: (Google-Suche) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-04]
CHR Extension: (Google Tabellen) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-04]
CHR Extension: (Avira Browserschutz) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-04]
CHR Extension: (AdBlock) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-13]
CHR Extension: (Google Wallet) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-04]
CHR Extension: (Google Mail) - C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-04]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-13] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-28] (Windows (R) Win 7 DDK provider)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 CtAgentService; C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [7168 2013-08-07] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-07-15] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-07-15] (CyberLink)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2013-08-05] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [558392 2013-08-06] (Hewlett-Packard Company)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-08-01] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-26] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-07-26] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-07-18] (PDF Complete Inc)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [337920 2013-07-04] (IDT, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-28] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [35936 2013-04-10] (Advanced Micro Devices, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-06-28] (Qualcomm Atheros)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-27] (CyberLink)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [65752 2013-06-13] (Hewlett-Packard Company)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-12-09] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-07-30] (Intel Corporation)
S3 lehidmini; C:\Windows\system32\drivers\leath_hid.sys [39704 2013-06-28] (Atheros)
R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [99288 2013-07-26] (Intel Corporation)
S3 MEMSWEEP2; C:\Windows\system32\CEA2.tmp [6144 2009-06-18] (Sophos Plc) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R0 PinFile; C:\Windows\System32\DRIVERS\PinFile.sys [49856 2013-07-16] (WinMagic Inc.)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [418520 2013-06-17] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8873688 2013-08-02] (Realtek Semiconductor Corp.)
R0 SDDisk2K; C:\Windows\System32\DRIVERS\SDDisk2K.sys [228544 2013-07-16] (WinMagic Inc.)
R0 SDDToki; C:\Windows\System32\DRIVERS\SDDToki.sys [131264 2013-07-16] (WinMagic Inc.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-19] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [34544 2013-08-19] (Synaptics Incorporated)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-13 15:57 - 2014-12-13 15:57 - 00000917 _____ () C:\Users\jonathan\Desktop\checkup.txt
2014-12-13 14:17 - 2014-12-13 14:18 - 00001078 _____ () C:\Windows\system32dbgraw.bmp
2014-12-12 20:32 - 2014-12-13 14:28 - 00000000 ____D () C:\Users\jonathan\Desktop\DCIM
2014-12-11 19:22 - 2014-12-11 19:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-11 19:22 - 2014-12-11 19:22 - 00000000 ____D () C:\Users\jonathan\AppData\Local\Skype
2014-12-11 19:22 - 2014-12-11 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-11 18:39 - 2014-12-13 14:56 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\Skype
2014-12-10 19:14 - 2014-12-10 19:14 - 02347384 _____ (ESET) C:\Users\jonathan\Desktop\esetsmartinstaller_deu.exe
2014-12-10 19:14 - 2014-12-10 19:14 - 00852490 _____ () C:\Users\jonathan\Desktop\SecurityCheck.exe
2014-12-10 19:14 - 2014-12-10 19:14 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-09 20:37 - 2014-12-09 21:09 - 00000000 ____D () C:\AdwCleaner
2014-12-09 19:23 - 2014-12-09 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-09 19:23 - 2014-12-09 19:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-09 19:23 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-09 19:23 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-09 19:11 - 2014-12-09 19:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-09 15:04 - 2014-12-09 15:04 - 00000166 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-12-09 14:41 - 2014-12-09 14:41 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-12-09 14:40 - 2014-12-09 14:40 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-09 14:38 - 2014-12-09 14:38 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\jonathan\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-08 14:20 - 2014-12-13 14:56 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForjonathan
2014-12-08 14:20 - 2014-12-13 14:56 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForjonathan.job
2014-12-06 16:06 - 2014-12-09 14:50 - 00000000 ____D () C:\Windows\Minidump
2014-12-06 16:05 - 2014-12-06 16:05 - 00000000 ____D () C:\Qoobox
2014-12-06 16:04 - 2014-12-06 16:04 - 00000000 ____D () C:\Windows\erdnt
2014-12-06 16:03 - 2014-12-06 16:24 - 00000000 ___SD () C:\32788R22FWJFW
2014-12-06 14:24 - 2014-12-06 14:29 - 130049328 _____ (Hewlett-Packard Company ) C:\Users\jonathan\Downloads\sp64284.exe
2014-12-06 14:19 - 2014-12-06 14:19 - 05152768 _____ () C:\Users\jonathan\Downloads\HPSupportSolutionsFramework-11.51.0027.msi
2014-12-01 22:03 - 2014-12-13 14:17 - 00003469 _____ () C:\Windows\setupact.log
2014-12-01 22:03 - 2014-12-01 22:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-01 21:10 - 2014-12-01 21:10 - 00000000 ____D () C:\ProgramData\TaskManager
2014-12-01 21:07 - 2014-12-01 21:07 - 01174352 _____ () C:\Users\jonathan\Downloads\Free Extended Task Manager - CHIP-Installer.exe
2014-12-01 21:02 - 2014-12-01 21:02 - 04036200 _____ (Piriform Ltd) C:\Users\jonathan\Downloads\ccsetup500_slim.exe
2014-12-01 21:01 - 2014-12-01 21:01 - 05249448 _____ (ParetoLogic Inc.) C:\Users\jonathan\Downloads\ParetoLogic PC Health Advisor_de(1).exe
2014-12-01 20:21 - 2014-12-10 19:11 - 00000000 ____D () C:\Users\jonathan\Desktop\Anti-Rootkit
2014-11-30 11:49 - 2014-12-09 19:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-30 11:49 - 2014-11-30 11:49 - 00204496 _____ (Malwarebytes) C:\Users\jonathan\Downloads\startuplite-setup-1.07.exe
2014-11-30 11:46 - 2014-12-09 21:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-30 11:46 - 2014-12-09 20:31 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-30 11:44 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-30 11:42 - 2014-11-30 11:43 - 16448208 _____ (Malwarebytes Corp.) C:\Users\jonathan\Downloads\mbar-1.08.2.1001.exe
2014-11-29 16:47 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\CEA2.tmp
2014-11-29 16:37 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\332D.tmp
2014-11-28 15:37 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\471F.tmp
2014-11-28 15:27 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\7925.tmp
2014-11-28 14:42 - 2014-11-28 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2014-11-27 15:23 - 2014-11-27 15:24 - 00000000 ____D () C:\ProgramData\Sophos
2014-11-27 15:23 - 2014-11-27 15:23 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-11-27 15:10 - 2014-11-27 15:12 - 106741912 _____ (Sophos Limited) C:\Users\jonathan\Downloads\Sophos Virus Removal Tool.exe
2014-11-27 14:57 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\845B.tmp
2014-11-26 19:14 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\43C5.tmp
2014-11-26 18:58 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\3C93.tmp
2014-11-26 18:56 - 2014-11-27 15:21 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-11-26 18:41 - 2014-11-26 18:42 - 01169232 _____ () C:\Users\jonathan\Downloads\Sophos Anti Rootkit - CHIP-Installer.exe
2014-11-26 17:44 - 2014-11-26 17:44 - 00002256 _____ () C:\Users\jonathan\Desktop\HP Support Assistant.lnk
2014-11-26 17:23 - 2014-11-26 17:23 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-11-26 15:14 - 2014-12-09 21:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-26 15:14 - 2014-11-26 15:14 - 00001186 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-26 15:14 - 2014-11-26 15:14 - 00001174 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-26 15:07 - 2014-11-26 15:08 - 00244392 _____ () C:\Users\jonathan\Downloads\Firefox Setup Stub 33.1.1.exe
2014-11-26 15:06 - 2014-11-26 15:06 - 00000000 __SHD () C:\Users\jonathan\AppData\Local\EmieUserList
2014-11-26 15:06 - 2014-11-26 15:06 - 00000000 __SHD () C:\Users\jonathan\AppData\Local\EmieSiteList
2014-11-26 15:06 - 2014-11-26 15:06 - 00000000 __SHD () C:\Users\jonathan\AppData\Local\EmieBrowserModeList
2014-11-24 17:28 - 2014-11-24 17:28 - 00000863 _____ () C:\Users\Public\Desktop\Sirius MT2.lnk
2014-11-24 17:28 - 2014-11-24 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sirius MT2
2014-11-24 17:16 - 2014-11-26 15:34 - 00000000 ____D () C:\Program Files\Sirius MT2
2014-11-24 16:21 - 2014-11-24 16:21 - 00836112 _____ (SiriusMT2) C:\Users\jonathan\Downloads\sirius.20.13.rev.installer.exe
2014-11-24 16:18 - 2014-11-24 16:19 - 00836112 _____ (SiriusMT2) C:\Users\jonathan\Downloads\sirius.20.13.rev.installer (1).exe
2014-11-23 14:37 - 2014-11-23 14:37 - 00000000 ____D () C:\Users\jonathan\Downloads\ProcessExplorer
2014-11-23 14:34 - 2014-11-23 14:34 - 01188194 _____ () C:\Users\jonathan\Downloads\ProcessExplorer.zip
2014-11-23 14:23 - 2014-11-23 14:23 - 00380416 _____ () C:\Users\jonathan\Downloads\Gmer-19357.exe
2014-11-23 14:22 - 2014-12-13 15:59 - 00000000 ____D () C:\FRST
2014-11-23 14:21 - 2014-11-23 14:21 - 00000250 _____ () C:\Users\jonathan\Downloads\defogger_enable.log
2014-11-23 14:20 - 2014-11-23 14:21 - 00000478 _____ () C:\Users\jonathan\Downloads\defogger_disable.log
2014-11-23 14:19 - 2014-11-23 14:19 - 00050477 _____ () C:\Users\jonathan\Downloads\Defogger.exe
2014-11-21 18:38 - 2014-11-21 18:38 - 00007625 _____ () C:\Users\jonathan\AppData\Local\Resmon.ResmonCfg
2014-11-20 21:23 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-11-20 21:23 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-11-19 19:23 - 2014-11-19 19:23 - 08050514 _____ () C:\Users\jonathan\Downloads\TheMilkyWay.themepack
2014-11-19 19:22 - 2014-11-19 19:23 - 13034045 _____ () C:\Users\jonathan\Downloads\Footpaths.themepack
2014-11-19 18:57 - 2014-11-19 18:57 - 00581607 _____ () C:\Users\jonathan\Downloads\UKF Dubstep Dreamscene Part 1 (1).wmv
2014-11-19 18:41 - 2014-11-19 18:42 - 00581607 _____ () C:\Users\jonathan\Downloads\UKF Dubstep Dreamscene Part 1.wmv
2014-11-19 18:34 - 2014-11-19 18:34 - 00424812 _____ () C:\Users\jonathan\Downloads\W7DSA (2).zip
2014-11-19 18:29 - 2014-11-19 19:13 - 00008107 _____ () C:\Windows\w7dsd.reg
2014-11-19 18:29 - 2014-11-19 19:13 - 00008089 _____ () C:\Windows\w7dse.reg
2014-11-19 18:29 - 2014-11-19 18:29 - 00275360 _____ (Microsoft Corporation) C:\Windows\system32\DreamScene.dll
2014-11-19 15:18 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-11-19 15:18 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-11-19 15:18 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-11-19 15:18 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-11-19 15:18 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-11-19 15:18 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-11-19 15:18 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-11-19 15:18 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-11-19 15:18 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-11-19 15:18 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-11-19 15:18 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-11-19 15:18 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-11-19 15:18 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-11-19 15:18 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-11-19 15:18 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-11-19 15:18 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-11-19 15:08 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-19 15:08 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-19 15:08 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-19 15:08 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-19 15:08 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-19 15:08 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-19 15:08 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-19 15:08 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-19 15:08 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-19 15:08 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-19 15:08 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-19 15:08 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-19 15:08 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-19 15:08 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-19 15:08 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-19 15:08 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-19 15:08 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-19 15:08 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-19 15:08 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-19 15:08 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-19 15:08 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-19 15:08 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-19 15:08 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-19 15:08 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-19 15:08 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-19 15:08 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-19 15:08 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-19 15:08 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-19 15:08 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-19 15:08 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-19 15:08 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-19 15:08 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-19 15:08 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-19 15:08 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-19 15:08 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-19 15:08 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-19 15:08 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-19 15:08 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-19 15:08 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-19 15:08 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-19 15:08 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-19 15:08 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-19 15:08 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-19 15:08 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-19 15:08 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-19 15:08 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-19 15:08 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-19 15:08 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-19 15:08 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-19 15:08 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-19 15:08 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-19 15:08 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-19 15:08 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-19 15:08 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-19 15:08 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-19 15:08 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-19 15:07 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 15:07 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 15:07 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 15:07 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 15:07 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-19 15:07 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-19 15:07 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-19 15:07 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-19 15:07 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-19 15:07 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-19 15:07 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-19 15:07 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-19 15:07 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-19 15:07 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-19 15:07 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-19 15:07 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-19 15:07 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-19 15:07 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-19 15:07 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-19 15:07 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-19 15:07 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-19 15:07 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-19 15:07 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-19 15:07 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-19 15:07 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-19 15:07 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-19 15:07 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-19 15:07 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-19 15:07 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-19 15:07 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-19 15:07 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-19 15:07 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-19 15:07 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-19 15:07 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-19 15:07 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-19 15:07 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-19 15:07 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-19 15:07 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-19 15:07 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-19 15:07 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-19 15:07 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-19 15:07 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-19 15:07 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-19 15:06 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-19 15:06 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-19 15:03 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-19 15:03 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-19 15:03 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-19 15:03 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-19 14:47 - 2011-05-23 06:33 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2014-11-19 14:47 - 2011-05-23 06:32 - 00213888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2014-11-19 14:44 - 2011-05-23 02:11 - 01527684 _____ () C:\Windows6.1-KB2555428-x64.msu
2014-11-19 14:43 - 2014-11-19 14:43 - 01656968 _____ () C:\Users\jonathan\Downloads\433314_intl_x64_zip.exe
2014-11-18 15:31 - 2014-11-18 15:31 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-13 14:48 - 2014-11-13 14:48 - 00018054 _____ () C:\Windows\unins000.dat
2014-11-13 14:48 - 2014-11-13 14:48 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\MingGuan
2014-11-13 14:48 - 2014-11-13 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHARKOON Drakonia
2014-11-13 14:48 - 2014-11-13 14:48 - 00000000 ____D () C:\Program Files (x86)\Drakonia Configurator
2014-11-13 14:48 - 2014-11-13 14:47 - 01192533 _____ () C:\Windows\unins000.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-13 16:01 - 2014-11-04 14:50 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-13 15:56 - 2014-11-03 15:33 - 00003772 _____ () C:\Windows\System32\Tasks\Registration
2014-12-13 15:33 - 2014-11-03 15:29 - 01125980 _____ () C:\Windows\WindowsUpdate.log
2014-12-13 15:25 - 2014-03-18 20:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-13 14:26 - 2009-07-14 05:45 - 00037408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-13 14:26 - 2009-07-14 05:45 - 00037408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-13 14:18 - 2014-03-18 20:50 - 00000000 ____D () C:\ProgramData\PDFC
2014-12-13 14:17 - 2014-11-04 14:50 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-13 14:17 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-12 20:02 - 2014-06-08 14:36 - 00700190 _____ () C:\Windows\system32\perfh007.dat
2014-12-12 20:02 - 2014-06-08 14:36 - 00149796 _____ () C:\Windows\system32\perfc007.dat
2014-12-12 20:02 - 2009-07-14 06:13 - 01621934 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-12 20:01 - 2014-11-04 14:49 - 00000000 ____D () C:\Users\jonathan\AppData\Local\Google
2014-12-12 18:44 - 2014-11-03 15:33 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5B3B4F1F-4406-4D27-9CB4-252D56545BE5}
2014-12-11 22:20 - 2014-11-04 15:53 - 00000000 ____D () C:\Users\jonathan\Desktop\Müll
2014-12-11 19:22 - 2014-06-08 14:16 - 00000000 ____D () C:\ProgramData\Skype
2014-12-10 19:12 - 2014-11-04 18:48 - 00000000 ____D () C:\Users\jonathan\AppData\Local\CrashDumps
2014-12-10 18:26 - 2014-03-18 20:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 18:26 - 2014-03-18 20:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 18:26 - 2014-03-18 20:50 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 21:08 - 2010-11-21 04:47 - 00298370 _____ () C:\Windows\PFRO.log
2014-12-09 14:50 - 2014-11-04 00:26 - 00320869 ____N () C:\Windows\Minidump\120914-58968-01.dmp
2014-12-09 14:42 - 2014-11-04 00:26 - 00320869 ____N () C:\Windows\Minidump\120914-63820-01.dmp
2014-12-06 16:24 - 2014-11-04 00:26 - 00320869 ____N () C:\Windows\Minidump\120614-20841-01.dmp
2014-12-06 16:06 - 2014-11-04 00:26 - 00320869 ____N () C:\Windows\Minidump\120614-21808-01.dmp
2014-12-06 14:45 - 2014-06-08 14:06 - 00001336 _____ () C:\Windows\Synaptics.log
2014-12-06 14:45 - 2014-06-08 13:58 - 00022684 _____ () C:\Windows\DPINST.LOG
2014-12-06 14:30 - 2011-02-11 17:32 - 00000000 ____D () C:\SWSETUP
2014-12-02 20:12 - 2014-11-05 17:46 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-01 21:44 - 2014-11-11 21:09 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-12-01 21:15 - 2014-11-04 16:19 - 00000000 ___DC () C:\Users\jonathan\AppData\Local\MigWiz
2014-12-01 21:15 - 2011-02-11 14:38 - 00000000 ____D () C:\Windows\Panther
2014-11-26 19:09 - 2014-03-18 20:48 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-11-26 19:08 - 2014-06-08 13:58 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2014-11-26 19:08 - 2014-03-18 20:47 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-11-26 18:56 - 2014-03-18 20:48 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-26 18:55 - 2014-11-04 21:00 - 00000000 ____D () C:\Users\jonathan\Documents\Garmin
2014-11-26 18:55 - 2014-11-04 20:58 - 00000000 ____D () C:\Users\jonathan\AppData\Local\Garmin
2014-11-26 18:55 - 2014-11-04 20:57 - 00000000 ____D () C:\ProgramData\Garmin
2014-11-26 18:54 - 2014-11-04 20:58 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\Garmin
2014-11-26 18:54 - 2014-11-04 20:56 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-11-26 17:44 - 2014-03-18 20:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-11-26 17:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2014-11-26 17:33 - 2014-03-18 20:49 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-26 17:16 - 2014-03-18 20:49 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-11-26 17:13 - 2014-11-03 15:34 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\hpqLog
2014-11-26 15:00 - 2014-11-04 15:14 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\Spotify
2014-11-26 14:59 - 2014-11-04 15:18 - 00000000 ____D () C:\Users\jonathan\AppData\Local\Spotify
2014-11-26 14:41 - 2014-06-08 14:32 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.001
2014-11-26 14:30 - 2014-06-08 14:32 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.002
2014-11-25 14:29 - 2014-06-08 14:32 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.003
2014-11-24 16:06 - 2014-11-04 21:42 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\vlc
2014-11-24 14:32 - 2014-06-08 14:32 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.004
2014-11-23 14:21 - 2014-11-03 15:32 - 00000000 ____D () C:\Users\jonathan
2014-11-23 13:46 - 2014-06-08 14:32 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.005
2014-11-21 20:14 - 2014-11-03 15:33 - 00001444 _____ () C:\Users\jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-21 01:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-20 18:07 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-19 18:50 - 2014-11-11 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-11-19 18:50 - 2014-11-11 18:50 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-11-19 18:49 - 2014-11-11 18:50 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2014-11-19 18:49 - 2014-11-09 16:05 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\DVDVideoSoft
2014-11-19 17:41 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-19 17:40 - 2009-07-14 05:45 - 04831000 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-19 17:37 - 2014-11-04 18:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-19 15:15 - 2014-11-05 22:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-19 15:10 - 2014-11-05 22:01 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-15 16:56 - 2014-11-04 14:50 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-15 16:56 - 2014-11-04 14:50 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 15:33 - 2014-11-03 15:34 - 00000000 ____D () C:\Users\jonathan\AppData\Roaming\Hewlett-Packard

Some content of TEMP:
====================
C:\Users\jonathan\AppData\Local\Temp\avgnt.exe
C:\Users\jonathan\AppData\Local\Temp\Quarantine.exe
C:\Users\jonathan\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\jonathan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\jonathan\AppData\Local\Temp\sp64126.exe
C:\Users\jonathan\AppData\Local\Temp\sqlite3.dll
C:\Users\jonathan\AppData\Local\Temp\UninstallHPSA.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-09 21:01

==================== End Of Log ============================
--- --- ---



Wünsche noch ein schönes Wochenende!

schrauber 14.12.2014 11:29
Was isn Metro?
Browser Spiel oder Offline?


Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen

Ebenso die Hardwarebeschleunigung in FF abschalten.

schojathan 14.12.2014 14:53
Hi danke für die Antwort.

Metro ist ein Offline Spiel.
Und am Browser liegt es sicher nicht da es bei Internet explorer, google chrome etc. überall das selbe ist.
Habe echt keinen Plan an was das liegen kann.
Ich gehe mal davon aus das es nicht am Laptop liegt da ich zB Metro am Anfang problemlos spielen konnte.

Lg


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:54 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24