Hallo Ihr Experten an der Computerfront!

Danke erst einmal für eure Mühe!
Ich glaube ich habe mir im Copyshop um die Ecke irgendwas fieses eingefangen. Nun möchte ich den PC neu aufsetzen, würde zuvor aber gerne damit meine externen Festplatten nicht auch noch betroffen sind, die Angreifer gerne vom PC entfernen.

Wie in den Regeln zum Eröffnen eines Themas beschrieben hier mein Problem:

Jedes mal wenn ich meinen USB Stick an den PC stecke und Daten auf diesen Kopieren möchte, so werden auf dem Medium nur Verknüpfungen der Dateien sowie die Verknüpfung "System Volume Information" angezeigt.
Auch ein anzeigen versteckter Dateien im System wie teilweise in anderen Themen beschrieben brachte keinen Erfolg. Teilweise bleiben die Daten sichtbar, teilweise verschwinden sie aber auch.


Anbei die entsprechenden Logfiles.
Meinen Namen habe ich wie beschrieben durch **** ersetzt.

Bei der Erstellung des Logfiles durch frst64.exe, wurde der scan zwar durchgeführt er hat ganz am Anfang jedoch folgende Mitteilung ausgespuckt: " C:\WINDOWS\system32\config\system Der Prozess kann nicht auf die Datei zugreifen da sie von einem Prozess verwendet wird."

Dabei habe ich mich genau an die Anleitung gehalten und alle Programme zuvor beendet.

Ich danke euch riesig und meine Studienarbeit würde sich auch freuen!

Liebe Grüße


defogger_disable.log

Code: Alles auswählenAufklappen

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:23 on 09/03/2015 (*****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         

FRST.log

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 03
Ran by **** (administrator) on JUSTUSHOFFMANN on 09-03-2015 12:25:52
Running from C:\Users\****\Desktop\Virus
Loaded Profiles: **** (Available profiles: **** & Andrea & DefaultAppPool)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe
() C:\Windows\SysWOW64\DptfPolicyCriticalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Spotify Ltd) C:\Users\****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 7\MmReminderService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\nacl64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coNatHst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Martin Klinzmann) C:\Users\****\Desktop\LicenseCrawler\LicenseCrawler.exe
(Martin Klinzmann) C:\Users\****\Desktop\LicenseCrawler\LicenseCrawler.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\SysWOW64\DptfPolicyLpmServiceHelper.exe [13824 2012-02-20] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2409272 2012-10-06] (Logitech, Inc.)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 7\MMReminderService.exe [37392 2007-05-17] (Mindjet)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-01-28] (Cisco Systems, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20587168 2013-11-18] (Skype Technologies S.A.)
HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Run: [Spotify Web Helper] => C:\Users\****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-17] (Spotify Ltd)
HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Run: [MerciJacquieMichel] => wscript.exe //B "C:\Users\JUSTUS~1\AppData\Local\Temp\MerciJacquieMichel.vbe" <===== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MerciJacquieMichel.vbe ()
Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2283723822-742349386-183045315-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-2283723822-742349386-183045315-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2283723822-742349386-183045315-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2283723822-742349386-183045315-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2283723822-742349386-183045315-1001 -> {28684E8B-8FB1-4DE8-A201-BC65A5751191} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=35025C00-9B86-4F41-8DE4-7FBA746076A1&apn_sauid=CD45874C-A6D3-4477-A1EF-B0C407F5B97A
SearchScopes: HKU\S-1-5-21-2283723822-742349386-183045315-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=DE&ver=21&locale=de_DE&gct=kwd&qsrc=2869
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: CmjBrowserHelperObject Object -> {07A11D74-9D25-4fea-A833-8B0D76A5577A} -> C:\Program Files (x86)\Mindjet\MindManager 7\Mm7InternetExplorer.dll [2007-05-17] (Mindjet)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL [2014-07-23] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2012-10-06] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2283723822-742349386-183045315-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.188.1

FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\hcof00pn.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2283723822-742349386-183045315-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll [2013-03-12] (Amazon.com, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-10-05]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-03-04]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012-10-03]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-11-02]
FF HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10]
CHR Extension: (Logitech SetPoint) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2012-11-04]
CHR Extension: (iCloud Bookmarks) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2014-02-15]
CHR Extension: (Isoball 3) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj [2013-10-13]
CHR Extension: (Norton Security Toolbar) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-11-05]
CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Citavi Picker) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2014-04-01]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-05]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-11-02]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-05]
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - C:\Program Files (x86)\Citavi 4\Pickers\Chrome\ChromePicker.crx [2014-02-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [283296 2013-09-10] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\Windows\SysWOW64\DptfParticipantProcessorService.exe [18944 2012-02-20] ()
R2 DptfPolicyConfigTDPService; C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe [19968 2012-02-20] ()
R2 DptfPolicyCriticalService; C:\Windows\SysWOW64\DptfPolicyCriticalService.exe [19456 2012-02-20] ()
S2 DptfPolicyLpmService; C:\Windows\SysWOW64\DptfPolicyLpmService.exe [24576 2012-02-20] ()
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Users\****\AppData\Local\Temp\7zS6FC2\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-04-10] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2013-11-07] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-07] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2013-11-07] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-26] ()
S3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2012-07-14] (Windows (R) Win 7 DDK provider)
S3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [19104 2012-07-14] (ASUS)
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-16] (ASUS Corporation)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113664 2013-10-11] (ASIX Electronics Corp.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150224.001\BHDrvx64.sys [1622744 2015-02-03] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-08] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107288 2012-02-20] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42776 2012-02-20] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64792 2012-02-20] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96024 2012-02-20] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [220952 2012-02-20] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [357656 2012-02-20] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-15] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-15] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150306.001\IDSvia64.sys [669400 2015-02-13] (Symantec Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [26504 2012-04-10] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2013-11-07] (Microsoft Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150308.001\ENG64.SYS [129752 2015-01-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150308.001\EX64.SYS [2137304 2015-01-21] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1506000.020\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-05] (Symantec Corporation)
S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2015-01-28] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
U3 idsvc; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-09 12:25 - 2015-03-09 12:26 - 00000000 ____D () C:\FRST
2015-03-09 12:23 - 2015-03-09 12:25 - 00000000 ____D () C:\Users\****\Desktop\Virus
2015-03-09 12:23 - 2015-03-09 12:23 - 00000000 _____ () C:\Users\****\defogger_reenable
2015-03-09 12:20 - 2015-03-09 12:21 - 11587952 _____ (McAfee Inc) C:\Users\****\Desktop\stinger32.exe
2015-03-09 12:18 - 2015-03-09 12:19 - 00000000 ____D () C:\Users\****\Desktop\LicenseCrawler
2015-03-09 12:17 - 2015-03-09 12:17 - 01393511 _____ () C:\Users\****\Desktop\licensecrawler_1.43.732.zip
2015-03-07 19:12 - 2015-03-07 19:12 - 00698568 _____ () C:\Users\****\Desktop\handyhuelle_oettinger.jpg.zip
2015-03-04 22:27 - 2015-03-08 17:11 - 00000000 ____D () C:\Users\****\Desktop\Studienarbeit
2015-03-04 10:13 - 2015-03-04 10:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2015-03-04 10:13 - 2015-01-28 20:49 - 00112496 ____R (Cisco Systems, Inc.) C:\WINDOWS\system32\Drivers\acsock64.sys
2015-03-04 10:04 - 2015-03-04 10:07 - 03345776 _____ (Cisco Systems, Inc.) C:\Users\****\Desktop\anyconnect-win-3.1.06079-web-deploy-k9.exe
2015-02-25 12:18 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 12:18 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-25 12:18 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-25 12:18 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-25 12:18 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-25 12:18 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-24 03:41 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-24 03:41 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-16 09:24 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-16 09:24 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-16 09:24 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-16 09:24 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-16 09:24 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-16 09:24 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-16 09:24 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-16 09:24 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-16 09:24 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-16 09:24 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-16 09:24 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-16 09:24 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-16 09:24 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-16 09:24 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-16 09:24 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-16 09:24 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-16 09:24 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-16 09:24 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-16 09:24 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-16 09:24 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-16 09:24 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-16 09:24 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-16 09:24 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-16 09:24 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-16 09:24 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-16 09:24 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-16 09:24 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-16 09:23 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-16 09:23 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-16 09:23 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-16 09:23 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-16 09:23 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-16 09:23 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-16 09:23 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-16 09:23 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-16 09:23 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-16 09:23 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-16 09:23 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-16 09:23 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-16 09:23 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-16 09:23 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-16 09:23 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-16 09:23 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-16 09:23 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-16 09:23 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-16 09:23 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-16 09:23 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-16 09:23 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-16 09:23 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-16 09:23 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-16 09:23 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-16 09:23 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-16 09:23 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-16 09:23 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-16 09:23 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-16 09:23 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-16 09:23 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-16 09:23 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-16 09:23 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-16 09:23 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-16 09:23 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-16 09:23 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-16 09:23 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-16 09:23 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-16 09:23 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-09 12:23 - 2013-11-07 04:18 - 00000000 ____D () C:\Users\****
2015-03-09 12:17 - 2012-10-03 16:18 - 00000000 ____D () C:\Users\****\Documents\Outlook-Dateien
2015-03-09 12:06 - 2014-03-22 16:30 - 00000000 ____D () C:\Users\****\Documents\Citavi 4
2015-03-09 12:01 - 2013-03-20 13:23 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-09 12:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-09 12:00 - 2012-02-24 03:29 - 00001148 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-09 12:00 - 2012-02-24 03:29 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-09 11:59 - 2013-11-07 04:23 - 02092683 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-09 11:41 - 2012-10-03 15:32 - 00000000 ___RD () C:\Users\****\Dropbox
2015-03-09 11:01 - 2013-09-30 05:14 - 02072588 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-09 11:01 - 2013-09-30 04:56 - 00889374 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-09 11:01 - 2013-09-30 04:56 - 00205446 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-09 10:59 - 2014-02-15 05:49 - 00000000 ____D () C:\Users\****\AppData\Local\769A133B-0AED-452E-A98A-A2C94FEF5322.aplzod
2015-03-08 17:02 - 2013-11-06 22:08 - 01165312 ___SH () C:\Users\****\Desktop\Thumbs.db
2015-03-08 16:41 - 2012-12-02 23:43 - 00000000 ____D () C:\Users\****\AppData\Roaming\Skype
2015-03-07 17:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-07 13:38 - 2012-10-16 00:46 - 00003994 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{579749A9-A7ED-4DBF-B3BE-1B7363949C56}
2015-03-05 14:45 - 2013-11-06 22:12 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2283723822-742349386-183045315-1001
2015-03-04 22:27 - 2013-08-22 15:46 - 00339736 _____ () C:\WINDOWS\setupact.log
2015-03-04 20:02 - 2013-11-07 08:40 - 00000000 __RDO () C:\Users\****\SkyDrive
2015-03-04 20:02 - 2013-11-07 01:00 - 00000401 _____ () C:\Users\****\AppData\Roaming\sp_data.sys
2015-03-04 20:02 - 2012-10-03 15:30 - 00000000 ____D () C:\Users\****\AppData\Roaming\Dropbox
2015-03-04 20:01 - 2013-09-29 20:04 - 00218246 _____ () C:\WINDOWS\PFRO.log
2015-03-04 20:01 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-04 10:13 - 2013-11-24 16:20 - 00000000 ____D () C:\ProgramData\Cisco
2015-03-04 10:13 - 2013-11-06 23:43 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-03-04 10:12 - 2012-10-03 16:24 - 00000000 ____D () C:\Users\****\Desktop\Programme
2015-03-04 10:11 - 2014-12-04 20:56 - 00000000 ____D () C:\Users\****\Desktop\Schwerpunkt
2015-03-04 09:55 - 2012-10-17 17:52 - 00000000 ____D () C:\Users\****\Documents\Corps
2015-03-04 09:55 - 2012-10-03 16:20 - 00000000 ____D () C:\Users\****\Documents\Uni
2015-03-02 13:34 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-02 13:33 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-02 13:21 - 2012-10-03 16:19 - 00000000 ____D () C:\Users\****\AppData\Roaming\Swiss Academic Software
2015-02-25 13:18 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-21 00:48 - 2012-10-03 15:32 - 00001107 _____ () C:\Users\****\Desktop\Dropbox.lnk
2015-02-21 00:48 - 2012-10-03 15:31 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-20 11:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-20 10:10 - 2013-08-22 15:44 - 00479376 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-20 10:08 - 2012-10-03 15:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-20 10:08 - 2009-07-14 03:34 - 00000545 _____ () C:\WINDOWS\win.ini
2015-02-16 09:28 - 2013-07-25 10:43 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-16 09:24 - 2012-10-03 16:28 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-13 11:55 - 2012-02-24 03:29 - 00004120 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-13 11:55 - 2012-02-24 03:29 - 00003884 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2013-11-07 08:42 - 2013-11-07 08:42 - 0000021 _____ () C:\Users\****\AppData\Roaming\my_intel.sys
2013-11-07 01:00 - 2015-03-04 20:02 - 0000401 _____ () C:\Users\****\AppData\Roaming\sp_data.sys
2014-08-05 02:05 - 2014-08-05 02:05 - 0002203 _____ () C:\Users\****\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2013-11-07 01:36 - 2013-11-07 01:38 - 0037795 _____ () C:\Users\****\AppData\Local\WiDiSetupLog.20131107.013659.wdl
2012-02-24 03:42 - 2010-10-06 18:45 - 0131984 _____ () C:\ProgramData\FullRemove.exe
2012-10-05 14:19 - 2013-11-14 20:12 - 0003349 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpenflld.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-04 21:18

==================== End Of Log ============================
         

--- --- ---



GMER.txt

Code: Alles auswählenAufklappen

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-09 12:42:48
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ADATA_XM rev.5.0. 238,47GB
Running: s5ezzdql.exe; Driver: C:\Users\JUSTUS~1\AppData\Local\Temp\awtdapob.sys


---- Kernel code sections - GMER 2.1 ----

.text    C:\WINDOWS\System32\win32k.sys!W32pServiceTable                                                                                                                                                                                                                               fffff960001fb200 15 bytes [00, 65, F4, 01, 80, 7D, 6A, ...]
.text    C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 17                                                                                                                                                                                                                          fffff960001fb211 10 bytes [F3, FB, FF, 00, 17, C7, 00, ...]

---- User code sections - GMER 2.1 ----

.text    C:\WINDOWS\system32\WLANExt.exe[1364] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                                                                                                  00007ff8a2e6169a 4 bytes [E6, A2, F8, 7F]
.text    C:\WINDOWS\system32\WLANExt.exe[1364] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                                                                                                  00007ff8a2e616a2 4 bytes [E6, A2, F8, 7F]
.text    C:\WINDOWS\system32\WLANExt.exe[1364] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                                                                                     00007ff8a2e6181a 4 bytes [E6, A2, F8, 7F]
.text    C:\WINDOWS\system32\WLANExt.exe[1364] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                                                                                     00007ff8a2e61832 4 bytes [E6, A2, F8, 7F]
.text    C:\WINDOWS\System32\spoolsv.exe[1524] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                                                                                                  00007ff8a2e6169a 4 bytes [E6, A2, F8, 7F]
.text    C:\WINDOWS\System32\spoolsv.exe[1524] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                                                                                                  00007ff8a2e616a2 4 bytes [E6, A2, F8, 7F]
.text    C:\WINDOWS\System32\spoolsv.exe[1524] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                                                                                     00007ff8a2e6181a 4 bytes [E6, A2, F8, 7F]
.text    C:\WINDOWS\System32\spoolsv.exe[1524] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                                                                                     00007ff8a2e61832 4 bytes [E6, A2, F8, 7F]
.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1108] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                                                                                       00007ff8a2e6169a 4 bytes [E6, A2, F8, 7F]
.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1108] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                                                                                       00007ff8a2e616a2 4 bytes [E6, A2, F8, 7F]
.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1108] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                                                                          00007ff8a2e6181a 4 bytes [E6, A2, F8, 7F]
.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1108] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                                                                          00007ff8a2e61832 4 bytes [E6, A2, F8, 7F]
.text    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2544] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                                                                   00007ff8a2e6169a 4 bytes [E6, A2, F8, 7F]
.text    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2544] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                                                                   00007ff8a2e616a2 4 bytes [E6, A2, F8, 7F]
.text    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2544] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                                                      00007ff8a2e6181a 4 bytes [E6, A2, F8, 7F]
.text    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2544] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                                                      00007ff8a2e61832 4 bytes [E6, A2, F8, 7F]
.text    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                                                                            00007ff8a2e6169a 4 bytes [E6, A2, F8, 7F]
.text    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                                                                            00007ff8a2e616a2 4 bytes [E6, A2, F8, 7F]
.text    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                                                               00007ff8a2e6181a 4 bytes [E6, A2, F8, 7F]
.text    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2752] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                                                               00007ff8a2e61832 4 bytes [E6, A2, F8, 7F]
.text    C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2800] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                                                                00007ff8a2e6169a 4 bytes [E6, A2, F8, 7F]
.text    C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2800] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                                                                00007ff8a2e616a2 4 bytes [E6, A2, F8, 7F]
.text    C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2800] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                                                   00007ff8a2e6181a 4 bytes [E6, A2, F8, 7F]
.text    C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2800] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                                                   00007ff8a2e61832 4 bytes [E6, A2, F8, 7F]
.text    C:\Windows\system32\EscSvc64.exe[2840] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                                                                                                 00007ff8a2e6169a 4 bytes [E6, A2, F8, 7F]
.text    C:\Windows\system32\EscSvc64.exe[2840] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                                                                                                 00007ff8a2e616a2 4 bytes [E6, A2, F8, 7F]
.text    C:\Windows\system32\EscSvc64.exe[2840] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                                                                                    00007ff8a2e6181a 4 bytes [E6, A2, F8, 7F]
.text    C:\Windows\system32\EscSvc64.exe[2840] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                                                                                    00007ff8a2e61832 4 bytes [E6, A2, F8, 7F]
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[3236] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                                                                                            00007ff8a2e6169a 4 bytes [E6, A2, F8, 7F]
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[3236] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                                                                                            00007ff8a2e616a2 4 bytes [E6, A2, F8, 7F]
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[3236] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                                                                               00007ff8a2e6181a 4 bytes [E6, A2, F8, 7F]
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[3236] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                                                                               00007ff8a2e61832 4 bytes [E6, A2, F8, 7F]
.text    C:\WINDOWS\Explorer.EXE[4176] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                                                                                                          00007ff8a2e6169a 4 bytes [E6, A2, F8, 7F]
.text    C:\WINDOWS\Explorer.EXE[4176] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                                                                                                          00007ff8a2e616a2 4 bytes [E6, A2, F8, 7F]
.text    C:\WINDOWS\Explorer.EXE[4176] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                                                                                             00007ff8a2e6181a 4 bytes [E6, A2, F8, 7F]
.text    C:\WINDOWS\Explorer.EXE[4176] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                                                                                             00007ff8a2e61832 4 bytes [E6, A2, F8, 7F]
.text    C:\WINDOWS\Explorer.EXE[4176] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194                                                                                                                                                                                                00007ff89aad1f6a 4 bytes [AD, 9A, F8, 7F]
.text    C:\WINDOWS\Explorer.EXE[4176] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218                                                                                                                                                                                                00007ff89aad1f82 4 bytes [AD, 9A, F8, 7F]
.text    C:\Program Files\Logitech\SetPointP\SetPoint.exe[6096] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                                                                                 00007ff8a2e6169a 4 bytes [E6, A2, F8, 7F]
.text    C:\Program Files\Logitech\SetPointP\SetPoint.exe[6096] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                                                                                 00007ff8a2e616a2 4 bytes [E6, A2, F8, 7F]
.text    C:\Program Files\Logitech\SetPointP\SetPoint.exe[6096] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                                                                    00007ff8a2e6181a 4 bytes [E6, A2, F8, 7F]
.text    C:\Program Files\Logitech\SetPointP\SetPoint.exe[6096] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                                                                    00007ff8a2e61832 4 bytes [E6, A2, F8, 7F]

---- Threads - GMER 2.1 ----

Thread   C:\WINDOWS\system32\csrss.exe [660:684]                                                                                                                                                                                                                                       fffff96000874b90
---- Processes - GMER 2.1 ----

Library  c:\users\justus~1\appdata\local\temp\7zs6fc2\hpslpsvc64.dll (*** suspicious ***) @ C:\WINDOWS\system32\svchost.exe [3644] (HP Network Devices Support/Hewlett-Packard Co.)(2013-11-11 08:28:27)                                                                               0000000180000000
Process  C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6416] (FILE NOT FOUND)                                                                                              0000000000400000
Library  C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:28)        00000000654a0000
Library  C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)            0000000065190000
Library  C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)           0000000064860000
Library  C:\Users\*****\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6416](2015-02-10 21:00:30)                                                                                        0000000067fe0000
Library  C:\Users\*****\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6416] (ICU I18N DLL/The ICU Project)(2015-02-10 21:00:30)                                                           000000004a900000
Library  C:\Users\*****\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6416] (ICU Common DLL/The ICU Project)(2015-02-10 21:00:30)                                                         00000000041f0000
Library  C:\Users\*****\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6416] (ICU Data DLL/The ICU Project)(2015-02-10 21:00:30)                                                           000000004ad00000
Library  c:\users\justus~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpenflld.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6416](2015-03-04 19:02:44)                                              0000000003d40000
Library  C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)        0000000067ba0000
Library  C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26)         0000000065df0000
Library  C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)          0000000067980000
Library  C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)            0000000067720000
Library  C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)            00000000680c0000
Library  C:\Users\*****\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6416](2015-02-10 21:00:30)                                                                                           00000000680b0000
Library  C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26)  00000000676f0000
Library  C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)         00000000676b0000
Library  C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)   0000000067660000
Library  C:\Users\*****\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6416](2015-02-10 21:00:28)                                                                       0000000067580000
Library  C:\Users\*****\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6416](2015-02-10 21:00:28)                                                                       0000000067540000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                                                                                                                         unknown MBR code

---- EOF - GMER 2.1 ----
         

HI,

Addition.txt von FRST bitte noch posten.

Oh, wohl übersehen! Danke

Addition.txt

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2015 03
Ran by ***** at 2015-03-09 12:27:52
Running from C:\Users\*****\Desktop\Virus
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Backtracker (HKLM-x32\...\{C15C060C-ED1C-49EB-83B3-F7C0FD1CD661}) (Version: 3.0.3 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.2 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.7 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)
ASUS PWR Option (HKLM-x32\...\{B7B60C4F-0DB8-42EF-8EDC-5F21D4C2D73F}) (Version: 1.2.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.1.3 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.4 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)
AX88772B Windows 7 Drivers (HKLM-x32\...\InstallShield_{54A168C9-2250-4058-80EB-1F4A4192548A}) (Version: 1.0.2.0 - ASIX Electronics Corporation)
AX88772B Windows 7 Drivers (x32 Version: 1.0.2.0 - ASIX Electronics Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C5300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.06079 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.06079 - Cisco Systems, Inc.) Hidden
Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.3.0.0 - Swiss Academic Software)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.3.0.15 - Swiss Academic Software)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
Dropbox (HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-2510 Series Printer Uninstall (HKLM\...\EPSON WF-2510 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C5300 All-In-One Driver Software 13.0 Rel. 4 (HKLM\...\{6FA29B87-FED3-45A1-8A95-2FDEE0F6DD18}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel(R) Dynamic Platform & Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.1.1067 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1024 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{BE7E45FA-7F97-4155-87CF-2DEA398995DA}) (Version: 4.2.21.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® AT Service signup (HKLM-x32\...\{CD49AEDB-FFB4-4A9A-A3C2-E9AF814FE6FE}) (Version: 2.0.0.3 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.550 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech SetPoint 6.50 (HKLM\...\sp6) (Version: 6.50.152 - Logitech)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mindjet MindManager Pro 7 (HKLM-x32\...\{3CDFEE23-66D2-4DB0-8269-12634E871725}) (Version: 7.0.429 - Mindjet LLC)
MOBackup - Datensicherung für Outlook (Vollversion) (HKLM-x32\...\MOBackup-DatensicherungfürOutlook) (Version: 7.0 - Heiko Schröder)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
myBitCast 1.0.0.3 (HKLM\...\myBitCast) (Version: 1.0.0.3 - ASUS Cloud Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
PDF-XChange 3 (HKLM-x32\...\PDF-XChange 3_is1) (Version:  - Tracker Software)
PS_AIO_04_C5300_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6809 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.16642 - TeamViewer)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - ASUS (ATP) Mouse  (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.31 - ASUS)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2283723822-742349386-183045315-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2283723822-742349386-183045315-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2283723822-742349386-183045315-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2283723822-742349386-183045315-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2283723822-742349386-183045315-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2283723822-742349386-183045315-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2283723822-742349386-183045315-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2283723822-742349386-183045315-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2283723822-742349386-183045315-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2283723822-742349386-183045315-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

20-02-2015 10:07:11 Windows Update
24-02-2015 12:18:15 Windows Update
04-03-2015 10:12:36 Installed Cisco AnyConnect Secure Mobility Client

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01C995FF-D178-4E7B-AC4A-9E950006A207} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {0824384A-6E02-4601-9650-D83C1EB8C205} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {0837D897-84CB-4E30-A8DD-807937A81DFC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {0B3022E3-1822-42D2-853B-060D9B16FE85} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.)
Task: {0F1FC558-90E6-41AA-8D37-4FBE69053762} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {118314BB-772D-4B9C-8430-8FFEE872FB3C} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-10-24] (ASUS)
Task: {11E2634C-A98E-419D-B2A1-26B51596D6E5} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [2015-02-13] ()
Task: {148318FC-5974-4508-A415-B3AFD16E5DDB} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {20716D4A-7F53-4BCC-A396-90A79DBC0493} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {29308477-8F7E-4D4F-92D5-F1534E61B6F5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {2A12FA94-AE78-4CE3-BCAB-CA6A4798002A} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {3C9616B2-742C-4820-AFAE-F3D2459E9677} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {3D966D87-5FE5-4FBC-8E90-DB0F48E454DB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {3E3E65EA-6693-4ACC-947D-206853F50D65} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {42145BE5-4059-431F-919A-1A381C5966DE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {480307B7-D62C-40B4-AC2B-958F633F286F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {56A5C30C-CC9F-40CE-8C9A-A4D7C1696920} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {6913925B-8807-4944-9DC4-D2106FAF17F0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {6FECF9BE-AED8-4627-80ED-91FF5361960F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {773492A6-4F08-4DAF-9C1B-778BC17ACAED} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {78588675-6CF3-4E50-B5B1-1EC34EAA2F6B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {7DDF9673-8D0B-4652-B795-1BEAD1206B65} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {81443F6F-8608-4F5F-9746-49BD355F1F44} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-01-16] (AsusTek)
Task: {8687A636-6CDE-4487-A3BA-E2518973B7CC} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2013-11-27] ()
Task: {8BBF993A-7ACF-4CD2-84BA-1E8BC24671C6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8BDDB50A-894A-44C8-8F18-AC996B599520} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.)
Task: {9FC31335-F46F-48D5-87F9-A1A2E33222C1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {AA921623-B84A-4EC8-A6DA-5D46323FC6D9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {AE1822A9-629F-44BA-9C16-D1B008EE3111} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {B1417ABA-38A5-4959-9D99-9958D486088B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-16] (Microsoft Corporation)
Task: {B7874F98-7A73-4D9D-B14B-1FEAB9D5BAB6} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2012-02-16] (ASUSTek Computer Inc.)
Task: {C0804079-4CDF-45AB-B431-AAA2FD56F1C8} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {C778374C-94FE-41B0-B705-5FC952201AC0} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {CC4FC069-845E-4644-BE5E-360DE6B864A3} - System32\Tasks\ASUS Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2012-06-29] (ASUSTeK Computer Inc.)
Task: {DD548504-31EE-43FF-A573-1E9BCB56DC76} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {E959E007-A71C-4952-8EA8-22DE146D6227} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {EA49544F-8E18-47FB-85D3-2FD3C8A971D5} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [2015-02-13] ()
Task: {F0496437-71B1-4E96-9E9C-3BC2F52CDE46} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F3BBF756-D937-4E6C-84DA-87C055AF2E05} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {F4B55B2F-BFE3-478B-A5C0-97DDC4A506EF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FACB8164-0888-403B-B4E6-7F59329EA90F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {FBC8485F-A585-489F-8E2C-C65FEABC1BEF} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FCAB4EAD-2FA5-48CB-88C3-AEAED4EF25CD} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {FFEE4F98-789F-4BC5-9EBF-91D4AC658C46} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-01-26 17:51 - 2012-09-18 15:27 - 00192512 _____ () C:\WINDOWS\System32\zlhp1020.dll
2013-01-26 17:51 - 2012-09-18 15:27 - 00065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\pphp1020.dll
2012-07-30 03:50 - 2012-02-20 04:31 - 00018944 _____ () C:\WINDOWS\SysWOW64\DptfParticipantProcessorService.exe
2012-07-30 03:50 - 2012-02-20 04:31 - 00019968 _____ () C:\WINDOWS\SysWOW64\DptfPolicyConfigTDPService.exe
2012-07-30 03:50 - 2012-02-20 04:31 - 00019456 _____ () C:\WINDOWS\SysWOW64\DptfPolicyCriticalService.exe
2012-08-24 17:26 - 2012-08-24 17:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2009-03-02 03:08 - 2009-03-02 03:08 - 00003584 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\LogicNP.PropSheetExtensionHelper_x64.dll
2012-10-06 09:15 - 2012-10-06 09:15 - 01976632 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2012-10-06 09:14 - 2012-10-06 09:14 - 00071992 _____ () C:\Program Files\Logitech\SetPointP\WinRTProxy.DLL
2015-01-28 21:08 - 2015-01-28 21:08 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-31 17:25 - 2012-01-31 17:25 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2012-08-24 17:17 - 2012-08-24 17:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 20:02 - 2015-03-04 20:02 - 00043008 _____ () c:\Users\*****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpenflld.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2007-05-17 23:05 - 2007-05-17 23:05 - 00116240 ____R () C:\Program Files (x86)\Mindjet\MindManager 7\zlib.dll
2012-09-08 22:57 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 14:46 - 2013-02-14 14:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2015-02-24 15:02 - 2015-02-17 23:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-24 15:02 - 2015-02-17 23:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-24 15:02 - 2015-02-17 23:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
2015-02-24 15:02 - 2015-02-17 23:44 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\*****\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\*****\Documents\duschkabine.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\*****\Documents\duschkabine.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\*****\Documents\duschkabine2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\*****\Documents\duschkabine2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2283723822-742349386-183045315-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\asus\wallpapers\asus.jpg
DNS Servers: 192.168.188.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2283723822-742349386-183045315-500 - Administrator - Disabled)
Andrea (S-1-5-21-2283723822-742349386-183045315-1007 - Limited - Enabled) => C:\Users\Andrea
Gast (S-1-5-21-2283723822-742349386-183045315-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2283723822-742349386-183045315-1006 - Limited - Enabled)
***** (S-1-5-21-2283723822-742349386-183045315-1001 - Administrator - Enabled) => C:\Users\*****

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/09/2015 11:34:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 707641

Error: (03/09/2015 11:34:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 707641

Error: (03/09/2015 11:34:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/09/2015 11:22:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1188

Error: (03/09/2015 11:22:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1188

Error: (03/09/2015 11:22:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/09/2015 11:22:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: smartlogon.exe, Version: 1.0.14.4, Zeitstempel: 0x4f41f50c
Name des fehlerhaften Moduls: smartlogon.exe, Version: 1.0.14.4, Zeitstempel: 0x4f41f50c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00008a8e
ID des fehlerhaften Prozesses: 0x23ac
Startzeit der fehlerhaften Anwendung: 0xsmartlogon.exe0
Pfad der fehlerhaften Anwendung: smartlogon.exe1
Pfad des fehlerhaften Moduls: smartlogon.exe2
Berichtskennung: smartlogon.exe3
Vollständiger Name des fehlerhaften Pakets: smartlogon.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: smartlogon.exe5

Error: (03/08/2015 05:16:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1156

Error: (03/08/2015 05:16:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1156

Error: (03/08/2015 05:16:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (03/09/2015 00:29:56 PM) (Source: DCOM) (EventID: 10028) (User: JUSTUSHOFFMANN)
Description: localglcaslhhtt    29f4C:\Windows\System32\wscript.exe

Error: (03/09/2015 00:29:25 PM) (Source: DCOM) (EventID: 10028) (User: JUSTUSHOFFMANN)
Description: localglcaslhhtt    29f4C:\Windows\System32\wscript.exe

Error: (03/09/2015 00:28:54 PM) (Source: DCOM) (EventID: 10028) (User: JUSTUSHOFFMANN)
Description: localglcaslhhtt    29f4C:\Windows\System32\wscript.exe

Error: (03/09/2015 00:28:24 PM) (Source: DCOM) (EventID: 10028) (User: JUSTUSHOFFMANN)
Description: localglcaslhhtt    29f4C:\Windows\System32\wscript.exe

Error: (03/09/2015 00:27:53 PM) (Source: DCOM) (EventID: 10028) (User: JUSTUSHOFFMANN)
Description: localglcaslhhtt    29f4C:\Windows\System32\wscript.exe

Error: (03/09/2015 00:27:22 PM) (Source: DCOM) (EventID: 10028) (User: JUSTUSHOFFMANN)
Description: localglcaslhhtt    29f4C:\Windows\System32\wscript.exe

Error: (03/09/2015 00:26:51 PM) (Source: DCOM) (EventID: 10028) (User: JUSTUSHOFFMANN)
Description: localglcaslhhtt    29f4C:\Windows\System32\wscript.exe

Error: (03/09/2015 00:26:21 PM) (Source: DCOM) (EventID: 10028) (User: JUSTUSHOFFMANN)
Description: localglcaslhhtt    29f4C:\Windows\System32\wscript.exe

Error: (03/09/2015 00:25:50 PM) (Source: DCOM) (EventID: 10028) (User: JUSTUSHOFFMANN)
Description: localglcaslhhtt    29f4C:\Windows\System32\wscript.exe

Error: (03/09/2015 00:25:19 PM) (Source: DCOM) (EventID: 10028) (User: JUSTUSHOFFMANN)
Description: localglcaslhhtt    29f4C:\Windows\System32\wscript.exe


Microsoft Office Sessions:
=========================
Error: (03/09/2015 11:34:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 707641

Error: (03/09/2015 11:34:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 707641

Error: (03/09/2015 11:34:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/09/2015 11:22:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1188

Error: (03/09/2015 11:22:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1188

Error: (03/09/2015 11:22:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/09/2015 11:22:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: smartlogon.exe1.0.14.44f41f50csmartlogon.exe1.0.14.44f41f50cc000000500008a8e23ac01d05a52eedcba84C:\Program Files (x86)\ASUS\FaceLogon\smartlogon.exeC:\Program Files (x86)\ASUS\FaceLogon\smartlogon.exe2e74a531-c646-11e4-bec4-c48508316da6

Error: (03/08/2015 05:16:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1156

Error: (03/08/2015 05:16:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1156

Error: (03/08/2015 05:16:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2015-02-20 10:27:13.246
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-02-20 10:27:13.139
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-02-20 10:27:13.059
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-02-20 10:27:12.854
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-02-20 10:27:12.781
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-02-20 10:27:12.701
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-02-20 10:27:10.041
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-02-20 10:27:09.326
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-02-20 10:23:01.423
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-02-20 10:23:01.301
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 75%
Total physical RAM: 3981.72 MB
Available physical RAM: 973.29 MB
Total Pagefile: 8077.72 MB
Available Pagefile: 4255.23 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:102.2 GB) (Free:18.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:121.61 GB) (Free:117.4 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: C14CBD8D)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

USB Stick anklemmen, nicht mehr abklemmen.


Panda USB Vaccine

Bitte lade Dir von hier Panda USB Vaccine herunter.

• Starte und installiere es.
  
• Impfe Deinen PC
  

Downloade Dir bitte Malwarebytes Anti-Malware

• Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
• Starte Malwarebytes' Anti-Malware (MBAM).
• Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
• Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
• Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
• Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
• Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Super Danke dir bereits im Voraus!


Hier die Logfiles:

FRST.txt

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 03
Ran by **** (administrator) on **** on 10-03-2015 01:01:04
Running from C:\Users\****\Desktop\Virus
Loaded Profiles: **** (Available profiles: **** & Andrea & DefaultAppPool)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe
() C:\Windows\SysWOW64\DptfPolicyCriticalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Spotify Ltd) C:\Users\****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 7\MmReminderService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\SysWOW64\DptfPolicyLpmServiceHelper.exe [13824 2012-02-20] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2409272 2012-10-06] (Logitech, Inc.)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 7\MMReminderService.exe [37392 2007-05-17] (Mindjet)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-01-28] (Cisco Systems, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20587168 2013-11-18] (Skype Technologies S.A.)
HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Run: [Spotify Web Helper] => C:\Users\****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-17] (Spotify Ltd)
HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Run: [MerciJacquieMichel] => wscript.exe //B "C:\Users\JUSTUS~1\AppData\Local\Temp\MerciJacquieMichel.vbe" <===== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MerciJacquieMichel.vbe ()
Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2283723822-742349386-183045315-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-2283723822-742349386-183045315-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: CmjBrowserHelperObject Object -> {07A11D74-9D25-4fea-A833-8B0D76A5577A} -> C:\Program Files (x86)\Mindjet\MindManager 7\Mm7InternetExplorer.dll [2007-05-17] (Mindjet)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL [2014-07-23] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2012-10-06] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2283723822-742349386-183045315-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.188.1

FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\hcof00pn.default
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2283723822-742349386-183045315-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll [2013-03-12] (Amazon.com, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-10-05]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-03-10]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012-10-03]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-11-02]
FF HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10]
CHR Extension: (Logitech SetPoint) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2012-11-04]
CHR Extension: (iCloud Bookmarks) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2014-02-15]
CHR Extension: (Isoball 3) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj [2013-10-13]
CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Citavi Picker) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2014-04-01]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-11-02]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - C:\Program Files (x86)\Citavi 4\Pickers\Chrome\ChromePicker.crx [2014-02-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [283296 2013-09-10] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\Windows\SysWOW64\DptfParticipantProcessorService.exe [18944 2012-02-20] ()
R2 DptfPolicyConfigTDPService; C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe [19968 2012-02-20] ()
R2 DptfPolicyCriticalService; C:\Windows\SysWOW64\DptfPolicyCriticalService.exe [19456 2012-02-20] ()
S2 DptfPolicyLpmService; C:\Windows\SysWOW64\DptfPolicyLpmService.exe [24576 2012-02-20] ()
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Users\****\AppData\Local\Temp\7zS6FC2\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-04-10] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2013-11-07] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-07] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2013-11-07] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-26] ()
S3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2012-07-14] (Windows (R) Win 7 DDK provider)
S3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [19104 2012-07-14] (ASUS)
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-16] (ASUS Corporation)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113664 2013-10-11] (ASIX Electronics Corp.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150224.001\BHDrvx64.sys [1622744 2015-02-03] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-08] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107288 2012-02-20] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42776 2012-02-20] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64792 2012-02-20] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96024 2012-02-20] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [220952 2012-02-20] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [357656 2012-02-20] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-15] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-15] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150306.001\IDSvia64.sys [669400 2015-02-13] (Symantec Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [26504 2012-04-10] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2013-11-07] (Microsoft Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150308.001\ENG64.SYS [129752 2015-01-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150308.001\EX64.SYS [2137304 2015-01-21] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1506000.020\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-05] (Symantec Corporation)
S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2015-01-28] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
U3 idsvc; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-10 01:00 - 2015-03-10 01:00 - 00001120 _____ () C:\Users\****\Desktop\JRT.txt
2015-03-10 00:55 - 2015-03-10 00:55 - 01388333 _____ (Thisisu) C:\Users\****\Desktop\JRT.exe
2015-03-10 00:47 - 2015-03-10 00:50 - 00000000 ____D () C:\AdwCleaner
2015-03-09 23:38 - 2015-03-10 00:52 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-09 23:38 - 2015-03-09 23:38 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-09 23:38 - 2015-03-09 23:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-09 23:38 - 2015-03-09 23:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-09 23:38 - 2015-03-09 23:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-09 23:38 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-09 23:38 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-09 23:38 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-09 23:37 - 2015-03-09 23:37 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\****\Desktop\mbam-setup-2.0.4.1028.exe
2015-03-09 23:37 - 2015-03-09 23:37 - 02171392 _____ () C:\Users\****\Desktop\AdwCleaner_4.112.exe
2015-03-09 23:36 - 2015-03-09 23:36 - 00848856 _____ (Panda Security ) C:\Users\****\Desktop\USBVaccineSetup.exe
2015-03-09 23:36 - 2015-03-09 23:36 - 00003108 _____ () C:\WINDOWS\System32\Tasks\PandaUSBVaccine
2015-03-09 23:36 - 2015-03-09 23:36 - 00000000 ____D () C:\ProgramData\Panda Security
2015-03-09 23:36 - 2015-03-09 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2015-03-09 23:36 - 2015-03-09 23:36 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2015-03-09 13:56 - 2015-03-09 13:56 - 01483336 _____ (Microsoft Corporation) C:\Users\****\Desktop\mediacreationtool.exe
2015-03-09 12:31 - 2015-03-09 12:34 - 00000891 _____ () C:\Users\****\Desktop\Neues Textdokument.txt
2015-03-09 12:29 - 2015-03-09 12:29 - 00002530 _____ () C:\Users\****\Desktop\Lizenzen.txt
2015-03-09 12:28 - 2015-03-09 12:28 - 00380416 _____ () C:\Users\****\Desktop\s5ezzdql.exe
2015-03-09 12:25 - 2015-03-10 01:01 - 00000000 ____D () C:\FRST
2015-03-09 12:23 - 2015-03-10 01:01 - 00000000 ____D () C:\Users\****\Desktop\Virus
2015-03-09 12:23 - 2015-03-09 12:23 - 00000000 _____ () C:\Users\****\defogger_reenable
2015-03-09 12:20 - 2015-03-09 12:21 - 11587952 _____ (McAfee Inc) C:\Users\****\Desktop\stinger32.exe
2015-03-09 12:18 - 2015-03-09 12:19 - 00000000 ____D () C:\Users\****\Desktop\LicenseCrawler
2015-03-09 12:17 - 2015-03-09 12:17 - 01393511 _____ () C:\Users\****\Desktop\licensecrawler_1.43.732.zip
2015-03-04 22:27 - 2015-03-08 17:11 - 00000000 ____D () C:\Users\****\Desktop\Studienarbeit
2015-03-04 10:13 - 2015-03-04 10:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2015-03-04 10:13 - 2015-01-28 20:49 - 00112496 ____R (Cisco Systems, Inc.) C:\WINDOWS\system32\Drivers\acsock64.sys
2015-02-25 12:18 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 12:18 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-25 12:18 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-25 12:18 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-25 12:18 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-25 12:18 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-24 03:41 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-24 03:41 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-16 09:24 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-16 09:24 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-16 09:24 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-16 09:24 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-16 09:24 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-16 09:24 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-16 09:24 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-16 09:24 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-16 09:24 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-16 09:24 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-16 09:24 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-16 09:24 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-16 09:24 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-16 09:24 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-16 09:24 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-16 09:24 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-16 09:24 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-16 09:24 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-16 09:24 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-16 09:24 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-16 09:24 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-16 09:24 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-16 09:24 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-16 09:24 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-16 09:24 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-16 09:24 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-16 09:24 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-16 09:23 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-16 09:23 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-16 09:23 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-16 09:23 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-16 09:23 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-16 09:23 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-16 09:23 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-16 09:23 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-16 09:23 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-16 09:23 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-16 09:23 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-16 09:23 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-16 09:23 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-16 09:23 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-16 09:23 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-16 09:23 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-16 09:23 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-16 09:23 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-16 09:23 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-16 09:23 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-16 09:23 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-16 09:23 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-16 09:23 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-16 09:23 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-16 09:23 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-16 09:23 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-16 09:23 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-16 09:23 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-16 09:23 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-16 09:23 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-16 09:23 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-16 09:23 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-16 09:23 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-16 09:23 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-16 09:23 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-16 09:23 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-16 09:23 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-16 09:23 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-10 01:01 - 2013-03-20 13:23 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-10 01:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-10 01:00 - 2012-02-24 03:29 - 00001148 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-10 00:56 - 2013-09-30 05:14 - 02072588 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-10 00:56 - 2013-09-30 04:56 - 00889374 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-10 00:56 - 2013-09-30 04:56 - 00205446 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-10 00:54 - 2013-11-06 11:51 - 00000000 ____D () C:\Users\****\AppData\Local\CrashDumps
2015-03-10 00:54 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-10 00:54 - 2012-12-02 23:43 - 00000000 ____D () C:\Users\****\AppData\Roaming\Skype
2015-03-10 00:53 - 2012-10-03 15:32 - 00000000 ___RD () C:\Users\****\Dropbox
2015-03-10 00:53 - 2012-10-03 15:30 - 00000000 ____D () C:\Users\****\AppData\Roaming\Dropbox
2015-03-10 00:52 - 2013-11-07 08:40 - 00000000 __RDO () C:\Users\****\SkyDrive
2015-03-10 00:52 - 2013-11-07 01:00 - 00000401 _____ () C:\Users\****\AppData\Roaming\sp_data.sys
2015-03-10 00:52 - 2012-02-24 03:29 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-10 00:51 - 2013-09-29 20:04 - 00220874 _____ () C:\WINDOWS\PFRO.log
2015-03-10 00:51 - 2013-08-22 15:46 - 00339813 _____ () C:\WINDOWS\setupact.log
2015-03-10 00:51 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-10 00:51 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-10 00:46 - 2012-10-03 16:18 - 00000000 ____D () C:\Users\****\Documents\Outlook-Dateien
2015-03-09 23:54 - 2013-11-07 04:23 - 01202574 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-09 23:54 - 2013-11-06 22:12 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2283723822-742349386-183045315-1001
2015-03-09 23:35 - 2014-02-15 05:49 - 00000000 ____D () C:\Users\****\AppData\Local\769A133B-0AED-452E-A98A-A2C94FEF5322.aplzod
2015-03-09 14:03 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-03-09 13:56 - 2012-12-15 13:27 - 00000000 __RHD () C:\ESD
2015-03-09 13:55 - 2012-10-16 00:46 - 00003994 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{579749A9-A7ED-4DBF-B3BE-1B7363949C56}
2015-03-09 13:53 - 2014-03-22 16:30 - 00000000 ____D () C:\Users\****\Documents\Citavi 4
2015-03-09 13:53 - 2013-11-07 04:18 - 00000000 ____D () C:\Users\****
2015-03-09 13:52 - 2012-10-17 17:52 - 00000000 ____D () C:\Users\****\Documents\Corps
2015-03-09 13:22 - 2012-10-03 16:20 - 00000000 ____D () C:\Users\****\Documents\Uni
2015-03-08 17:02 - 2013-11-06 22:08 - 01165312 ___SH () C:\Users\****\Desktop\Thumbs.db
2015-03-07 17:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-04 10:13 - 2013-11-24 16:20 - 00000000 ____D () C:\ProgramData\Cisco
2015-03-04 10:13 - 2013-11-06 23:43 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-03-04 10:12 - 2012-10-03 16:24 - 00000000 ____D () C:\Users\****\Desktop\Programme
2015-03-04 10:11 - 2014-12-04 20:56 - 00000000 ____D () C:\Users\****\Desktop\Schwerpunkt
2015-03-02 13:21 - 2012-10-03 16:19 - 00000000 ____D () C:\Users\****\AppData\Roaming\Swiss Academic Software
2015-02-25 13:18 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-21 00:48 - 2012-10-03 15:32 - 00001107 _____ () C:\Users\****\Desktop\Dropbox.lnk
2015-02-21 00:48 - 2012-10-03 15:31 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-20 11:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-20 10:10 - 2013-08-22 15:44 - 00479376 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-20 10:08 - 2012-10-03 15:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-20 10:08 - 2009-07-14 03:34 - 00000545 _____ () C:\WINDOWS\win.ini
2015-02-16 09:28 - 2013-07-25 10:43 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-16 09:24 - 2012-10-03 16:28 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-13 11:55 - 2012-02-24 03:29 - 00004120 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-13 11:55 - 2012-02-24 03:29 - 00003884 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2013-11-07 08:42 - 2013-11-07 08:42 - 0000021 _____ () C:\Users\****\AppData\Roaming\my_intel.sys
2013-11-07 01:00 - 2015-03-10 00:52 - 0000401 _____ () C:\Users\****\AppData\Roaming\sp_data.sys
2014-08-05 02:05 - 2014-08-05 02:05 - 0002203 _____ () C:\Users\****\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2013-11-07 01:36 - 2013-11-07 01:38 - 0037795 _____ () C:\Users\****\AppData\Local\WiDiSetupLog.20131107.013659.wdl
2012-02-24 03:42 - 2010-10-06 18:45 - 0131984 _____ () C:\ProgramData\FullRemove.exe
2012-10-05 14:19 - 2013-11-14 20:12 - 0003349 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjmrte2.dll
C:\Users\****\AppData\Local\Temp\Quarantine.exe
C:\Users\****\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-04 21:18

==================== End Of Log ============================
         

--- --- ---



JRT.txt

Code: Alles auswählenAufklappen

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 8.1 Pro x64
Ran by **** on 10.03.2015 at  0:55:40,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{74B5754B-6441-41FD-93F7-FD93D702156C}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{9A347B3E-2EBD-4058-A9D3-456CC1AE830B}
Successfully deleted: [Empty Folder] C:\Users\****\appdata\local\{A50460B5-DEB3-46DF-99DF-BE3A9B6B9DD2}



~~~ FireFox

Emptied folder: C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\hcof00pn.default\minidumps [34 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.03.2015 at  1:00:11,02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

mbam.txt

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 09.03.2015
Scan Time: 23:46:11
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.09.06
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: ****

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 480808
Time Elapsed: 7 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
         

AdwCleaner[S0].txt

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v4.112 - Bericht erstellt 10/03/2015 um 00:50:53
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-05.1 [Server]
# Betriebssystem : Windows 8.1 Pro  (x64)
# Benutzername : **** - ****
# Gestarted von : C:\Users\****\Desktop\AdwCleaner_4.112.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\Andrea\AppData\LocalLow\HPAppData
Ordner Gelöscht : C:\Users\****\AppData\LocalLow\HPAppData
Ordner Gelöscht : C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Ordner Gelöscht : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Datei Gelöscht : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
Datei Gelöscht : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{28684E8B-8FB1-4DE8-A201-BC65A5751191}
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.loc;*.lo

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v29.0.1 (de)

[hcof00pn.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1", "Ask.com");

-\\ Google Chrome v40.0.2214.115


*************************

AdwCleaner[R0].txt - [2542 Bytes] - [10/03/2015 00:47:46]
AdwCleaner[S0].txt - [2105 Bytes] - [10/03/2015 00:50:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2164  Bytes] ##########
         

ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte SecurityCheck und:

• Speichere es auf dem Desktop.
• Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
• Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Moin Moin, Danke erst einmal für deine Hilfe

Das Problem liegt allerdings immer noch vor.
Kopiere Datei auf den gerade erst formatierten USB-Stick und die Datei erscheint auf dem Stick zusammen mit seiner Verknüpfung sowie der Verknüpfung mit dem Namen "System Volume Informaton".

Liegt es vielleicht daran, dass der securitycheck nicht funktionierte??

die log.txt von ESET

Code: Alles auswählenAufklappen

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=baf9460723b20740a3877d778023e657
# engine=22845
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-10 11:08:59
# local_time=2015-03-11 12:08:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Norton 360'
# compatibility_mode=3598 16777213 100 100 2712 176691435 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 9447764 50910232 0 0
# scanned=234933
# found=0
# cleaned=0
# scan_time=2475
         

der Security Check sagte nur folgendes:

Code: Alles auswählenAufklappen

ATTFilter

 UNSUPPORTED OPERATING SYSTEM! ABORTED!
         

und hier der frische FRST


FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 03
Ran by **** (administrator) on **** on 11-03-2015 00:19:22
Running from C:\Users\****\Desktop\Virus
Loaded Profiles: **** (Available profiles: **** & Andrea & DefaultAppPool)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe
() C:\Windows\SysWOW64\DptfPolicyCriticalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Spotify Ltd) C:\Users\****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 7\MmReminderService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\SysWOW64\DptfPolicyLpmServiceHelper.exe [13824 2012-02-20] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2409272 2012-10-06] (Logitech, Inc.)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 7\MMReminderService.exe [37392 2007-05-17] (Mindjet)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-01-28] (Cisco Systems, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20587168 2013-11-18] (Skype Technologies S.A.)
HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Run: [Spotify Web Helper] => C:\Users\****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-17] (Spotify Ltd)
HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Run: [MerciJacquieMichel] => wscript.exe //B "C:\Users\JUSTUS~1\AppData\Local\Temp\MerciJacquieMichel.vbe" <===== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MerciJacquieMichel.vbe ()
Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2283723822-742349386-183045315-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-2283723822-742349386-183045315-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: CmjBrowserHelperObject Object -> {07A11D74-9D25-4fea-A833-8B0D76A5577A} -> C:\Program Files (x86)\Mindjet\MindManager 7\Mm7InternetExplorer.dll [2007-05-17] (Mindjet)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL [2014-07-23] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2012-10-06] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2283723822-742349386-183045315-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.188.1

FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\hcof00pn.default
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2283723822-742349386-183045315-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll [2013-03-12] (Amazon.com, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-10-05]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-03-10]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012-10-03]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-11-02]
FF HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10]
CHR Extension: (Logitech SetPoint) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2012-11-04]
CHR Extension: (iCloud Bookmarks) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2014-02-15]
CHR Extension: (Isoball 3) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj [2013-10-13]
CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Citavi Picker) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2014-04-01]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-05]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-11-02]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-05]
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - C:\Program Files (x86)\Citavi 4\Pickers\Chrome\ChromePicker.crx [2014-02-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [283296 2013-09-10] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\Windows\SysWOW64\DptfParticipantProcessorService.exe [18944 2012-02-20] ()
R2 DptfPolicyConfigTDPService; C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe [19968 2012-02-20] ()
R2 DptfPolicyCriticalService; C:\Windows\SysWOW64\DptfPolicyCriticalService.exe [19456 2012-02-20] ()
S2 DptfPolicyLpmService; C:\Windows\SysWOW64\DptfPolicyLpmService.exe [24576 2012-02-20] ()
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Users\****\AppData\Local\Temp\7zS6FC2\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-04-10] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2013-11-07] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-07] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2013-11-07] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-26] ()
S3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2012-07-14] (Windows (R) Win 7 DDK provider)
S3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [19104 2012-07-14] (ASUS)
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-16] (ASUS Corporation)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113664 2013-10-11] (ASIX Electronics Corp.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150309.001\BHDrvx64.sys [1622744 2015-02-03] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-08] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107288 2012-02-20] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42776 2012-02-20] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64792 2012-02-20] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96024 2012-02-20] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [220952 2012-02-20] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [357656 2012-02-20] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-15] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-15] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150308.003\IDSvia64.sys [669400 2015-02-13] (Symantec Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [26504 2012-04-10] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2013-11-07] (Microsoft Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150310.003\ENG64.SYS [129752 2015-01-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150310.003\EX64.SYS [2137304 2015-01-21] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1506000.020\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-05] (Symantec Corporation)
S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2015-01-28] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
U3 idsvc; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-10 23:22 - 2015-03-10 23:22 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-10 01:00 - 2015-03-10 01:00 - 00001120 _____ () C:\Users\****\Desktop\JRT.txt
2015-03-10 00:55 - 2015-03-10 00:55 - 01388333 _____ (Thisisu) C:\Users\****\Desktop\JRT.exe
2015-03-10 00:47 - 2015-03-10 00:50 - 00000000 ____D () C:\AdwCleaner
2015-03-09 23:38 - 2015-03-10 11:53 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-09 23:38 - 2015-03-09 23:38 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-09 23:38 - 2015-03-09 23:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-09 23:38 - 2015-03-09 23:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-09 23:38 - 2015-03-09 23:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-09 23:38 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-09 23:38 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-09 23:38 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-09 23:37 - 2015-03-09 23:37 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\****\Desktop\mbam-setup-2.0.4.1028.exe
2015-03-09 23:37 - 2015-03-09 23:37 - 02171392 _____ () C:\Users\****\Desktop\AdwCleaner_4.112.exe
2015-03-09 23:36 - 2015-03-09 23:36 - 00848856 _____ (Panda Security ) C:\Users\****\Desktop\USBVaccineSetup.exe
2015-03-09 23:36 - 2015-03-09 23:36 - 00003108 _____ () C:\WINDOWS\System32\Tasks\PandaUSBVaccine
2015-03-09 23:36 - 2015-03-09 23:36 - 00000000 ____D () C:\ProgramData\Panda Security
2015-03-09 23:36 - 2015-03-09 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2015-03-09 23:36 - 2015-03-09 23:36 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2015-03-09 13:56 - 2015-03-09 13:56 - 01483336 _____ (Microsoft Corporation) C:\Users\****\Desktop\mediacreationtool.exe
2015-03-09 12:31 - 2015-03-09 12:34 - 00000891 _____ () C:\Users\****\Desktop\Neues Textdokument.txt
2015-03-09 12:29 - 2015-03-09 12:29 - 00002530 _____ () C:\Users\****\Desktop\Lizenzen.txt
2015-03-09 12:28 - 2015-03-09 12:28 - 00380416 _____ () C:\Users\****\Desktop\s5ezzdql.exe
2015-03-09 12:25 - 2015-03-11 00:19 - 00000000 ____D () C:\FRST
2015-03-09 12:23 - 2015-03-11 00:19 - 00000000 ____D () C:\Users\****\Desktop\Virus
2015-03-09 12:23 - 2015-03-09 12:23 - 00000000 _____ () C:\Users\****\defogger_reenable
2015-03-09 12:20 - 2015-03-09 12:21 - 11587952 _____ (McAfee Inc) C:\Users\****\Desktop\stinger32.exe
2015-03-09 12:18 - 2015-03-09 12:19 - 00000000 ____D () C:\Users\****\Desktop\LicenseCrawler
2015-03-09 12:17 - 2015-03-09 12:17 - 01393511 _____ () C:\Users\****\Desktop\licensecrawler_1.43.732.zip
2015-03-04 22:27 - 2015-03-08 17:11 - 00000000 ____D () C:\Users\****\Desktop\Studienarbeit
2015-03-04 10:13 - 2015-03-04 10:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2015-03-04 10:13 - 2015-01-28 20:49 - 00112496 ____R (Cisco Systems, Inc.) C:\WINDOWS\system32\Drivers\acsock64.sys
2015-02-25 12:18 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 12:18 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-25 12:18 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-25 12:18 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-25 12:18 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-25 12:18 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-24 03:41 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-24 03:41 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-16 09:24 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-16 09:24 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-16 09:24 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-16 09:24 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-16 09:24 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-16 09:24 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-16 09:24 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-16 09:24 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-16 09:24 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-16 09:24 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-16 09:24 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-16 09:24 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-16 09:24 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-16 09:24 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-16 09:24 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-16 09:24 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-16 09:24 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-16 09:24 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-16 09:24 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-16 09:24 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-16 09:24 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-16 09:24 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-16 09:24 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-16 09:24 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-16 09:24 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-16 09:24 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-16 09:24 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-16 09:23 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-16 09:23 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-16 09:23 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-16 09:23 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-16 09:23 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-16 09:23 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-16 09:23 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-16 09:23 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-16 09:23 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-16 09:23 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-16 09:23 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-16 09:23 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-16 09:23 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-16 09:23 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-16 09:23 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-16 09:23 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-16 09:23 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-16 09:23 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-16 09:23 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-16 09:23 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-16 09:23 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-16 09:23 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-16 09:23 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-16 09:23 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-16 09:23 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-16 09:23 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-16 09:23 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-16 09:23 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-16 09:23 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-16 09:23 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-16 09:23 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-16 09:23 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-16 09:23 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-16 09:23 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-16 09:23 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-16 09:23 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-16 09:23 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-16 09:23 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-11 00:01 - 2013-03-20 13:23 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-11 00:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-11 00:00 - 2012-02-24 03:29 - 00001148 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-10 23:26 - 2013-11-07 04:23 - 01397932 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-10 23:22 - 2012-10-03 16:18 - 00000000 ____D () C:\Users\****\Documents\Outlook-Dateien
2015-03-10 23:21 - 2013-09-30 05:14 - 02072588 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-10 23:21 - 2013-09-30 04:56 - 00889374 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-10 23:21 - 2013-09-30 04:56 - 00205446 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-10 23:16 - 2013-08-22 15:46 - 00340608 _____ () C:\WINDOWS\setupact.log
2015-03-10 23:16 - 2012-10-16 00:46 - 00003994 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{579749A9-A7ED-4DBF-B3BE-1B7363949C56}
2015-03-10 23:12 - 2014-02-15 05:49 - 00000000 ____D () C:\Users\****\AppData\Local\769A133B-0AED-452E-A98A-A2C94FEF5322.aplzod
2015-03-10 12:00 - 2012-02-24 03:29 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-10 00:54 - 2013-11-06 11:51 - 00000000 ____D () C:\Users\****\AppData\Local\CrashDumps
2015-03-10 00:54 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-10 00:54 - 2012-12-02 23:43 - 00000000 ____D () C:\Users\****\AppData\Roaming\Skype
2015-03-10 00:53 - 2012-10-03 15:32 - 00000000 ___RD () C:\Users\****\Dropbox
2015-03-10 00:53 - 2012-10-03 15:30 - 00000000 ____D () C:\Users\****\AppData\Roaming\Dropbox
2015-03-10 00:52 - 2013-11-07 08:40 - 00000000 __RDO () C:\Users\****\SkyDrive
2015-03-10 00:52 - 2013-11-07 01:00 - 00000401 _____ () C:\Users\****\AppData\Roaming\sp_data.sys
2015-03-10 00:51 - 2013-09-29 20:04 - 00220874 _____ () C:\WINDOWS\PFRO.log
2015-03-10 00:51 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-10 00:51 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-09 23:54 - 2013-11-06 22:12 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2283723822-742349386-183045315-1001
2015-03-09 14:03 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-03-09 13:56 - 2012-12-15 13:27 - 00000000 __RHD () C:\ESD
2015-03-09 13:53 - 2014-03-22 16:30 - 00000000 ____D () C:\Users\****\Documents\Citavi 4
2015-03-09 13:53 - 2013-11-07 04:18 - 00000000 ____D () C:\Users\****
2015-03-09 13:52 - 2012-10-17 17:52 - 00000000 ____D () C:\Users\****\Documents\Corps
2015-03-09 13:22 - 2012-10-03 16:20 - 00000000 ____D () C:\Users\****\Documents\Uni
2015-03-08 17:02 - 2013-11-06 22:08 - 01165312 ___SH () C:\Users\****\Desktop\Thumbs.db
2015-03-07 17:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-04 10:13 - 2013-11-24 16:20 - 00000000 ____D () C:\ProgramData\Cisco
2015-03-04 10:13 - 2013-11-06 23:43 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-03-04 10:12 - 2012-10-03 16:24 - 00000000 ____D () C:\Users\****\Desktop\Programme
2015-03-04 10:11 - 2014-12-04 20:56 - 00000000 ____D () C:\Users\****\Desktop\Schwerpunkt
2015-03-02 13:21 - 2012-10-03 16:19 - 00000000 ____D () C:\Users\****\AppData\Roaming\Swiss Academic Software
2015-02-25 13:18 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-21 00:48 - 2012-10-03 15:32 - 00001107 _____ () C:\Users\****\Desktop\Dropbox.lnk
2015-02-21 00:48 - 2012-10-03 15:31 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-20 11:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-20 10:10 - 2013-08-22 15:44 - 00479376 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-20 10:08 - 2012-10-03 15:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-20 10:08 - 2009-07-14 03:34 - 00000545 _____ () C:\WINDOWS\win.ini
2015-02-16 09:28 - 2013-07-25 10:43 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-16 09:24 - 2012-10-03 16:28 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-13 11:55 - 2012-02-24 03:29 - 00004120 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-13 11:55 - 2012-02-24 03:29 - 00003884 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2013-11-07 08:42 - 2013-11-07 08:42 - 0000021 _____ () C:\Users\****\AppData\Roaming\my_intel.sys
2013-11-07 01:00 - 2015-03-10 00:52 - 0000401 _____ () C:\Users\****\AppData\Roaming\sp_data.sys
2014-08-05 02:05 - 2014-08-05 02:05 - 0002203 _____ () C:\Users\****\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2013-11-07 01:36 - 2013-11-07 01:38 - 0037795 _____ () C:\Users\****\AppData\Local\WiDiSetupLog.20131107.013659.wdl
2012-02-24 03:42 - 2010-10-06 18:45 - 0131984 _____ () C:\ProgramData\FullRemove.exe
2012-10-05 14:19 - 2013-11-14 20:12 - 0003349 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjmrte2.dll
C:\Users\****\AppData\Local\Temp\Quarantine.exe
C:\Users\****\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-10 11:08

==================== End Of Log ============================
         

--- --- ---

--- --- ---

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen

ATTFilter

HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Run: [MerciJacquieMichel] => wscript.exe //B "C:\Users\JUSTUS~1\AppData\Local\Temp\MerciJacquieMichel.vbe" <===== ATTENTION
C:\Users\JUSTUS~1\AppData\Local\Temp\MerciJacquieMichel.vbe
Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MerciJacquieMichel.vbe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

• Starte nun FRST erneut und klicke den Entfernen Button.
• Das Tool erstellt eine Fixlog.txt.
• Poste mir deren Inhalt.

Nochmal frisches FRST log bitte. Wenn sich dann keine neuen Dateien mehr erstellen entfernen wir noch die Verknüpfungen.

Moin, also während der Fix ausgeführt wurde, hat sich windows einmal runtergefahren und neu gestartet, ist das normal?

Hier der Fixlog.txt

Code: Alles auswählenAufklappen

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by **** at 2015-03-11 22:43:53 Run:1
Running from C:\Users\****\Desktop\Virus
Loaded Profiles: **** (Available profiles: **** & Andrea & DefaultAppPool)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Run: [MerciJacquieMichel] => wscript.exe //B "C:\Users\JUSTUS~1\AppData\Local\Temp\MerciJacquieMichel.vbe" <===== ATTENTION
C:\Users\JUSTUS~1\AppData\Local\Temp\MerciJacquieMichel.vbe
Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MerciJacquieMichel.vbe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Emptytemp:
*****************

HKU\S-1-5-21-2283723822-742349386-183045315-1001\Software\Microsoft\Windows\CurrentVersion\Run\\MerciJacquieMichel => value deleted successfully.
Could not move "C:\Users\JUSTUS~1\AppData\Local\Temp\MerciJacquieMichel.vbe" => Scheduled to move on reboot.
C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MerciJacquieMichel.vbe => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
EmptyTemp: => Removed 3.7 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-11 22:51:12)<=

C:\Users\JUSTUS~1\AppData\Local\Temp\MerciJacquieMichel.vbe => Is moved successfully.

==== End of Fixlog 22:51:12 ====
         

Als ich das FRST icon angelickt habe, ist der norton scanner sofort angesprungen und hat die Datei entfernt. Auch ein erneuter download brachte das selbe ergebnis.
Nun habe ich die frst64.exe aus dem Ordner "Alte Version FRST" gestartet, er hat sich automatisch das update geladen und nun kann ich dir hier die ergebnisse anzeigen.

FRST.txt

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by **** (administrator) on "****" on 11-03-2015 23:01:13
Running from C:\Users\****\Desktop\Virus\FRST-OlderVersion
Loaded Profiles: **** (Available profiles: **** & Andrea & DefaultAppPool)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\DptfParticipantProcessorService.exe
() C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\SysWOW64\DptfPolicyCriticalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Spotify Ltd) C:\Users\****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 7\MmReminderService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\SysWOW64\DptfPolicyLpmServiceHelper.exe [13824 2012-02-20] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2409272 2012-10-06] (Logitech, Inc.)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 7\MMReminderService.exe [37392 2007-05-17] (Mindjet)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-01-28] (Cisco Systems, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20587168 2013-11-18] (Skype Technologies S.A.)
HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Run: [Spotify Web Helper] => C:\Users\****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-17] (Spotify Ltd)
HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Run: [MerciJacquieMichel] => wscript.exe //B "C:\Users\JUSTUS~1\AppData\Local\Temp\MerciJacquieMichel.vbe" <===== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MerciJacquieMichel.vbe ()
Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2283723822-742349386-183045315-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-2283723822-742349386-183045315-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: CmjBrowserHelperObject Object -> {07A11D74-9D25-4fea-A833-8B0D76A5577A} -> C:\Program Files (x86)\Mindjet\MindManager 7\Mm7InternetExplorer.dll [2007-05-17] (Mindjet)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL [2014-07-23] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2012-10-06] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2283723822-742349386-183045315-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.188.1

FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\hcof00pn.default
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2283723822-742349386-183045315-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll [2013-03-12] (Amazon.com, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-10-05]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-03-11]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012-10-03]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-11-02]
FF HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10]
CHR Extension: (Logitech SetPoint) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2012-11-04]
CHR Extension: (iCloud Bookmarks) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2014-02-15]
CHR Extension: (Isoball 3) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj [2013-10-13]
CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Citavi Picker) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2014-04-01]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-05]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-11-02]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-05]
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - C:\Program Files (x86)\Citavi 4\Pickers\Chrome\ChromePicker.crx [2014-02-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [283296 2013-09-10] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\Windows\SysWOW64\DptfParticipantProcessorService.exe [18944 2012-02-20] ()
R2 DptfPolicyConfigTDPService; C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe [19968 2012-02-20] ()
R2 DptfPolicyCriticalService; C:\Windows\SysWOW64\DptfPolicyCriticalService.exe [19456 2012-02-20] ()
S2 DptfPolicyLpmService; C:\Windows\SysWOW64\DptfPolicyLpmService.exe [24576 2012-02-20] ()
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-04-10] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2013-11-07] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-07] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2013-11-07] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
S2 HPSLPSVC; C:\Users\JUSTUS~1\AppData\Local\Temp\7zS6FC2\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-26] ()
S3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2012-07-14] (Windows (R) Win 7 DDK provider)
S3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [19104 2012-07-14] (ASUS)
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-16] (ASUS Corporation)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113664 2013-10-11] (ASIX Electronics Corp.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150309.001\BHDrvx64.sys [1622744 2015-02-03] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-08] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-03-10] (Emsisoft GmbH)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107288 2012-02-20] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42776 2012-02-20] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64792 2012-02-20] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96024 2012-02-20] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [220952 2012-02-20] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [357656 2012-02-20] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-15] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-15] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150310.001\IDSvia64.sys [669400 2015-02-13] (Symantec Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [26504 2012-04-10] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2013-11-07] (Microsoft Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150310.040\ENG64.SYS [129752 2015-01-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150310.040\EX64.SYS [2137304 2015-01-21] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1506000.020\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-05] (Symantec Corporation)
S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2015-01-28] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
U3 idsvc; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-11 01:41 - 2015-03-11 01:41 - 00051944 _____ () C:\Users\****\Desktop\FRST.txt
2015-03-11 01:39 - 2015-03-11 01:39 - 00003192 _____ () C:\Users\****\Desktop\a2scan_150311-011001.txt
2015-03-11 01:05 - 2015-03-11 01:05 - 00000757 _____ () C:\Users\****\Desktop\Start Emsisoft Emergency Kit.lnk
2015-03-11 01:05 - 2015-03-11 01:05 - 00000000 ____D () C:\EEK
2015-03-11 00:22 - 2015-03-09 12:34 - 00000891 _____ () C:\Users\****\Desktop\Neues Textdokument - Kopie.txt
2015-03-10 01:00 - 2015-03-10 01:00 - 00001120 _____ () C:\Users\****\Desktop\JRT.txt
2015-03-10 00:55 - 2015-03-10 00:55 - 01388333 _____ (Thisisu) C:\Users\****\Desktop\JRT.exe
2015-03-10 00:47 - 2015-03-10 00:50 - 00000000 ____D () C:\AdwCleaner
2015-03-09 23:38 - 2015-03-11 22:51 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-09 23:38 - 2015-03-09 23:38 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-09 23:38 - 2015-03-09 23:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-09 23:38 - 2015-03-09 23:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-09 23:38 - 2015-03-09 23:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-09 23:38 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-09 23:38 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-09 23:38 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-09 23:37 - 2015-03-09 23:37 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\****\Desktop\mbam-setup-2.0.4.1028.exe
2015-03-09 23:37 - 2015-03-09 23:37 - 02171392 _____ () C:\Users\****\Desktop\AdwCleaner_4.112.exe
2015-03-09 23:36 - 2015-03-11 02:01 - 00003108 _____ () C:\WINDOWS\System32\Tasks\PandaUSBVaccine
2015-03-09 23:36 - 2015-03-11 02:01 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2015-03-09 23:36 - 2015-03-09 23:36 - 00848856 _____ (Panda Security ) C:\Users\****\Desktop\USBVaccineSetup.exe
2015-03-09 23:36 - 2015-03-09 23:36 - 00000000 ____D () C:\ProgramData\Panda Security
2015-03-09 23:36 - 2015-03-09 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2015-03-09 13:56 - 2015-03-09 13:56 - 01483336 _____ (Microsoft Corporation) C:\Users\****\Desktop\mediacreationtool.exe
2015-03-09 12:31 - 2015-03-09 12:34 - 00000891 _____ () C:\Users\****\Desktop\Neues Textdokument.txt
2015-03-09 12:29 - 2015-03-09 12:29 - 00002530 _____ () C:\Users\****\Desktop\Lizenzen.txt
2015-03-09 12:28 - 2015-03-09 12:28 - 00380416 _____ () C:\Users\****\Desktop\s5ezzdql.exe
2015-03-09 12:25 - 2015-03-11 23:01 - 00000000 ____D () C:\FRST
2015-03-09 12:23 - 2015-03-11 22:58 - 00000000 ____D () C:\Users\****\Desktop\Virus
2015-03-09 12:23 - 2015-03-09 12:23 - 00000000 _____ () C:\Users\****\defogger_reenable
2015-03-09 12:20 - 2015-03-09 12:21 - 11587952 _____ (McAfee Inc) C:\Users\****\Desktop\stinger32.exe
2015-03-09 12:18 - 2015-03-09 12:19 - 00000000 ____D () C:\Users\****\Desktop\LicenseCrawler
2015-03-09 12:17 - 2015-03-09 12:17 - 01393511 _____ () C:\Users\****\Desktop\licensecrawler_1.43.732.zip
2015-03-04 22:27 - 2015-03-08 17:11 - 00000000 ____D () C:\Users\****\Desktop\Studienarbeit
2015-03-04 10:13 - 2015-03-04 10:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2015-03-04 10:13 - 2015-01-28 20:49 - 00112496 ____R (Cisco Systems, Inc.) C:\WINDOWS\system32\Drivers\acsock64.sys
2015-02-25 12:18 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 12:18 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-25 12:18 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-25 12:18 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-25 12:18 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-25 12:18 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-24 03:41 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-24 03:41 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-16 09:24 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-16 09:24 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-16 09:24 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-16 09:24 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-16 09:24 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-16 09:24 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-16 09:24 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-16 09:24 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-16 09:24 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-16 09:24 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-16 09:24 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-16 09:24 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-16 09:24 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-16 09:24 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-16 09:24 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-16 09:24 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-16 09:24 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-16 09:24 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-16 09:24 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-16 09:24 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-16 09:24 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-16 09:24 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-16 09:24 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-16 09:24 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-16 09:24 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-16 09:24 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-16 09:24 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-16 09:23 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-16 09:23 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-16 09:23 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-16 09:23 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-16 09:23 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-16 09:23 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-16 09:23 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-16 09:23 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-16 09:23 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-16 09:23 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-16 09:23 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-16 09:23 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-16 09:23 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-16 09:23 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-16 09:23 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-16 09:23 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-16 09:23 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-16 09:23 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-16 09:23 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-16 09:23 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-16 09:23 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-16 09:23 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-16 09:23 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-16 09:23 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-16 09:23 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-16 09:23 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-16 09:23 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-16 09:23 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-16 09:23 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-16 09:23 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-16 09:23 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-16 09:23 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-16 09:23 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-16 09:23 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-16 09:23 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-16 09:23 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-16 09:23 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-16 09:23 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-11 23:01 - 2013-11-07 04:23 - 01905712 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-11 23:01 - 2013-03-20 13:23 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-11 23:01 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-11 23:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-11 23:00 - 2012-02-24 03:29 - 00001148 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-11 22:58 - 2013-09-30 05:14 - 02072588 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-11 22:58 - 2013-09-30 04:56 - 00889374 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-11 22:58 - 2013-09-30 04:56 - 00205446 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-11 22:56 - 2013-11-06 22:12 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2283723822-742349386-183045315-1001
2015-03-11 22:55 - 2012-10-03 15:32 - 00000000 ___RD () C:\Users\****\Dropbox
2015-03-11 22:55 - 2012-10-03 15:30 - 00000000 ____D () C:\Users\****\AppData\Roaming\Dropbox
2015-03-11 22:52 - 2013-11-07 01:00 - 00000401 _____ () C:\Users\****\AppData\Roaming\sp_data.sys
2015-03-11 22:52 - 2012-12-02 23:43 - 00000000 ____D () C:\Users\****\AppData\Roaming\Skype
2015-03-11 22:51 - 2013-11-07 08:40 - 00000000 __RDO () C:\Users\****\SkyDrive
2015-03-11 22:51 - 2012-02-24 03:29 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-11 22:50 - 2013-09-29 20:04 - 00225360 _____ () C:\WINDOWS\PFRO.log
2015-03-11 22:50 - 2013-08-22 15:46 - 00340762 _____ () C:\WINDOWS\setupact.log
2015-03-11 22:50 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-11 22:50 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-11 22:45 - 2012-10-03 16:18 - 00000000 ____D () C:\Users\****\Documents\Outlook-Dateien
2015-03-11 22:37 - 2012-10-03 15:32 - 00001107 _____ () C:\Users\****\Desktop\Dropbox.lnk
2015-03-11 22:37 - 2012-10-03 15:31 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-11 22:33 - 2014-02-15 05:49 - 00000000 ____D () C:\Users\****\AppData\Local\769A133B-0AED-452E-A98A-A2C94FEF5322.aplzod
2015-03-11 02:14 - 2012-10-03 16:50 - 00000000 ____D () C:\Users\****\AppData\Local\Apple Computer
2015-03-10 23:16 - 2012-10-16 00:46 - 00003994 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{579749A9-A7ED-4DBF-B3BE-1B7363949C56}
2015-03-10 00:54 - 2013-11-06 11:51 - 00000000 ____D () C:\Users\****\AppData\Local\CrashDumps
2015-03-10 00:54 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-09 14:03 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-03-09 13:56 - 2012-12-15 13:27 - 00000000 __RHD () C:\ESD
2015-03-09 13:53 - 2014-03-22 16:30 - 00000000 ____D () C:\Users\****\Documents\Citavi 4
2015-03-09 13:53 - 2013-11-07 04:18 - 00000000 ____D () C:\Users\****
2015-03-09 13:52 - 2012-10-17 17:52 - 00000000 ____D () C:\Users\****\Documents\Corps
2015-03-09 13:22 - 2012-10-03 16:20 - 00000000 ____D () C:\Users\****\Documents\Uni
2015-03-08 17:02 - 2013-11-06 22:08 - 01165312 ___SH () C:\Users\****\Desktop\Thumbs.db
2015-03-07 17:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-04 10:13 - 2013-11-24 16:20 - 00000000 ____D () C:\ProgramData\Cisco
2015-03-04 10:13 - 2013-11-06 23:43 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-03-04 10:12 - 2012-10-03 16:24 - 00000000 ____D () C:\Users\****\Desktop\Programme
2015-03-04 10:11 - 2014-12-04 20:56 - 00000000 ____D () C:\Users\****\Desktop\Schwerpunkt
2015-03-02 13:21 - 2012-10-03 16:19 - 00000000 ____D () C:\Users\****\AppData\Roaming\Swiss Academic Software
2015-02-20 11:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-20 10:10 - 2013-08-22 15:44 - 00479376 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-20 10:08 - 2012-10-03 15:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-20 10:08 - 2009-07-14 03:34 - 00000545 _____ () C:\WINDOWS\win.ini
2015-02-16 09:28 - 2013-07-25 10:43 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-16 09:24 - 2012-10-03 16:28 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-13 11:55 - 2012-02-24 03:29 - 00004120 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-13 11:55 - 2012-02-24 03:29 - 00003884 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2013-11-07 08:42 - 2013-11-07 08:42 - 0000021 _____ () C:\Users\****\AppData\Roaming\my_intel.sys
2013-11-07 01:00 - 2015-03-11 22:52 - 0000401 _____ () C:\Users\****\AppData\Roaming\sp_data.sys
2014-08-05 02:05 - 2014-08-05 02:05 - 0002203 _____ () C:\Users\****\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2013-11-07 01:36 - 2013-11-07 01:38 - 0037795 _____ () C:\Users\****\AppData\Local\WiDiSetupLog.20131107.013659.wdl
2012-02-24 03:42 - 2010-10-06 18:45 - 0131984 _____ () C:\ProgramData\FullRemove.exe
2012-10-05 14:19 - 2013-11-14 20:12 - 0003349 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplz1cue.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-11 00:46

==================== End Of Log ============================
         

--- --- ---



Addition.txt

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by **** at 2015-03-11 23:02:00
Running from C:\Users\****\Desktop\Virus\FRST-OlderVersion
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Backtracker (HKLM-x32\...\{C15C060C-ED1C-49EB-83B3-F7C0FD1CD661}) (Version: 3.0.3 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.2 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.7 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)
ASUS PWR Option (HKLM-x32\...\{B7B60C4F-0DB8-42EF-8EDC-5F21D4C2D73F}) (Version: 1.2.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.1.3 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.4 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)
AX88772B Windows 7 Drivers (HKLM-x32\...\InstallShield_{54A168C9-2250-4058-80EB-1F4A4192548A}) (Version: 1.0.2.0 - ASIX Electronics Corporation)
AX88772B Windows 7 Drivers (x32 Version: 1.0.2.0 - ASIX Electronics Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C5300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.06079 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.06079 - Cisco Systems, Inc.) Hidden
Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.3.0.0 - Swiss Academic Software)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.3.0.15 - Swiss Academic Software)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
Dropbox (HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-2510 Series Printer Uninstall (HKLM\...\EPSON WF-2510 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C5300 All-In-One Driver Software 13.0 Rel. 4 (HKLM\...\{6FA29B87-FED3-45A1-8A95-2FDEE0F6DD18}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel(R) Dynamic Platform & Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.1.1067 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1024 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{BE7E45FA-7F97-4155-87CF-2DEA398995DA}) (Version: 4.2.21.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® AT Service signup (HKLM-x32\...\{CD49AEDB-FFB4-4A9A-A3C2-E9AF814FE6FE}) (Version: 2.0.0.3 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.550 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech SetPoint 6.50 (HKLM\...\sp6) (Version: 6.50.152 - Logitech)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mindjet MindManager Pro 7 (HKLM-x32\...\{3CDFEE23-66D2-4DB0-8269-12634E871725}) (Version: 7.0.429 - Mindjet LLC)
MOBackup - Datensicherung für Outlook (Vollversion) (HKLM-x32\...\MOBackup-DatensicherungfürOutlook) (Version: 7.0 - Heiko Schröder)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
myBitCast 1.0.0.3 (HKLM\...\myBitCast) (Version: 1.0.0.3 - ASUS Cloud Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
PDF-XChange 3 (HKLM-x32\...\PDF-XChange 3_is1) (Version:  - Tracker Software)
PS_AIO_04_C5300_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6809 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.16642 - TeamViewer)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - ASUS (ATP) Mouse  (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.31 - ASUS)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2283723822-742349386-183045315-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2283723822-742349386-183045315-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2283723822-742349386-183045315-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2283723822-742349386-183045315-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2283723822-742349386-183045315-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2283723822-742349386-183045315-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2283723822-742349386-183045315-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2283723822-742349386-183045315-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2283723822-742349386-183045315-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2283723822-742349386-183045315-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

20-02-2015 10:07:11 Windows Update
24-02-2015 12:18:15 Windows Update
04-03-2015 10:12:36 Installed Cisco AnyConnect Secure Mobility Client

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01C995FF-D178-4E7B-AC4A-9E950006A207} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {0824384A-6E02-4601-9650-D83C1EB8C205} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {0837D897-84CB-4E30-A8DD-807937A81DFC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {0B3022E3-1822-42D2-853B-060D9B16FE85} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.)
Task: {0F1FC558-90E6-41AA-8D37-4FBE69053762} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {118314BB-772D-4B9C-8430-8FFEE872FB3C} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-10-24] (ASUS)
Task: {11E2634C-A98E-419D-B2A1-26B51596D6E5} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [2015-03-11] ()
Task: {148318FC-5974-4508-A415-B3AFD16E5DDB} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {20716D4A-7F53-4BCC-A396-90A79DBC0493} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {29308477-8F7E-4D4F-92D5-F1534E61B6F5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {2A12FA94-AE78-4CE3-BCAB-CA6A4798002A} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {3C9616B2-742C-4820-AFAE-F3D2459E9677} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {3D966D87-5FE5-4FBC-8E90-DB0F48E454DB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {3E3E65EA-6693-4ACC-947D-206853F50D65} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {42145BE5-4059-431F-919A-1A381C5966DE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {480307B7-D62C-40B4-AC2B-958F633F286F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {56A5C30C-CC9F-40CE-8C9A-A4D7C1696920} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {6913925B-8807-4944-9DC4-D2106FAF17F0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {6FECF9BE-AED8-4627-80ED-91FF5361960F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {773492A6-4F08-4DAF-9C1B-778BC17ACAED} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {78588675-6CF3-4E50-B5B1-1EC34EAA2F6B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {7BE4EAA3-492B-441B-9E15-9F5319ECAAB3} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {7DDF9673-8D0B-4652-B795-1BEAD1206B65} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {81443F6F-8608-4F5F-9746-49BD355F1F44} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-01-16] (AsusTek)
Task: {8687A636-6CDE-4487-A3BA-E2518973B7CC} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2013-11-27] ()
Task: {8BBF993A-7ACF-4CD2-84BA-1E8BC24671C6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8BDDB50A-894A-44C8-8F18-AC996B599520} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.)
Task: {9FC31335-F46F-48D5-87F9-A1A2E33222C1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {AA921623-B84A-4EC8-A6DA-5D46323FC6D9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {AE1822A9-629F-44BA-9C16-D1B008EE3111} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {B7874F98-7A73-4D9D-B14B-1FEAB9D5BAB6} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2012-02-16] (ASUSTek Computer Inc.)
Task: {C0804079-4CDF-45AB-B431-AAA2FD56F1C8} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {C778374C-94FE-41B0-B705-5FC952201AC0} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {CC4FC069-845E-4644-BE5E-360DE6B864A3} - System32\Tasks\ASUS Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2012-06-29] (ASUSTeK Computer Inc.)
Task: {DD548504-31EE-43FF-A573-1E9BCB56DC76} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {DEE297C6-FCCB-4550-833A-ABA172AB4895} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-16] (Microsoft Corporation)
Task: {E959E007-A71C-4952-8EA8-22DE146D6227} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {EA49544F-8E18-47FB-85D3-2FD3C8A971D5} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [2015-03-11] ()
Task: {F0496437-71B1-4E96-9E9C-3BC2F52CDE46} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F3BBF756-D937-4E6C-84DA-87C055AF2E05} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {F4B55B2F-BFE3-478B-A5C0-97DDC4A506EF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FACB8164-0888-403B-B4E6-7F59329EA90F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {FBC8485F-A585-489F-8E2C-C65FEABC1BEF} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FCAB4EAD-2FA5-48CB-88C3-AEAED4EF25CD} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {FFEE4F98-789F-4BC5-9EBF-91D4AC658C46} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-01-26 17:51 - 2012-09-18 15:27 - 00192512 _____ () C:\WINDOWS\System32\zlhp1020.dll
2013-01-26 17:51 - 2012-09-18 15:27 - 00065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\pphp1020.dll
2012-07-30 03:50 - 2012-02-20 04:31 - 00018944 _____ () C:\WINDOWS\SysWOW64\DptfParticipantProcessorService.exe
2012-07-30 03:50 - 2012-02-20 04:31 - 00019968 _____ () C:\WINDOWS\SysWOW64\DptfPolicyConfigTDPService.exe
2012-07-30 03:50 - 2012-02-20 04:31 - 00019456 _____ () C:\WINDOWS\SysWOW64\DptfPolicyCriticalService.exe
2012-08-24 17:26 - 2012-08-24 17:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-11-26 23:46 - 2014-11-26 23:46 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2012-10-06 09:15 - 2012-10-06 09:15 - 01976632 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2012-10-06 09:14 - 2012-10-06 09:14 - 00071992 _____ () C:\Program Files\Logitech\SetPointP\WinRTProxy.DLL
2015-01-28 21:08 - 2015-01-28 21:08 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-31 17:25 - 2012-01-31 17:25 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2012-08-24 17:17 - 2012-08-24 17:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00750080 _____ () C:\Users\****\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-11 22:52 - 2015-03-11 22:52 - 00043008 _____ () c:\Users\****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplz1cue.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00047616 _____ () C:\Users\****\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00865280 _____ () C:\Users\****\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:07 - 2015-03-04 23:07 - 00200704 _____ () C:\Users\****\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2007-05-17 23:05 - 2007-05-17 23:05 - 00116240 ____R () C:\Program Files (x86)\Mindjet\MindManager 7\zlib.dll
2015-02-24 15:02 - 2015-02-17 23:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-24 15:02 - 2015-02-17 23:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-24 15:02 - 2015-02-17 23:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
2012-09-08 22:57 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-02-24 15:02 - 2015-02-17 23:44 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\****\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\****\Documents\duschkabine.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\****\Documents\duschkabine.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\****\Documents\duschkabine2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\****\Documents\duschkabine2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2283723822-742349386-183045315-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\asus\wallpapers\asus.jpg
DNS Servers: 192.168.188.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2283723822-742349386-183045315-500 - Administrator - Disabled)
Andrea (S-1-5-21-2283723822-742349386-183045315-1007 - Limited - Enabled) => C:\Users\Andrea
Gast (S-1-5-21-2283723822-742349386-183045315-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2283723822-742349386-183045315-1006 - Limited - Enabled)
**** (S-1-5-21-2283723822-742349386-183045315-1001 - Administrator - Enabled) => C:\Users\****

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/11/2015 10:54:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm notepad.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 11ac

Startzeit: 01d05c4591c66ba3

Endzeit: 8

Anwendungspfad: C:\WINDOWS\system32\notepad.exe

Berichts-ID: 1bd3ae99-c839-11e4-bec7-85a08d3aaed6

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/11/2015 10:52:00 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.

Error: (03/11/2015 10:52:00 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  CreateFileMapping() failed.Last error = [0x00000005]

Error: (03/11/2015 10:50:31 PM) (Source: DptfPolicyCriticalService) (EventID: 1) (User: )
Description: DptfPolicyCriticalServiceServiceMainThread:  NotifyServiceStatusRunning() failed.

Error: (03/11/2015 10:50:31 PM) (Source: DptfPolicyCriticalService) (EventID: 1) (User: )
Description: DptfPolicyCriticalServiceNotifyServiceStatusRunning:  DeviceIoControl() failed.Last error = [0x00000001]

Error: (03/11/2015 10:31:20 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.

Error: (03/11/2015 10:31:20 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  CreateFileMapping() failed.Last error = [0x00000005]

Error: (03/11/2015 00:57:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1047

Error: (03/11/2015 00:57:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1047

Error: (03/11/2015 00:57:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (03/11/2015 11:02:43 PM) (Source: DCOM) (EventID: 10028) (User: JUSTUSHOFFMANN)
Description: localglcaslhhtt    18e0C:\Windows\System32\wscript.exe

Error: (03/11/2015 11:02:12 PM) (Source: DCOM) (EventID: 10028) (User: JUSTUSHOFFMANN)
Description: localglcaslhhtt    18e0C:\Windows\System32\wscript.exe

Error: (03/11/2015 11:01:41 PM) (Source: DCOM) (EventID: 10028) (User: JUSTUSHOFFMANN)
Description: localglcaslhhtt    18e0C:\Windows\System32\wscript.exe

Error: (03/11/2015 11:01:10 PM) (Source: DCOM) (EventID: 10028) (User: JUSTUSHOFFMANN)
Description: localglcaslhhtt    18e0C:\Windows\System32\wscript.exe

Error: (03/11/2015 11:00:39 PM) (Source: DCOM) (EventID: 10028) (User: JUSTUSHOFFMANN)
Description: localglcaslhhtt    18e0C:\Windows\System32\wscript.exe

Error: (03/11/2015 11:00:08 PM) (Source: DCOM) (EventID: 10028) (User: JUSTUSHOFFMANN)
Description: localglcaslhhtt    18e0C:\Windows\System32\wscript.exe

Error: (03/11/2015 10:59:37 PM) (Source: DCOM) (EventID: 10028) (User: JUSTUSHOFFMANN)
Description: localglcaslhhtt    18e0C:\Windows\System32\wscript.exe

Error: (03/11/2015 10:59:06 PM) (Source: DCOM) (EventID: 10028) (User: JUSTUSHOFFMANN)
Description: localglcaslhhtt    18e0C:\Windows\System32\wscript.exe

Error: (03/11/2015 10:58:35 PM) (Source: DCOM) (EventID: 10028) (User: JUSTUSHOFFMANN)
Description: localglcaslhhtt    18e0C:\Windows\System32\wscript.exe

Error: (03/11/2015 10:58:04 PM) (Source: DCOM) (EventID: 10028) (User: JUSTUSHOFFMANN)
Description: localglcaslhhtt    18e0C:\Windows\System32\wscript.exe


Microsoft Office Sessions:
=========================
Error: (03/11/2015 10:54:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: notepad.exe6.3.9600.1638411ac01d05c4591c66ba38C:\WINDOWS\system32\notepad.exe1bd3ae99-c839-11e4-bec7-85a08d3aaed6

Error: (03/11/2015 10:52:00 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.

Error: (03/11/2015 10:52:00 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  CreateFileMapping() failed.Last error = [0x00000005]

Error: (03/11/2015 10:50:31 PM) (Source: DptfPolicyCriticalService) (EventID: 1) (User: )
Description: DptfPolicyCriticalServiceServiceMainThread:  NotifyServiceStatusRunning() failed.

Error: (03/11/2015 10:50:31 PM) (Source: DptfPolicyCriticalService) (EventID: 1) (User: )
Description: DptfPolicyCriticalServiceNotifyServiceStatusRunning:  DeviceIoControl() failed.Last error = [0x00000001]

Error: (03/11/2015 10:31:20 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.

Error: (03/11/2015 10:31:20 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  CreateFileMapping() failed.Last error = [0x00000005]

Error: (03/11/2015 00:57:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1047

Error: (03/11/2015 00:57:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1047

Error: (03/11/2015 00:57:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2015-02-20 10:27:13.246
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-02-20 10:27:13.139
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-02-20 10:27:13.059
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-02-20 10:27:12.854
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-02-20 10:27:12.781
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-02-20 10:27:12.701
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-02-20 10:27:10.041
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-02-20 10:27:09.326
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-02-20 10:23:01.423
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-02-20 10:23:01.301
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 67%
Total physical RAM: 3981.72 MB
Available physical RAM: 1288.67 MB
Total Pagefile: 8077.72 MB
Available Pagefile: 5081.51 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:102.2 GB) (Free:22.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:121.61 GB) (Free:117.4 GB) NTFS
Drive e: () (Removable) (Total:1.78 GB) (Free:1.76 GB) FAT
Drive f: () (Removable) (Total:0.25 GB) (Free:0.23 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: C14CBD8D)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 251.9 MB) (Disk ID: 0018DBB5)
Partition 1: (Active) - (Size=252 MB) - (Type=06)

========================================================
Disk: 2 (Size: 1.8 GB) (Disk ID: 342749BA)
Partition 1: (Not Active) - (Size=1.8 GB) - (Type=06)

==================== End Of Log ============================
         

Das Problem gibt es leider immer noch.
Soll ich das ganze Prozedere, also von deinem ersten Beitrag an, nochmal machen, nur zur Sicherheit, dass ich nichts falsch gemacht habe???

Danke dir!

Nee, die Datei ist nur hartnäckig. Da gehen wir von aussen ran:


Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

• Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit
• Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
• Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

• Starte den Rechner neu.
• Während dem Hochfahren drücke mehrmals die F8 Taste
• Wähle nun Computer reparieren.
• Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

• Lege die Windows CD in dein Laufwerk.
• Starte den Rechner neu und starte von der CD.
• Wähle die Spracheinstellungen und klicke "Weiter".
• Klicke auf Computerreparaturoptionen !
• Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

• Gib nun bitte notepad ein und drücke Enter.
• Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
  Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
• Schließe Notepad wieder
• Gib nun bitte folgenden Befehl ein.
  e:\frst.exe bzw. e:\frst64.exe
  Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
• Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

Moin, bin bei meinem Win8.1 wie beschrieben vorgegangen.
Hier das FRST Logfile.
Als ich dieses vom Stick geöffnet habe, hat dieser sich natürlich auch wieder infiziert mit dem Murks. Habe nicht bedacht diesen Post von einem anderen Rechner aus zu tätigen.

Hier aber FRST.txt


FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by SYSTEM on MININT-2SU0EUL on 12-03-2015 15:48:39
Running from F:\
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\SysWOW64\DptfPolicyLpmServiceHelper.exe [13824 2012-02-20] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2409272 2012-10-06] (Logitech, Inc.)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 7\MMReminderService.exe [37392 2007-05-17] (Mindjet)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-01-28] (Cisco Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\Justus Hoffmann\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\Justus Hoffmann\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20587168 2013-11-18] (Skype Technologies S.A.)
HKU\Justus Hoffmann\...\Run: [Spotify Web Helper] => C:\Users\Justus Hoffmann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-17] (Spotify Ltd)
HKU\Justus Hoffmann\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\Justus Hoffmann\...\Run: [MerciJacquieMichel] => wscript.exe //B "C:\Users\JUSTUS~1\AppData\Local\Temp\MerciJacquieMichel.vbe" <===== ATTENTION
Startup: C:\Users\Justus Hoffmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Justus Hoffmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MerciJacquieMichel.vbe ()
Startup: C:\Users\Justus Hoffmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
S2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [283296 2013-09-10] (Intel Corporation)
S2 DptfParticipantProcessorService; C:\Windows\SysWOW64\DptfParticipantProcessorService.exe [18944 2012-02-20] ()
S2 DptfPolicyConfigTDPService; C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe [19968 2012-02-20] ()
S2 DptfPolicyCriticalService; C:\Windows\SysWOW64\DptfPolicyCriticalService.exe [19456 2012-02-20] ()
S2 DptfPolicyLpmService; C:\Windows\SysWOW64\DptfPolicyLpmService.exe [24576 2012-02-20] ()
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
S2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-04-10] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2013-11-07] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-07] (Microsoft Corporation)
S2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2013-11-07] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
S2 HPSLPSVC; C:\Users\JUSTUS~1\AppData\Local\Temp\7zS6FC2\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-26] ()
S3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2012-07-14] (Windows (R) Win 7 DDK provider)
S3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [19104 2012-07-14] (ASUS)
S1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-16] (ASUS Corporation)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113664 2013-10-11] (ASIX Electronics Corp.)
S1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150309.001\BHDrvx64.sys [1622744 2015-02-03] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-08] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-03-10] (Emsisoft GmbH)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107288 2012-02-20] (Intel Corporation)
S3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42776 2012-02-20] (Intel Corporation)
S3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64792 2012-02-20] (Intel Corporation)
S3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96024 2012-02-20] (Intel Corporation)
S3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [220952 2012-02-20] (Intel Corporation)
S3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [357656 2012-02-20] (Intel Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-15] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-15] (Symantec Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150311.001\IDSvia64.sys [669400 2015-02-13] (Symantec Corporation)
S3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [26504 2012-04-10] (Intel Corporation)
S3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2013-11-07] (Microsoft Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150311.020\ENG64.SYS [129752 2015-01-21] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150311.020\EX64.SYS [2137304 2015-01-21] (Symantec Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
S3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1506000.020\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-05] (Symantec Corporation)
S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-10] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2015-01-28] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 idsvc; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 08:08 - 2015-03-12 08:17 - 00000000 ____D () C:\UsbFix
2015-03-12 08:08 - 2015-03-12 08:08 - 00001458 _____ () C:\Users\Justus Hoffmann\Desktop\UsbFix.lnk
2015-03-11 01:41 - 2015-03-11 01:41 - 00051944 _____ () C:\Users\Justus Hoffmann\Desktop\FRST.txt
2015-03-11 01:39 - 2015-03-11 01:39 - 00003192 _____ () C:\Users\Justus Hoffmann\Desktop\a2scan_150311-011001.txt
2015-03-11 01:05 - 2015-03-11 01:05 - 00000757 _____ () C:\Users\Justus Hoffmann\Desktop\Start Emsisoft Emergency Kit.lnk
2015-03-11 01:05 - 2015-03-11 01:05 - 00000000 ____D () C:\EEK
2015-03-11 00:22 - 2015-03-09 12:34 - 00000891 _____ () C:\Users\Justus Hoffmann\Desktop\Neues Textdokument - Kopie.txt
2015-03-10 01:00 - 2015-03-10 01:00 - 00001120 _____ () C:\Users\Justus Hoffmann\Desktop\JRT.txt
2015-03-10 00:55 - 2015-03-10 00:55 - 01388333 _____ (Thisisu) C:\Users\Justus Hoffmann\Desktop\JRT.exe
2015-03-10 00:47 - 2015-03-12 00:09 - 00000000 ____D () C:\AdwCleaner
2015-03-09 23:38 - 2015-03-12 14:41 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-03-09 23:38 - 2015-03-09 23:38 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-09 23:38 - 2015-03-09 23:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-09 23:38 - 2015-03-09 23:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-09 23:38 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-03-09 23:38 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2015-03-09 23:38 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2015-03-09 23:37 - 2015-03-09 23:37 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Justus Hoffmann\Desktop\mbam-setup-2.0.4.1028.exe
2015-03-09 23:37 - 2015-03-09 23:37 - 02171392 _____ () C:\Users\Justus Hoffmann\Desktop\AdwCleaner_4.112.exe
2015-03-09 23:36 - 2015-03-11 02:01 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2015-03-09 23:36 - 2015-03-11 02:01 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2015-03-09 23:36 - 2015-03-09 23:36 - 00848856 _____ (Panda Security ) C:\Users\Justus Hoffmann\Desktop\USBVaccineSetup.exe
2015-03-09 23:36 - 2015-03-09 23:36 - 00000000 ____D () C:\ProgramData\Panda Security
2015-03-09 13:56 - 2015-03-09 13:56 - 01483336 _____ (Microsoft Corporation) C:\Users\Justus Hoffmann\Desktop\mediacreationtool.exe
2015-03-09 12:31 - 2015-03-09 12:34 - 00000891 _____ () C:\Users\Justus Hoffmann\Desktop\Neues Textdokument.txt
2015-03-09 12:29 - 2015-03-09 12:29 - 00002530 _____ () C:\Users\Justus Hoffmann\Desktop\Lizenzen.txt
2015-03-09 12:28 - 2015-03-09 12:28 - 00380416 _____ () C:\Users\Justus Hoffmann\Desktop\s5ezzdql.exe
2015-03-09 12:25 - 2015-03-12 09:38 - 00000000 ____D () C:\FRST
2015-03-09 12:23 - 2015-03-12 14:42 - 00000000 ____D () C:\Users\Justus Hoffmann\Desktop\Virus
2015-03-09 12:23 - 2015-03-09 12:23 - 00000000 _____ () C:\Users\Justus Hoffmann\defogger_reenable
2015-03-09 12:20 - 2015-03-09 12:21 - 11587952 _____ (McAfee Inc) C:\Users\Justus Hoffmann\Desktop\stinger32.exe
2015-03-09 12:18 - 2015-03-09 12:19 - 00000000 ____D () C:\Users\Justus Hoffmann\Desktop\LicenseCrawler
2015-03-09 12:17 - 2015-03-09 12:17 - 01393511 _____ () C:\Users\Justus Hoffmann\Desktop\licensecrawler_1.43.732.zip
2015-03-04 22:27 - 2015-03-08 17:11 - 00000000 ____D () C:\Users\Justus Hoffmann\Desktop\Studienarbeit
2015-03-04 10:13 - 2015-01-28 20:49 - 00112496 ____R (Cisco Systems, Inc.) C:\Windows\System32\Drivers\acsock64.sys
2015-02-25 12:18 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 12:18 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\System32\locale.nls
2015-02-25 12:18 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Globalization.dll
2015-02-25 12:18 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\Windows\System32\GlobCollationHost.dll
2015-02-25 12:18 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-02-25 12:18 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-02-24 03:41 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-02-24 03:41 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-16 09:24 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2015-02-16 09:24 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2015-02-16 09:24 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\System32\certcli.dll
2015-02-16 09:24 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-16 09:24 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2015-02-16 09:24 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-16 09:24 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-02-16 09:24 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2015-02-16 09:24 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-16 09:24 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2015-02-16 09:24 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-16 09:24 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-16 09:24 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\System32\scesrv.dll
2015-02-16 09:24 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\System32\ApnDatabase.xml
2015-02-16 09:24 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2015-02-16 09:24 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2015-02-16 09:24 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-16 09:24 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-16 09:24 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2015-02-16 09:24 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2015-02-16 09:24 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2015-02-16 09:24 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2015-02-16 09:24 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-16 09:24 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-16 09:24 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-16 09:24 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-16 09:24 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-16 09:23 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\System32\sppobjs.dll
2015-02-16 09:23 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-02-16 09:23 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-02-16 09:23 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-02-16 09:23 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2015-02-16 09:23 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2015-02-16 09:23 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-16 09:23 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2015-02-16 09:23 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-16 09:23 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-02-16 09:23 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-16 09:23 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-16 09:23 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2015-02-16 09:23 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-16 09:23 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2015-02-16 09:23 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-02-16 09:23 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2015-02-16 09:23 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2015-02-16 09:23 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-02-16 09:23 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-16 09:23 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-02-16 09:23 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-16 09:23 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-16 09:23 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\System32\actxprxy.dll
2015-02-16 09:23 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-02-16 09:23 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-16 09:23 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-16 09:23 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-16 09:23 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-16 09:23 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-16 09:23 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-02-16 09:23 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2015-02-16 09:23 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-16 09:23 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-16 09:23 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-16 09:23 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-02-16 09:23 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2015-02-16 09:23 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 15:46 - 2013-08-22 15:46 - 00341788 _____ () C:\Windows\setupact.log
2015-03-12 15:46 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-12 15:43 - 2014-11-08 18:59 - 00000401 _____ () C:\Users\Andrea\AppData\Roaming\sp_data.sys
2015-03-12 15:43 - 2013-11-07 04:23 - 01661735 _____ () C:\Windows\WindowsUpdate.log
2015-03-12 15:43 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\System32\config\BBI
2015-03-12 15:43 - 2012-02-24 03:29 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-12 15:40 - 2012-10-03 16:18 - 00000000 ____D () C:\Users\Justus Hoffmann\Documents\Outlook-Dateien
2015-03-12 15:37 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\sru
2015-03-12 15:37 - 2012-12-02 23:43 - 00000000 ____D () C:\Users\Justus Hoffmann\AppData\Roaming\Skype
2015-03-12 14:42 - 2014-02-15 05:49 - 00000000 ____D () C:\Users\Justus Hoffmann\AppData\Local\769A133B-0AED-452E-A98A-A2C94FEF5322.aplzod
2015-03-12 14:07 - 2013-09-30 05:14 - 02072588 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-03-12 14:07 - 2013-09-30 04:56 - 00889374 _____ () C:\Windows\System32\perfh007.dat
2015-03-12 14:07 - 2013-09-30 04:56 - 00205446 _____ () C:\Windows\System32\perfc007.dat
2015-03-12 14:06 - 2013-11-07 08:40 - 00000000 __RDO () C:\Users\Justus Hoffmann\SkyDrive
2015-03-12 14:06 - 2013-11-07 01:00 - 00000401 _____ () C:\Users\Justus Hoffmann\AppData\Roaming\sp_data.sys
2015-03-12 14:06 - 2012-10-03 15:32 - 00000000 ___RD () C:\Users\Justus Hoffmann\Dropbox
2015-03-12 14:06 - 2012-10-03 15:30 - 00000000 ____D () C:\Users\Justus Hoffmann\AppData\Roaming\Dropbox
2015-03-12 10:01 - 2013-03-20 13:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-12 10:00 - 2012-02-24 03:29 - 00001148 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-12 09:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-03-12 09:38 - 2013-09-29 20:04 - 00225738 _____ () C:\Windows\PFRO.log
2015-03-12 08:07 - 2012-10-16 00:46 - 00003994 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{579749A9-A7ED-4DBF-B3BE-1B7363949C56}
2015-03-12 00:31 - 2013-11-06 22:12 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2283723822-742349386-183045315-1001
2015-03-11 23:03 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-11 22:37 - 2012-10-03 15:32 - 00001107 _____ () C:\Users\Justus Hoffmann\Desktop\Dropbox.lnk
2015-03-11 02:14 - 2012-10-03 16:50 - 00000000 ____D () C:\Users\Justus Hoffmann\AppData\Local\Apple Computer
2015-03-10 00:54 - 2013-11-06 11:51 - 00000000 ____D () C:\Users\Justus Hoffmann\AppData\Local\CrashDumps
2015-03-10 00:54 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\System32\config\ELAM
2015-03-09 14:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\FxsTmp
2015-03-09 13:56 - 2012-12-15 13:27 - 00000000 __RHD () C:\ESD
2015-03-09 13:53 - 2014-03-22 16:30 - 00000000 ____D () C:\Users\Justus Hoffmann\Documents\Citavi 4
2015-03-09 13:53 - 2013-11-07 04:18 - 00000000 ____D () C:\users\Justus Hoffmann
2015-03-09 13:52 - 2012-10-17 17:52 - 00000000 ____D () C:\Users\Justus Hoffmann\Documents\Corps
2015-03-09 13:22 - 2012-10-03 16:20 - 00000000 ____D () C:\Users\Justus Hoffmann\Documents\Uni
2015-03-08 17:02 - 2013-11-06 22:08 - 01165312 ___SH () C:\Users\Justus Hoffmann\Desktop\Thumbs.db
2015-03-04 10:13 - 2013-11-24 16:20 - 00000000 ____D () C:\ProgramData\Cisco
2015-03-04 10:13 - 2013-11-06 23:43 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-03-04 10:12 - 2012-10-03 16:24 - 00000000 ____D () C:\Users\Justus Hoffmann\Desktop\Programme
2015-03-04 10:11 - 2014-12-04 20:56 - 00000000 ____D () C:\Users\Justus Hoffmann\Desktop\Schwerpunkt
2015-03-02 13:21 - 2012-10-03 16:19 - 00000000 ____D () C:\Users\Justus Hoffmann\AppData\Roaming\Swiss Academic Software
2015-02-20 11:21 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-02-20 10:10 - 2013-08-22 15:44 - 00479376 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-02-20 10:08 - 2012-10-03 15:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-20 10:08 - 2009-07-14 03:34 - 00000545 _____ () C:\Windows\win.ini
2015-02-16 09:28 - 2013-07-25 10:43 - 00000000 ____D () C:\Windows\System32\MRT
2015-02-16 09:24 - 2012-10-03 16:28 - 116773704 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-02-13 11:55 - 2012-02-24 03:29 - 00004120 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-13 11:55 - 2012-02-24 03:29 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Justus Hoffmann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppmujbv.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2015-03-04 10:12:44
Restore point made on: 2015-03-12 00:17:52

==================== Memory info =========================== 

Percentage of memory in use: 18%
Total physical RAM: 3981.71 MB
Available physical RAM: 3238.2 MB
Total Pagefile: 3981.71 MB
Available Pagefile: 3259.61 MB
Total Virtual: 131072 MB
Available Virtual: 131071.87 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:102.2 GB) (Free:21.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:121.61 GB) (Free:117.4 GB) NTFS
Drive e: () (Removable) (Total:1.78 GB) (Free:1.76 GB) FAT
Drive f: () (Removable) (Total:0.12 GB) (Free:0.12 GB) FAT
Drive g: () (Fixed) (Total:0.34 GB) (Free:0.05 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: C14CBD8D)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 1.8 GB) (Disk ID: 342749BA)
Partition 1: (Not Active) - (Size=1.8 GB) - (Type=06)

========================================================
Disk: 2 (Size: 125 MB) (Disk ID: 11CE3EC4)
Partition 1: (Active) - (Size=125 MB) - (Type=06)


LastRegBack: 2015-03-12 09:48

==================== End Of Log ============================
         

--- --- ---


Gruß

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen

ATTFilter

S2 HPSLPSVC; C:\Users\JUSTUS~1\AppData\Local\Temp\7zS6FC2\hpslpsvc64.dll [X]
C:\Users\JUSTUS~1\AppData\Local\Temp\7zS6FC2
HKU\Justus Hoffmann\...\Run: [MerciJacquieMichel] => wscript.exe //B "C:\Users\JUSTUS~1\AppData\Local\Temp\MerciJacquieMichel.vbe" <===== ATTENTION
C:\Users\JUSTUS~1\AppData\Local\Temp\MerciJacquieMichel.vbe
Startup: C:\Users\Justus Hoffmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MerciJacquieMichel.vbe ()
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

• Starte deinen Rechner erneut in die Reparaturoptionen
• Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Jetzt bitte nochmal ein FRST log aus dem normalen Modus.

Moin Moin,
Also alles wie erklärt gemacht.

hier die fixlog.txt

Code: Alles auswählenAufklappen

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by SYSTEM at 2015-03-13 11:06:44 Run:3
Running from F:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
S2 HPSLPSVC; C:\Users\JUSTUS~1\AppData\Local\Temp\7zS6FC2\hpslpsvc64.dll [X]
C:\Users\JUSTUS~1\AppData\Local\Temp\7zS6FC2
HKU\Justus Hoffmann\...\Run: [MerciJacquieMichel] => wscript.exe //B "C:\Users\JUSTUS~1\AppData\Local\Temp\MerciJacquieMichel.vbe" <===== ATTENTION
C:\Users\JUSTUS~1\AppData\Local\Temp\MerciJacquieMichel.vbe
Startup: C:\Users\Justus Hoffmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MerciJacquieMichel.vbe ()
Emptytemp:
*****************

HPSLPSVC => Service deleted successfully.
"C:\Users\JUSTUS~1\AppData\Local\Temp\7zS6FC2" => File/Directory not found.
HKU\Justus Hoffmann\Software\Microsoft\Windows\CurrentVersion\Run\\MerciJacquieMichel => value deleted successfully.
C:\Users\JUSTUS~1\AppData\Local\Temp\MerciJacquieMichel.vbe => Moved successfully.
C:\Users\Justus Hoffmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MerciJacquieMichel.vbe => Moved successfully.
Emptytemp: => Error: This directive works only outside recovery mode.

==== End of Fixlog 11:06:46 ====
         

und hier aus dem normalen Modus:

Beim Ausführen der Frst64.exe ist jedoch mein Norton360 angesprungen und hat sie gelöscht. Ich habe für 15 min Norton ausgemacht, hier die FRST.txt

Er will es immer noch nicht posten, da zu lang. Hier also ein upload hxxp://speedy.sh/FhbK2/FRST.TXT

Heißt das der PC ist befreit? Könntest du mir dann auch noch helfen die USB-Sticks zu befreien?

Nochmal danke!

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

UNd ja, im Anschluss machen wir die Sticks

Okay dann in mehreren :-)....

FRST.txt

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Justus Hoffmann (administrator) on JUSTUSHOFFMANN on 13-03-2015 11:12:26
Running from C:\Users\Justus Hoffmann\Desktop\Virus\FRST-OlderVersion
Loaded Profiles: Justus Hoffmann (Available profiles: Justus Hoffmann & Andrea & DefaultAppPool)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\DptfParticipantProcessorService.exe
() C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\SysWOW64\DptfPolicyCriticalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\Justus Hoffmann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Dropbox, Inc.) C:\Users\Justus Hoffmann\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\APRP\aprp.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 7\MmReminderService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\SysWOW64\DptfPolicyLpmServiceHelper.exe [13824 2012-02-20] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2409272 2012-10-06] (Logitech, Inc.)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 7\MMReminderService.exe [37392 2007-05-17] (Mindjet)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-01-28] (Cisco Systems, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20587168 2013-11-18] (Skype Technologies S.A.)
HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Run: [Spotify Web Helper] => C:\Users\Justus Hoffmann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-17] (Spotify Ltd)
HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Justus Hoffmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Justus Hoffmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Justus Hoffmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus Hoffmann\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus Hoffmann\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus Hoffmann\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus Hoffmann\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus Hoffmann\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus Hoffmann\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus Hoffmann\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2283723822-742349386-183045315-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-2283723822-742349386-183045315-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: CmjBrowserHelperObject Object -> {07A11D74-9D25-4fea-A833-8B0D76A5577A} -> C:\Program Files (x86)\Mindjet\MindManager 7\Mm7InternetExplorer.dll [2007-05-17] (Mindjet)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL [2014-07-23] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2012-10-06] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2283723822-742349386-183045315-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.188.1

FireFox:
========
FF ProfilePath: C:\Users\Justus Hoffmann\AppData\Roaming\Mozilla\Firefox\Profiles\hcof00pn.default
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2283723822-742349386-183045315-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll [2013-03-12] (Amazon.com, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-10-05]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-03-12]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012-10-03]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-11-02]
FF HKU\S-1-5-21-2283723822-742349386-183045315-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Justus Hoffmann\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Justus Hoffmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10]
CHR Extension: (Logitech SetPoint) - C:\Users\Justus Hoffmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2012-11-04]
CHR Extension: (iCloud Bookmarks) - C:\Users\Justus Hoffmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2014-02-15]
CHR Extension: (Isoball 3) - C:\Users\Justus Hoffmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj [2013-10-13]
CHR Extension: (Google Wallet) - C:\Users\Justus Hoffmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Citavi Picker) - C:\Users\Justus Hoffmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2014-04-01]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-05]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-11-02]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-05]
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - C:\Program Files (x86)\Citavi 4\Pickers\Chrome\ChromePicker.crx [2014-02-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [283296 2013-09-10] (Intel Corporation)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 DptfParticipantProcessorService; C:\Windows\SysWOW64\DptfParticipantProcessorService.exe [18944 2012-02-20] ()
R2 DptfPolicyConfigTDPService; C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe [19968 2012-02-20] ()
R2 DptfPolicyCriticalService; C:\Windows\SysWOW64\DptfPolicyCriticalService.exe [19456 2012-02-20] ()
S2 DptfPolicyLpmService; C:\Windows\SysWOW64\DptfPolicyLpmService.exe [24576 2012-02-20] ()
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-04-10] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2013-11-07] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-07] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2013-11-07] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-26] ()
S3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2012-07-14] (Windows (R) Win 7 DDK provider)
S3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [19104 2012-07-14] (ASUS)
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-16] (ASUS Corporation)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113664 2013-10-11] (ASIX Electronics Corp.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150309.001\BHDrvx64.sys [1622744 2015-02-03] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-08] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-03-10] (Emsisoft GmbH)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107288 2012-02-20] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42776 2012-02-20] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64792 2012-02-20] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96024 2012-02-20] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [220952 2012-02-20] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [357656 2012-02-20] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-15] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-15] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150311.001\IDSvia64.sys [669400 2015-02-13] (Symantec Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [26504 2012-04-10] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2013-11-07] (Microsoft Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150311.020\ENG64.SYS [129752 2015-01-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150311.020\EX64.SYS [2137304 2015-01-21] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1506000.020\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-05] (Symantec Corporation)
S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2015-01-28] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
U3 idsvc; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-13 10:58 - 2015-03-13 10:58 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-03-12 08:08 - 2015-03-12 08:17 - 00000000 ____D () C:\UsbFix
2015-03-12 08:08 - 2015-03-12 08:08 - 00001458 _____ () C:\Users\Justus Hoffmann\Desktop\UsbFix.lnk
2015-03-11 23:53 - 2014-10-29 05:03 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-03-11 23:53 - 2014-10-29 04:59 - 03460472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2015-03-11 23:53 - 2014-10-29 04:59 - 00014144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\swenum.sys
2015-03-11 23:53 - 2014-10-29 03:45 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2015-03-11 23:53 - 2014-10-29 03:22 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2015-03-11 23:53 - 2014-10-29 03:19 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-03-11 23:53 - 2014-10-29 03:08 - 18822656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-03-11 23:53 - 2014-10-29 03:00 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2015-03-11 23:53 - 2014-10-29 02:45 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-03-11 23:53 - 2014-10-29 02:42 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2015-03-11 23:53 - 2014-10-29 02:33 - 15157760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-03-11 23:53 - 2014-10-29 02:17 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-03-11 23:53 - 2014-10-29 02:10 - 02344960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-03-11 23:53 - 2014-10-29 02:09 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-03-11 23:53 - 2014-10-29 02:02 - 14354944 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-03-11 23:53 - 2014-10-29 01:52 - 15432704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2015-03-11 23:53 - 2014-10-29 01:51 - 01554432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-03-11 23:53 - 2014-10-29 01:50 - 12749824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-03-11 23:53 - 2014-10-29 01:46 - 09530368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2015-03-11 23:53 - 2014-10-29 01:45 - 13318144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2015-03-11 23:52 - 2014-10-29 05:10 - 01816008 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2015-03-11 23:52 - 2014-10-29 05:00 - 02314952 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2015-03-11 23:52 - 2014-10-29 05:00 - 02229168 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2015-03-11 23:52 - 2014-10-29 04:59 - 02529856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-03-11 23:52 - 2014-10-29 04:59 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-03-11 23:52 - 2014-10-29 04:58 - 00014528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmkaud.sys
2015-03-11 23:52 - 2014-10-29 04:57 - 03138720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2015-03-11 23:52 - 2014-10-29 04:57 - 03118096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2015-03-11 23:52 - 2014-10-29 04:57 - 02745160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2015-03-11 23:52 - 2014-10-29 04:57 - 02450216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
2015-03-11 23:52 - 2014-10-29 04:57 - 01286048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2015-03-11 23:52 - 2014-10-29 04:55 - 02174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2015-03-11 23:52 - 2014-10-29 04:55 - 01660528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-03-11 23:52 - 2014-10-29 04:55 - 01543768 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2015-03-11 23:52 - 2014-10-29 04:52 - 02485056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-03-11 23:52 - 2014-10-29 04:52 - 02334080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-03-11 23:52 - 2014-10-29 04:52 - 01518504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-03-11 23:52 - 2014-10-29 04:52 - 01509688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-03-11 23:52 - 2014-10-29 04:52 - 01288096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2015-03-11 23:52 - 2014-10-29 04:52 - 01165744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-03-11 23:52 - 2014-10-29 04:52 - 01064720 _____ (Microsoft Corporation) C:\WINDOWS\system32\drmv2clt.dll
2015-03-11 23:52 - 2014-10-29 04:52 - 00952384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-03-11 23:52 - 2014-10-29 04:51 - 01310912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-03-11 23:52 - 2014-10-29 04:13 - 01901240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-03-11 23:52 - 2014-10-29 04:12 - 01946144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2015-03-11 23:52 - 2014-10-29 04:12 - 01907384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2015-03-11 23:52 - 2014-10-29 04:11 - 02689392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2015-03-11 23:52 - 2014-10-29 04:11 - 02528760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2015-03-11 23:52 - 2014-10-29 04:11 - 02447104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
2015-03-11 23:52 - 2014-10-29 04:11 - 01024200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2015-03-11 23:52 - 2014-10-29 04:10 - 01564464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2015-03-11 23:52 - 2014-10-29 04:10 - 01209624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-03-11 23:52 - 2014-10-29 04:07 - 02324208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-03-11 23:52 - 2014-10-29 04:07 - 01321192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-03-11 23:52 - 2014-10-29 04:07 - 01115104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2015-03-11 23:52 - 2014-10-29 04:07 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-03-11 23:52 - 2014-10-29 03:59 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-03-11 23:52 - 2014-10-29 03:29 - 04483072 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2015-03-11 23:52 - 2014-10-29 03:28 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpssvcs.dll
2015-03-11 23:52 - 2014-10-29 03:25 - 00785920 _____ (Microsoft Corporation) C:\WINDOWS\system32\blackbox.dll
2015-03-11 23:52 - 2014-10-29 03:24 - 04418560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-03-11 23:52 - 2014-10-29 03:17 - 02003456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2015-03-11 23:52 - 2014-10-29 03:10 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-03-11 23:52 - 2014-10-29 03:08 - 01540096 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagperf.dll
2015-03-11 23:52 - 2014-10-29 03:00 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-03-11 23:52 - 2014-10-29 02:57 - 02924032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcndmgr.dll
2015-03-11 23:52 - 2014-10-29 02:56 - 03754496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2015-03-11 23:52 - 2014-10-29 02:55 - 01697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2015-03-11 23:52 - 2014-10-29 02:51 - 00941056 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2015-03-11 23:52 - 2014-10-29 02:47 - 02072064 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2015-03-11 23:52 - 2014-10-29 02:45 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinput.exe
2015-03-11 23:52 - 2014-10-29 02:44 - 02984448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-03-11 23:52 - 2014-10-29 02:43 - 07075328 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2015-03-11 23:52 - 2014-10-29 02:42 - 01999872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-03-11 23:52 - 2014-10-29 02:40 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2015-03-11 23:52 - 2014-10-29 02:39 - 02896384 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-03-11 23:52 - 2014-10-29 02:38 - 04690432 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2015-03-11 23:52 - 2014-10-29 02:35 - 04709888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2015-03-11 23:52 - 2014-10-29 02:35 - 03256320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2015-03-11 23:52 - 2014-10-29 02:31 - 02941952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2015-03-11 23:52 - 2014-10-29 02:28 - 03820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2015-03-11 23:52 - 2014-10-29 02:26 - 03561984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2015-03-11 23:52 - 2014-10-29 02:24 - 02464768 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2015-03-11 23:52 - 2014-10-29 02:24 - 02364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcndmgr.dll
2015-03-11 23:52 - 2014-10-29 02:23 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2015-03-11 23:52 - 2014-10-29 02:22 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-03-11 23:52 - 2014-10-29 02:22 - 02410496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2015-03-11 23:52 - 2014-10-29 02:22 - 01084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-03-11 23:52 - 2014-10-29 02:22 - 00945152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistCacheProvider.dll
2015-03-11 23:52 - 2014-10-29 02:21 - 01250816 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-03-11 23:52 - 2014-10-29 02:21 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-03-11 23:52 - 2014-10-29 02:18 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-03-11 23:52 - 2014-10-29 02:17 - 01360896 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2015-03-11 23:52 - 2014-10-29 02:16 - 05267968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2015-03-11 23:52 - 2014-10-29 02:14 - 03553280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2015-03-11 23:52 - 2014-10-29 02:12 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-03-11 23:52 - 2014-10-29 02:11 - 01639424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-03-11 23:52 - 2014-10-29 02:10 - 02469888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2015-03-11 23:52 - 2014-10-29 02:08 - 02608640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2015-03-11 23:52 - 2014-10-29 02:08 - 02542080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-03-11 23:52 - 2014-10-29 02:08 - 02174976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2015-03-11 23:52 - 2014-10-29 02:08 - 01822720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2015-03-11 23:52 - 2014-10-29 02:08 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-03-11 23:52 - 2014-10-29 02:05 - 03273216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2015-03-11 23:52 - 2014-10-29 02:03 - 04067840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2015-03-11 23:52 - 2014-10-29 02:03 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2015-03-11 23:52 - 2014-10-29 02:03 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2015-03-11 23:52 - 2014-10-29 02:00 - 01705984 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-03-11 23:52 - 2014-10-29 01:59 - 02252800 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll
2015-03-11 23:52 - 2014-10-29 01:59 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-03-11 23:52 - 2014-10-29 01:58 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-03-11 23:52 - 2014-10-29 01:57 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-03-11 23:52 - 2014-10-29 01:56 - 01337344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-03-11 23:52 - 2014-10-29 01:56 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-03-11 23:52 - 2014-10-29 01:54 - 07784960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-03-11 23:52 - 2014-10-29 01:54 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-03-11 23:52 - 2014-10-29 01:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-03-11 23:52 - 2014-10-29 01:52 - 02554880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-03-11 23:52 - 2014-10-29 01:52 - 02170368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2015-03-11 23:52 - 2014-10-29 01:52 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-03-11 23:52 - 2014-10-29 01:52 - 01461248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dui70.dll
2015-03-11 23:52 - 2014-10-29 01:52 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2015-03-11 23:52 - 2014-10-29 01:52 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-03-11 23:52 - 2014-10-29 01:50 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2015-03-11 23:52 - 2014-10-29 01:50 - 01482752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2015-03-11 23:52 - 2014-10-29 01:48 - 03056128 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2015-03-11 23:52 - 2014-10-29 01:47 - 02090496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-03-11 23:52 - 2014-10-29 01:46 - 01919488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2015-03-11 23:52 - 2014-10-29 01:46 - 01348096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-03-11 23:52 - 2014-10-29 01:46 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-03-11 23:52 - 2014-10-29 01:46 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-03-11 23:52 - 2014-10-29 01:45 - 01725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-03-11 23:52 - 2014-10-29 01:43 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-03-11 23:52 - 2014-10-29 01:43 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-03-11 23:52 - 2014-10-29 01:43 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-03-11 23:52 - 2014-10-29 01:42 - 01922560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-03-11 23:52 - 2014-10-29 01:42 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-03-11 23:52 - 2014-10-29 01:41 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2015-03-11 23:52 - 2014-10-29 01:41 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2015-03-11 23:52 - 2014-10-29 01:39 - 02814464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-03-11 23:52 - 2014-10-29 01:39 - 01000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2015-03-11 23:52 - 2014-10-29 01:38 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-03-11 23:52 - 2014-10-29 01:37 - 06386176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2015-03-11 23:52 - 2014-10-29 01:35 - 01668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2015-03-11 23:52 - 2014-10-29 01:34 - 01544192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-03-11 23:52 - 2014-10-29 01:33 - 06213632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-03-11 23:52 - 2014-10-15 09:32 - 02025792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-03-11 23:52 - 2014-10-07 07:45 - 03307112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2015-03-11 23:52 - 2014-10-07 04:44 - 02890296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2015-03-11 23:52 - 2014-09-25 04:42 - 00373568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-03-11 23:51 - 2014-10-29 05:09 - 01950280 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2015-03-11 23:51 - 2014-10-29 05:09 - 01239576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2015-03-11 23:51 - 2014-10-29 05:04 - 00105872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-03-11 23:51 - 2014-10-29 05:03 - 00435008 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-03-11 23:51 - 2014-10-29 05:00 - 01540696 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-03-11 23:51 - 2014-10-29 05:00 - 01385216 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-03-11 23:51 - 2014-10-29 05:00 - 00740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2015-03-11 23:51 - 2014-10-29 05:00 - 00544408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-03-11 23:51 - 2014-10-29 05:00 - 00379568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2015-03-11 23:51 - 2014-10-29 04:57 - 01576312 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2015-03-11 23:51 - 2014-10-29 04:57 - 01552704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-03-11 23:51 - 2014-10-29 04:57 - 01210176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2015-03-11 23:51 - 2014-10-29 04:57 - 00643064 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-03-11 23:51 - 2014-10-29 04:57 - 00557832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
2015-03-11 23:51 - 2014-10-29 04:55 - 01133200 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-03-11 23:51 - 2014-10-29 04:55 - 01063432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2015-03-11 23:51 - 2014-10-29 04:55 - 00730824 _____ (Microsoft Corporation) C:\WINDOWS\system32\clbcatq.dll
2015-03-11 23:51 - 2014-10-29 04:52 - 00988544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-03-11 23:51 - 2014-10-29 04:52 - 00962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-03-11 23:51 - 2014-10-29 04:52 - 00850656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2015-03-11 23:51 - 2014-10-29 04:52 - 00821696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-03-11 23:51 - 2014-10-29 04:52 - 00734448 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2015-03-11 23:51 - 2014-10-29 04:52 - 00634768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-03-11 23:51 - 2014-10-29 04:52 - 00580024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmdrmdev.dll
2015-03-11 23:51 - 2014-10-29 04:52 - 00497936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-03-11 23:51 - 2014-10-29 04:52 - 00444728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2015-03-11 23:51 - 2014-10-29 04:52 - 00405456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-03-11 23:51 - 2014-10-29 04:18 - 01782912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2015-03-11 23:51 - 2014-10-29 04:18 - 01103768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2015-03-11 23:51 - 2014-10-29 04:18 - 00848568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2015-03-11 23:51 - 2014-10-29 04:18 - 00016504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\psapi.dll
2015-03-11 23:51 - 2014-10-29 04:12 - 00616704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2015-03-11 23:51 - 2014-10-29 04:11 - 01037656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2015-03-11 23:51 - 2014-10-29 04:11 - 00914648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2015-03-11 23:51 - 2014-10-29 04:10 - 01287112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2015-03-11 23:51 - 2014-10-29 04:10 - 01178104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2015-03-11 23:51 - 2014-10-29 04:10 - 00492232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-03-11 23:51 - 2014-10-29 04:07 - 00857384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-03-11 23:51 - 2014-10-29 04:07 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-03-11 23:51 - 2014-10-29 04:07 - 00785568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-03-11 23:51 - 2014-10-29 04:07 - 00705008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-03-11 23:51 - 2014-10-29 04:07 - 00700328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2015-03-11 23:51 - 2014-10-29 04:07 - 00584120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2015-03-11 23:51 - 2014-10-29 04:07 - 00551064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-03-11 23:51 - 2014-10-29 04:07 - 00482360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmdrmdev.dll
2015-03-11 23:51 - 2014-10-29 04:07 - 00409040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-03-11 23:51 - 2014-10-29 04:05 - 00890128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drmv2clt.dll
2015-03-11 23:51 - 2014-10-29 03:56 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2015-03-11 23:51 - 2014-10-29 03:50 - 01192960 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2015-03-11 23:51 - 2014-10-29 03:48 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2015-03-11 23:51 - 2014-10-29 03:48 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
2015-03-11 23:51 - 2014-10-29 03:44 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2015-03-11 23:51 - 2014-10-29 03:43 - 00685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\riched20.dll
2015-03-11 23:51 - 2014-10-29 03:36 - 00546304 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqlcese40.dll
2015-03-11 23:51 - 2014-10-29 03:33 - 07558144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Data0011.dll
2015-03-11 23:51 - 2014-10-29 03:33 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqlsrv32.dll
2015-03-11 23:51 - 2014-10-29 03:31 - 00971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqlceqp40.dll
2015-03-11 23:51 - 2014-10-29 03:30 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSWB70804.dll
2015-03-11 23:51 - 2014-10-29 03:30 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSWB70404.dll
2015-03-11 23:51 - 2014-10-29 03:30 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSWB7001E.dll
2015-03-11 23:51 - 2014-10-29 03:30 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSWB70011.dll
2015-03-11 23:51 - 2014-10-29 03:29 - 01246720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ogldrv.dll
2015-03-11 23:51 - 2014-10-29 03:29 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsound.dll
2015-03-11 23:51 - 2014-10-29 03:27 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx.dll
2015-03-11 23:51 - 2014-10-29 03:27 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsRasterService.dll
2015-03-11 23:51 - 2014-10-29 03:26 - 00771584 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbc32.dll
2015-03-11 23:51 - 2014-10-29 03:18 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpksetup.exe
2015-03-11 23:51 - 2014-10-29 03:17 - 00537088 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-03-11 23:51 - 2014-10-29 03:11 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-03-11 23:51 - 2014-10-29 03:09 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\psisdecd.dll
2015-03-11 23:51 - 2014-10-29 03:08 - 00858624 _____ (Microsoft Corporation) C:\WINDOWS\system32\comuid.dll
2015-03-11 23:51 - 2014-10-29 03:08 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2015-03-11 23:51 - 2014-10-29 03:08 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmdrmnet.dll
2015-03-11 23:51 - 2014-10-29 03:07 - 06692352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2015-03-11 23:51 - 2014-10-29 03:07 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2015-03-11 23:51 - 2014-10-29 03:06 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2fs.dll
2015-03-11 23:51 - 2014-10-29 03:04 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\WavDest.dll
2015-03-11 23:51 - 2014-10-29 03:03 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2015-03-11 23:51 - 2014-10-29 03:03 - 00832000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2015-03-11 23:51 - 2014-10-29 03:00 - 00652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2015-03-11 23:51 - 2014-10-29 02:59 - 00670720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll
2015-03-11 23:51 - 2014-10-29 02:59 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\riched20.dll
2015-03-11 23:51 - 2014-10-29 02:57 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2015-03-11 23:51 - 2014-10-29 02:56 - 01526784 _____ (Microsoft Corporation) C:\WINDOWS\system32\pla.dll
2015-03-11 23:51 - 2014-10-29 02:56 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-03-11 23:51 - 2014-10-29 02:53 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-03-11 23:51 - 2014-10-29 02:53 - 01065984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2015-03-11 23:51 - 2014-10-29 02:53 - 00881152 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2015-03-11 23:51 - 2014-10-29 02:52 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-03-11 23:51 - 2014-10-29 02:50 - 01289216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMNetMgr.dll
2015-03-11 23:51 - 2014-10-29 02:50 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqlsrv32.dll
2015-03-11 23:51 - 2014-10-29 02:49 - 01358336 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmclient.dll
2015-03-11 23:51 - 2014-10-29 02:49 - 00742400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqlceqp40.dll
2015-03-11 23:51 - 2014-10-29 02:48 - 01080832 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2015-03-11 23:51 - 2014-10-29 02:48 - 00825856 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll
2015-03-11 23:51 - 2014-10-29 02:48 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-03-11 23:51 - 2014-10-29 02:47 - 01096192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ogldrv.dll
2015-03-11 23:51 - 2014-10-29 02:47 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpssvcs.dll
2015-03-11 23:51 - 2014-10-29 02:46 - 01497600 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2015-03-11 23:51 - 2014-10-29 02:45 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-03-11 23:51 - 2014-10-29 02:45 - 00672768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbc32.dll
2015-03-11 23:51 - 2014-10-29 02:45 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\blackbox.dll
2015-03-11 23:51 - 2014-10-29 02:43 - 01092608 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdosys.dll
2015-03-11 23:51 - 2014-10-29 02:43 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2015-03-11 23:51 - 2014-10-29 02:42 - 03724800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2015-03-11 23:51 - 2014-10-29 02:42 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\PurchaseWindowsLicense.dll
2015-03-11 23:51 - 2014-10-29 02:40 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-03-11 23:51 - 2014-10-29 02:39 - 01571328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2015-03-11 23:51 - 2014-10-29 02:39 - 00898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2015-03-11 23:51 - 2014-10-29 02:37 - 01563136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmc.exe
2015-03-11 23:51 - 2014-10-29 02:37 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2015-03-11 23:51 - 2014-10-29 02:36 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2015-03-11 23:51 - 2014-10-29 02:36 - 01252864 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2015-03-11 23:51 - 2014-10-29 02:36 - 01008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-03-11 23:51 - 2014-10-29 02:36 - 00609792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmdrmsdk.dll
2015-03-11 23:51 - 2014-10-29 02:35 - 00532480 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2015-03-11 23:51 - 2014-10-29 02:34 - 01114624 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2015-03-11 23:51 - 2014-10-29 02:34 - 01037824 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2015-03-11 23:51 - 2014-10-29 02:33 - 01056768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2015-03-11 23:51 - 2014-10-29 02:33 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2015-03-11 23:51 - 2014-10-29 02:32 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2015-03-11 23:51 - 2014-10-29 02:32 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-03-11 23:51 - 2014-10-29 02:32 - 00654848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comuid.dll
2015-03-11 23:51 - 2014-10-29 02:32 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmdrmnet.dll
2015-03-11 23:51 - 2014-10-29 02:31 - 01278464 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2015-03-11 23:51 - 2014-10-29 02:31 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2015-03-11 23:51 - 2014-10-29 02:30 - 06465536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2015-03-11 23:51 - 2014-10-29 02:30 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-03-11 23:51 - 2014-10-29 02:29 - 00833536 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2015-03-11 23:51 - 2014-10-29 02:27 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-03-11 23:51 - 2014-10-29 02:26 - 00838656 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2015-03-11 23:51 - 2014-10-29 02:25 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-03-11 23:51 - 2014-10-29 02:25 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pla.dll
2015-03-11 23:51 - 2014-10-29 02:24 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-03-11 23:51 - 2014-10-29 02:24 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-03-11 23:51 - 2014-10-29 02:23 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-03-11 23:51 - 2014-10-29 02:21 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-03-11 23:51 - 2014-10-29 02:20 - 01492480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-03-11 23:51 - 2014-10-29 02:19 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2015-03-11 23:51 - 2014-10-29 02:19 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSync.dll
2015-03-11 23:51 - 2014-10-29 02:18 - 01050624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMNetMgr.dll
2015-03-11 23:51 - 2014-10-29 02:18 - 00967680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmclient.dll
2015-03-11 23:51 - 2014-10-29 02:17 - 01402368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2015-03-11 23:51 - 2014-10-29 02:17 - 00829952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll
2015-03-11 23:51 - 2014-10-29 02:16 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-03-11 23:51 - 2014-10-29 02:14 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdosys.dll
2015-03-11 23:51 - 2014-10-29 02:14 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2015-03-11 23:51 - 2014-10-29 02:14 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-03-11 23:51 - 2014-10-29 02:14 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-03-11 23:51 - 2014-10-29 02:12 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-03-11 23:51 - 2014-10-29 02:12 - 00702976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2015-03-11 23:51 - 2014-10-29 02:12 - 00645120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msTextPrediction.dll
2015-03-11 23:51 - 2014-10-29 02:12 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2015-03-11 23:51 - 2014-10-29 02:12 - 00516608 _____ (Microsoft Corporation) C:\WINDOWS\system32\es.dll
2015-03-11 23:51 - 2014-10-29 02:11 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2015-03-11 23:51 - 2014-10-29 02:10 - 01096704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-03-11 23:51 - 2014-10-29 02:10 - 00516096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmdrmsdk.dll
2015-03-11 23:51 - 2014-10-29 02:09 - 01335296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2015-03-11 23:51 - 2014-10-29 02:09 - 00873984 _____ (Microsoft Corporation) C:\WINDOWS\system32\provcore.dll
2015-03-11 23:51 - 2014-10-29 02:09 - 00809984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2015-03-11 23:51 - 2014-10-29 02:09 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-03-11 23:51 - 2014-10-29 02:09 - 00658944 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2015-03-11 23:51 - 2014-10-29 02:09 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-03-11 23:51 - 2014-10-29 02:08 - 01478144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2015-03-11 23:51 - 2014-10-29 02:08 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2015-03-11 23:51 - 2014-10-29 02:07 - 01396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2015-03-11 23:51 - 2014-10-29 02:07 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2015-03-11 23:51 - 2014-10-29 02:07 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2015-03-11 23:51 - 2014-10-29 02:07 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-03-11 23:51 - 2014-10-29 02:07 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2015-03-11 23:51 - 2014-10-29 02:07 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2015-03-11 23:51 - 2014-10-29 02:06 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2015-03-11 23:51 - 2014-10-29 02:06 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2015-03-11 23:51 - 2014-10-29 02:06 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-03-11 23:51 - 2014-10-29 02:05 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-03-11 23:51 - 2014-10-29 02:04 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-03-11 23:51 - 2014-10-29 02:04 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2015-03-11 23:51 - 2014-10-29 02:03 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-03-11 23:51 - 2014-10-29 02:03 - 00740352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2015-03-11 23:51 - 2014-10-29 02:02 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2015-03-11 23:51 - 2014-10-29 02:02 - 00695296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2015-03-11 23:51 - 2014-10-29 02:01 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2015-03-11 23:51 - 2014-10-29 02:01 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\perftrack.dll
2015-03-11 23:51 - 2014-10-29 02:01 - 00843776 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2015-03-11 23:51 - 2014-10-29 02:00 - 01574400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2015-03-11 23:51 - 2014-10-29 02:00 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2015-03-11 23:51 - 2014-10-29 01:59 - 01636864 _____ (Microsoft Corporation) C:\WINDOWS\system32\RacEngn.dll
2015-03-11 23:51 - 2014-10-29 01:59 - 01454080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2015-03-11 23:51 - 2014-10-29 01:59 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-03-11 23:51 - 2014-10-29 01:59 - 01021440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-03-11 23:51 - 2014-10-29 01:59 - 01010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2015-03-11 23:51 - 2014-10-29 01:59 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2015-03-11 23:51 - 2014-10-29 01:59 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSync.dll
2015-03-11 23:51 - 2014-10-29 01:58 - 00926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2015-03-11 23:51 - 2014-10-29 01:56 - 01248256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2015-03-11 23:51 - 2014-10-29 01:56 - 01001984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2015-03-11 23:51 - 2014-10-29 01:56 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2015-03-11 23:51 - 2014-10-29 01:56 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2015-03-11 23:51 - 2014-10-29 01:56 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2015-03-11 23:51 - 2014-10-29 01:55 - 00719360 _____ (Microsoft Corporation) C:\WINDOWS\system32\PortableDeviceApi.dll
2015-03-11 23:51 - 2014-10-29 01:54 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2015-03-11 23:51 - 2014-10-29 01:54 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2015-03-11 23:51 - 2014-10-29 01:53 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2015-03-11 23:51 - 2014-10-29 01:52 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-03-11 23:51 - 2014-10-29 01:52 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-03-11 23:51 - 2014-10-29 01:52 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2015-03-11 23:51 - 2014-10-29 01:52 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2015-03-11 23:51 - 2014-10-29 01:52 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2015-03-11 23:51 - 2014-10-29 01:52 - 00555008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2015-03-11 23:51 - 2014-10-29 01:51 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll
2015-03-11 23:51 - 2014-10-29 01:51 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2015-03-11 23:51 - 2014-10-29 01:50 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2015-03-11 23:51 - 2014-10-29 01:48 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-03-11 23:51 - 2014-10-29 01:48 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2015-03-11 23:51 - 2014-10-29 01:48 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2015-03-11 23:51 - 2014-10-29 01:48 - 00562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2015-03-11 23:51 - 2014-10-29 01:47 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2015-03-11 23:51 - 2014-10-29 01:47 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2015-03-11 23:51 - 2014-10-29 01:46 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RacEngn.dll
2015-03-11 23:51 - 2014-10-29 01:46 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-03-11 23:51 - 2014-10-29 01:45 - 00918016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2015-03-11 23:51 - 2014-10-29 01:45 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-03-11 23:51 - 2014-10-29 01:45 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2015-03-11 23:51 - 2014-10-29 01:45 - 00573952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PortableDeviceApi.dll
2015-03-11 23:51 - 2014-10-29 01:45 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2015-03-11 23:51 - 2014-10-29 01:43 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2015-03-11 23:51 - 2014-10-29 01:42 - 01207808 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll
2015-03-11 23:51 - 2014-10-29 01:42 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2015-03-11 23:51 - 2014-10-29 01:42 - 00654848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2015-03-11 23:51 - 2014-10-29 01:42 - 00608256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll