Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   vor 1 Woche Trojaner mit "UPS-Mail" eingefangen, nun wieder Spam-Mails über meine Accounts... (https://www.trojaner-board.de/165352-1-woche-trojaner-ups-mail-eingefangen-spam-mails-accounts.html)

Tapoka 20.03.2015 21:15
vor 1 Woche Trojaner mit "UPS-Mail" eingefangen, nun wieder Spam-Mails über meine Accounts...
 
Guten Abend,
vorweg: ich bin ein _wirklich_ dummer unerfahrener User....ich war mir nicht sicher, ob das Problem überhaupt an meinem Recner nun liegt: vor ca einer Woche hab ich mir mit so einem "Paketnummer-UPS"-Mail 2 Trojaner eingefangen, die ich mit der Revo Uninstaller geglaubt hab los zu sein. Nun hat mir mein Provider (allinkl) heute einen Email-Acccount gesperrt, weil da drüber Spam-Mails en masse gehen. Ich denk mir da ist vielleicht noch einiges übriggeblieben?
Ich habe
1. auf Anraten einer Freundin mir Malwarebytes geholt, im Anschluss die Logs
-dann die Seiten hier gefunden - dann
2. defogger
3.FRST
4.GMer laufen lassen.

Könnt Ihr Euch das bitte ansehen? Was soll ich weiterhin machen?
Vielen Dank aus Wien
Susanne

Code:
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.03.20.04
  rootkit: v2015.02.25.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17633
Susi :: SUSI_LAPTOP [administrator]

20.03.2015 16:41:00
mbar-log-2015-03-20 (16-41-00).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 396499
Time elapsed: 54 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\1887373585 (Rogue.Multiple) -> Delete on reboot. [1da7b79096f40b2bb7348cd64ab9ae52]

Files Detected: 1
C:\Windows\System32\drivers\{55318141-dabf-4786-b4b2-f50790587c26}Gw64.sys (PUP.Optional.Sanbreel.A) -> Delete on reboot. [48dd48f90b556e51e308c1094f881357]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
main: v2015.03.20.06
rootkit: v2015.02.25.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17633
Susi :: SUSI_LAPTOP [administrator]

20.03.2015 19:55:27
mbar-log-2015-03-20 (19-55-27).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 396263
Time elapsed: 18 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

********defogger*********
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:33 on 20/03/2015 (Susi)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

**********FRST**********
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Susi (administrator) on SUSI_LAPTOP on 20-03-2015 20:35:51
Running from C:\Users\Susi\Downloads
Loaded Profiles: Susi (Available profiles: Susi)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
(Ericsson AB) C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
() C:\Users\Susi\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Dropbox, Inc.) C:\Users\Susi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avpui.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [8641536 2014-08-29] (Broadcom Corporation)
HKLM\...\Run: [MfeEpePcMonitor] => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-08-31] (IDT, Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816240 2014-10-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2013-08-31] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2014-08-29] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Mirage] => c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [139792 2012-10-25] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [168464 2012-10-25] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [DsMgr] => C:\Program Files (x86)\Hewlett-Packard\HP GPS and Location\dsMgr.exe [183168 2012-04-02] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12313720 2012-08-07] (Hewlett-Packard)
HKLM-x32\...\Run: [IFXSPMGT] => c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1127800 2012-01-27] (Infineon Technologies AG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-07] (CyberLink Corp.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-02-10] (Hewlett-Packard Company)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-07-18] (PDF Complete Inc)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2014-04-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-12] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1713416 2013-08-07] (CyberLink Corp.)
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\Run: [Amazon Music] => C:\Users\Susi\AppData\Local\Amazon Music\Amazon Music Helper.exe [3162944 2014-06-04] ()
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\MountPoints2: {2f4193e4-30eb-11e4-b280-0c84dcd7bd0d} - D:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\MountPoints2: {45a8ee83-2f3b-11e4-b247-001e101f79c9} - D:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\MountPoints2: {803d4795-327a-11e4-9402-001e101f8ed0} - D:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\MountPoints2: {803d47d5-327a-11e4-9402-001e101f8ed0} - D:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\MountPoints2: {958a5dfc-2e05-11e4-8903-0c84dcd7bd0d} - D:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\MountPoints2: {958a5e0e-2e05-11e4-8903-0c84dcd7bd0d} - D:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\MountPoints2: {d3395f86-30f9-11e4-9fcb-806e6f6e6963} - D:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\MountPoints2: {d3395ffe-30f9-11e4-9fcb-028037ec0200} - D:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\MountPoints2: {f35f41bb-fc58-11e2-8f00-806e6f6e6963} - Al-Kitaab Part 1.exe
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\MountPoints2: {ffe2eaa3-2d45-11e4-982d-0c84dcd7bd0d} - D:\.\Setup.exe AUTORUN=1
Lsa: [Notification Packages] DPPassFilter scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Susi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Susi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Susi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\shellex.dll (Kaspersky Lab ZAO)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.orf.at/
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM13/4
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mobil.derstandard.at/
hxxp://www.zuckertante.at/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_coinis_15_01_ie&cd=2XzuyEtN2Y1L1Qzu0DyE0Czy0E0FyDtA0E0ByCzz0F0B0D0BtN0D0Tzu0StCtDzyyBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0AtDyCyCtC0AyCtGtC0ByD0BtG0E0DtB0BtG0E0F0FyDtGyCzyzztDyD0B0C0BtDtByByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzytA0A0CyEzztDtGyEzyyBtAtGyEyByC0EtG0BtA0EzztGzytCtC0AtCyCyDtBtAtDyC0A2Q&cr=2102174447&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_coinis_15_01_ie&cd=2XzuyEtN2Y1L1Qzu0DyE0Czy0E0FyDtA0E0ByCzz0F0B0D0BtN0D0Tzu0StCtDzyyBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0AtDyCyCtC0AyCtGtC0ByD0BtG0E0DtB0BtG0E0F0FyDtGyCzyzztDyD0B0C0BtDtByByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzytA0A0CyEzztDtGyEzyyBtAtGyEyByC0EtG0BtA0EzztGzytCtC0AtCyCyDtBtAtDyC0A2Q&cr=2102174447&ir=
SearchScopes: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_coinis_15_01_ie&cd=2XzuyEtN2Y1L1Qzu0DyE0Czy0E0FyDtA0E0ByCzz0F0B0D0BtN0D0Tzu0StCtDzyyBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0AtDyCyCtC0AyCtGtC0ByD0BtG0E0DtB0BtG0E0F0FyDtGyCzyzztDyD0B0C0BtDtByByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzytA0A0CyEzztDtGyEzyyBtAtGyEyByC0EtG0BtA0EzztGzytCtC0AtCyCyDtBtAtDyC0A2Q&cr=2102174447&ir=
SearchScopes: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_coinis_15_01_ie&cd=2XzuyEtN2Y1L1Qzu0DyE0Czy0E0FyDtA0E0ByCzz0F0B0D0BtN0D0Tzu0StCtDzyyBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0AtDyCyCtC0AyCtGtC0ByD0BtG0E0DtB0BtG0E0F0FyDtGyCzyzztDyD0B0C0BtDtByByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzytA0A0CyEzztDtGyEzyyBtAtGyEyByC0EtG0BtA0EzztGzytCtC0AtCyCyDtBtAtDyC0A2Q&cr=2102174447&ir=
SearchScopes: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
BHO: TicTaCouepon -> {066ff30c-e431-4c70-9998-c94b7b431752} -> C:\Program Files (x86)\TicTaCouepon\AA1SHzgYYdKN1L.x64.dll No File
BHO-x32: TicTaCouepon -> {066ff30c-e431-4c70-9998-c94b7b431752} -> C:\Program Files (x86)\TicTaCouepon\AA1SHzgYYdKN1L.dll No File
Toolbar: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.254

FireFox:
========
FF ProfilePath: C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\4t8mgvp3.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-28] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-28] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-21] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-03] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-03] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-03] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll [2013-02-11] (Nuance Communications Inc.)
FF Plugin HKU\.DEFAULT: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll [2012-07-20] (Digital Persona, Inc.)
FF Plugin HKU\S-1-5-21-3640161593-1920862833-3677333132-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Susi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\4t8mgvp3.default\user.js [2015-01-03]
FF Extension: FinEDealSoft - C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\4t8mgvp3.default\Extensions\Kt55@cf7.com [2015-01-25]
FF Extension: WowaCoupon - C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\4t8mgvp3.default\Extensions\m4Pi@aZru.net [2015-01-25]
FF Extension: cOupoenpeak - C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\4t8mgvp3.default\Extensions\Z4@g3HPP.net [2015-02-12]
FF Extension: Evernote Web Clipper - C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\4t8mgvp3.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-07-20]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-08-31]
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-02-11]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-02-06]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-03]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-03]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-03]
FF HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-02-11]
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\dpchrome.crx [2012-07-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [342984 2011-09-13] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [494456 2012-07-20] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-11-19] (Hewlett-Packard Company)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-02-10] (Hewlett-Packard Company)
R2 IFXSpMgtSrv; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1127800 2012-01-27] (Infineon Technologies AG)
R2 IFXTCS; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [984440 2012-01-27] (Infineon Technologies AG)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-12-05] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-10-28] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-10-28] (Intel Corporation)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2013-03-27] () [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-07-18] (PDF Complete Inc)
R2 PersonalSecureDriveService; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [212344 2012-01-27] (Infineon Technologies AG)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5894144 2014-08-29] (Broadcom Corporation) [File not signed]
R2 WMCoreService; C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [689560 2012-10-18] (Ericsson AB)
S2 Update ace race; "C:\Program Files (x86)\ace race\updateacerace.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2014-10-24] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-02] (Broadcom Corporation.)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-26] (CyberLink)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [138752 2014-08-28] (Huawei Technologies Co., Ltd.)
S3 ewusbnet; C:\Windows\SysWOW64\DRIVERS\ewusbnet.sys [138752 2014-09-02] (Huawei Technologies Co., Ltd.)
S3 ew_hwusbdev; C:\Windows\SysWOW64\DRIVERS\ew_hwusbdev.sys [117248 2014-09-02] (Huawei Technologies Co., Ltd.)
R3 h36wgps; C:\Windows\System32\DRIVERS\h36wgps64.sys [103184 2012-03-02] (Ericsson AB)
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [121600 2014-09-02] (Huawei Technologies Co., Ltd.)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-07-16] (JMicron Technology Corp.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-01-03] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-01-03] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [443648 2013-04-22] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [455936 2013-04-22] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [22272 2013-04-22] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [508160 2013-04-22] (MCCI Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [91432 2013-03-27] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158760 2013-03-27] (McAfee, Inc.)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2010-01-26] (Infineon Technologies AG)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2012-09-23] (Sunplus)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [284912 2013-11-25] (Ericsson AB)
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S1 {55318141-dabf-4786-b4b2-f50790587c26}Gw64; system32\drivers\{55318141-dabf-4786-b4b2-f50790587c26}Gw64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 20:35 - 2015-03-20 20:36 - 00035451 _____ () C:\Users\Susi\Downloads\FRST.txt
2015-03-20 20:35 - 2015-03-20 20:35 - 02095616 _____ (Farbar) C:\Users\Susi\Downloads\FRST64.exe
2015-03-20 20:35 - 2015-03-20 20:35 - 00000000 ____D () C:\FRST
2015-03-20 20:33 - 2015-03-20 20:33 - 00050477 _____ () C:\Users\Susi\Downloads\Defogger.exe
2015-03-20 20:33 - 2015-03-20 20:33 - 00000470 _____ () C:\Users\Susi\Desktop\defogger_disable.log
2015-03-20 20:33 - 2015-03-20 20:33 - 00000000 _____ () C:\Users\Susi\defogger_reenable
2015-03-20 19:49 - 2015-03-20 19:49 - 00007605 _____ () C:\Users\Susi\AppData\Local\Resmon.ResmonCfg
2015-03-20 16:40 - 2015-03-20 20:28 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-20 16:40 - 2015-03-20 19:55 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-20 16:40 - 2015-03-20 16:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-20 16:39 - 2015-03-20 20:28 - 00000000 ____D () C:\Users\Susi\Desktop\mbar
2015-03-20 16:39 - 2015-03-20 19:54 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-03-20 16:38 - 2015-03-20 16:39 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Susi\Downloads\mbar-1.09.1.1004.exe
2015-03-07 11:02 - 2015-03-07 11:02 - 00000000 ____D () C:\ProgramData\7ea562880000266e
2015-02-25 19:52 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-25 19:52 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-25 19:52 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-25 19:52 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-02-24 22:11 - 2015-01-09 00:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-02-24 22:11 - 2015-01-09 00:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-24 22:10 - 2015-02-24 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-24 22:10 - 2015-02-24 22:10 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-24 22:10 - 2015-02-24 22:10 - 00000000 ____D () C:\Program Files\iTunes
2015-02-24 22:10 - 2015-02-24 22:10 - 00000000 ____D () C:\Program Files\iPod
2015-02-24 22:10 - 2015-02-24 22:10 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-24 22:00 - 2015-02-24 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-02-24 21:58 - 2015-02-24 21:58 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-02-24 21:58 - 2015-02-24 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-02-24 21:58 - 2015-02-24 21:58 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-02-21 06:23 - 2015-02-21 06:23 - 00001130 _____ () C:\Users\Susi\Desktop\arriba.lnk
2015-02-21 06:10 - 2015-02-21 06:10 - 00000000 ____D () C:\ProgramData\Sun
2015-02-21 06:10 - 2015-02-21 06:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-21 06:10 - 2015-02-21 06:09 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-21 06:09 - 2015-02-21 06:11 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-21 06:09 - 2015-02-21 06:09 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-21 06:00 - 2015-02-21 06:01 - 11353082 _____ (GPZK Gesellschaft für Patientenzentrierte Kommunikation mbH) C:\Users\Susi\Downloads\arriba.exe
2015-02-20 20:31 - 2015-02-20 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-20 20:31 - 2015-02-20 20:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-02-20 20:31 - 2015-02-20 20:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-02-18 15:32 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-18 15:32 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-18 15:32 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-02-18 15:32 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 20:33 - 2013-08-29 08:12 - 00000000 ____D () C:\Users\Susi
2015-03-20 20:07 - 2014-05-18 14:45 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-20 19:57 - 2015-01-03 16:09 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-20 19:53 - 2015-01-03 08:53 - 00000288 _____ () C:\windows\Tasks\WSE_Vosteran.job
2015-03-20 19:50 - 2009-07-14 05:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-20 19:50 - 2009-07-14 05:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-20 19:49 - 2013-08-03 17:29 - 01950826 _____ () C:\windows\WindowsUpdate.log
2015-03-20 19:44 - 2013-09-15 12:17 - 00000000 ___RD () C:\Users\Susi\Dropbox
2015-03-20 19:44 - 2013-09-15 12:15 - 00000000 ____D () C:\Users\Susi\AppData\Roaming\Dropbox
2015-03-20 19:42 - 2014-08-27 16:36 - 00000438 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2015-03-20 19:41 - 2013-04-14 00:34 - 00000000 ____D () C:\ProgramData\PDFC
2015-03-20 19:41 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-20 19:40 - 2015-01-04 11:00 - 00032768 _____ () C:\windows\system32\persistent_q.db-shm
2015-03-20 19:40 - 2015-01-04 11:00 - 00028328 _____ () C:\windows\system32\persistent_q.db-wal
2015-03-20 19:40 - 2015-01-04 11:00 - 00005120 _____ () C:\windows\system32\persistent_q.db
2015-03-20 19:40 - 2013-08-03 18:23 - 00000000 ____D () C:\windows\Hewlett-Packard
2015-03-20 19:40 - 2010-11-21 04:47 - 00188910 _____ () C:\windows\PFRO.log
2015-03-20 19:40 - 2009-07-14 05:51 - 00117119 _____ () C:\windows\setupact.log
2015-03-20 17:38 - 2013-08-31 18:23 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2015-03-20 16:11 - 2013-08-29 08:16 - 00003938 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{C5309636-0E07-4CB6-B1B0-D0A190B7B579}
2015-03-18 20:05 - 2013-09-07 15:23 - 00003180 _____ () C:\windows\System32\Tasks\HPCeeScheduleForSusi
2015-03-18 20:05 - 2013-09-07 15:23 - 00000328 _____ () C:\windows\Tasks\HPCeeScheduleForSusi.job
2015-03-18 19:42 - 2013-09-03 09:44 - 00000000 ____D () C:\temp
2015-03-18 19:40 - 2011-07-29 00:51 - 00000000 ____D () C:\swsetup
2015-03-18 19:35 - 2014-07-12 06:43 - 00000573 _____ () C:\Users\Susi\Desktop\Fernwartung starten.lnk
2015-03-18 19:35 - 2013-09-03 09:44 - 00000605 _____ () C:\Users\Susi\Desktop\Indexdateien löschen.lnk
2015-03-18 19:23 - 2013-09-15 12:17 - 00001017 _____ () C:\Users\Susi\Desktop\Dropbox.lnk
2015-03-18 19:23 - 2013-09-15 12:15 - 00000000 ____D () C:\Users\Susi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-18 18:59 - 2014-08-20 18:04 - 00819896 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klif.sys
2015-03-18 18:55 - 2009-07-14 06:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2015-03-07 10:53 - 2015-02-12 18:40 - 00000000 ____D () C:\ProgramData\13544121294761806647
2015-03-07 10:33 - 2015-02-15 13:34 - 00000000 ____D () C:\ProgramData\3511ea3e0000251b
2015-03-01 08:42 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\tracing
2015-02-26 20:03 - 2013-08-31 18:10 - 00000000 ____D () C:\Users\Susi\AppData\Roaming\Apple Computer
2015-02-24 22:10 - 2013-08-31 18:08 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-24 22:07 - 2013-09-03 08:47 - 00000000 ____D () C:\Daten
2015-02-24 21:21 - 2013-08-29 08:16 - 00000000 ____D () C:\Users\Susi\AppData\Local\PDFC
2015-02-24 04:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-02-22 18:47 - 2014-02-08 20:05 - 00000000 ____D () C:\Users\Susi\Documents\Diabetes
2015-02-21 06:40 - 2014-03-07 07:45 - 00077312 _____ () C:\Users\Susi\Desktop\1BE-KH_Schätzhilfe.xls
2015-02-18 15:32 - 2014-02-05 18:15 - 00000000 ____D () C:\Program Files (x86)\mylife DIABASS

==================== Files in the root of some directories =======

2014-08-20 17:11 - 2014-08-20 18:30 - 0000636 _____ () C:\Users\Susi\AppData\Roaming\CMLS15.tst.txt
2013-11-09 14:10 - 2013-11-16 11:45 - 0001679 _____ () C:\Users\Susi\AppData\Roaming\SAS7_000.DAT
2015-01-03 10:31 - 2015-01-03 10:31 - 0000044 _____ () C:\Users\Susi\AppData\Roaming\WB.CFG
2015-03-20 19:49 - 2015-03-20 19:49 - 0007605 _____ () C:\Users\Susi\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Susi\AppData\Local\Temp\AtpTimerInfo.dll
C:\Users\Susi\AppData\Local\Temp\CloudBackup1218.exe
C:\Users\Susi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr2sry2.dll
C:\Users\Susi\AppData\Local\Temp\Extract.exe
C:\Users\Susi\AppData\Local\Temp\history.dll
C:\Users\Susi\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Susi\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Susi\AppData\Local\Temp\mfc80.dll
C:\Users\Susi\AppData\Local\Temp\mfc80u.dll
C:\Users\Susi\AppData\Local\Temp\mfcm80.dll
C:\Users\Susi\AppData\Local\Temp\mfcm80u.dll
C:\Users\Susi\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\Susi\AppData\Local\Temp\msvcm80.dll
C:\Users\Susi\AppData\Local\Temp\msvcp80.dll
C:\Users\Susi\AppData\Local\Temp\msvcr80.dll
C:\Users\Susi\AppData\Local\Temp\omnipod.dll
C:\Users\Susi\AppData\Local\Temp\optprosetup.exe
C:\Users\Susi\AppData\Local\Temp\OSU.exe
C:\Users\Susi\AppData\Local\Temp\Resource.exe
C:\Users\Susi\AppData\Local\Temp\setup_pl303.exe
C:\Users\Susi\AppData\Local\Temp\SP56729.exe
C:\Users\Susi\AppData\Local\Temp\SP57837.exe
C:\Users\Susi\AppData\Local\Temp\SP57918.exe
C:\Users\Susi\AppData\Local\Temp\SP58268.exe
C:\Users\Susi\AppData\Local\Temp\SP58322.exe
C:\Users\Susi\AppData\Local\Temp\sp58915.exe
C:\Users\Susi\AppData\Local\Temp\SP59033.exe
C:\Users\Susi\AppData\Local\Temp\SP59257.exe
C:\Users\Susi\AppData\Local\Temp\SP59282.exe
C:\Users\Susi\AppData\Local\Temp\SP59285.exe
C:\Users\Susi\AppData\Local\Temp\SP59624.exe
C:\Users\Susi\AppData\Local\Temp\SP60317.exe
C:\Users\Susi\AppData\Local\Temp\SP60504.exe
C:\Users\Susi\AppData\Local\Temp\SP60686.exe
C:\Users\Susi\AppData\Local\Temp\SP60775.exe
C:\Users\Susi\AppData\Local\Temp\SP60832.exe
C:\Users\Susi\AppData\Local\Temp\SP61040.exe
C:\Users\Susi\AppData\Local\Temp\SP61294.exe
C:\Users\Susi\AppData\Local\Temp\SP61422.exe
C:\Users\Susi\AppData\Local\Temp\SP61441.exe
C:\Users\Susi\AppData\Local\Temp\SP61617.exe
C:\Users\Susi\AppData\Local\Temp\SP61822.exe
C:\Users\Susi\AppData\Local\Temp\SP62039.exe
C:\Users\Susi\AppData\Local\Temp\SP62339.exe
C:\Users\Susi\AppData\Local\Temp\SP62370.exe
C:\Users\Susi\AppData\Local\Temp\SP62449.exe
C:\Users\Susi\AppData\Local\Temp\SP62737.exe
C:\Users\Susi\AppData\Local\Temp\SP62783.exe
C:\Users\Susi\AppData\Local\Temp\SP62905.exe
C:\Users\Susi\AppData\Local\Temp\SP62916.exe
C:\Users\Susi\AppData\Local\Temp\SP62981.exe
C:\Users\Susi\AppData\Local\Temp\SP63337.exe
C:\Users\Susi\AppData\Local\Temp\SP63565.exe
C:\Users\Susi\AppData\Local\Temp\SP63661.exe
C:\Users\Susi\AppData\Local\Temp\SP63709.exe
C:\Users\Susi\AppData\Local\Temp\SP63779.exe
C:\Users\Susi\AppData\Local\Temp\SP63854.exe
C:\Users\Susi\AppData\Local\Temp\SP63944.exe
C:\Users\Susi\AppData\Local\Temp\SP63998.exe
C:\Users\Susi\AppData\Local\Temp\sp64126.exe
C:\Users\Susi\AppData\Local\Temp\SP64284.exe
C:\Users\Susi\AppData\Local\Temp\SP64316.exe
C:\Users\Susi\AppData\Local\Temp\SP65266.exe
C:\Users\Susi\AppData\Local\Temp\SP65270.exe
C:\Users\Susi\AppData\Local\Temp\SP65563.exe
C:\Users\Susi\AppData\Local\Temp\SP65581.exe
C:\Users\Susi\AppData\Local\Temp\SP65628.exe
C:\Users\Susi\AppData\Local\Temp\SP65953.exe
C:\Users\Susi\AppData\Local\Temp\SP66111.exe
C:\Users\Susi\AppData\Local\Temp\SP66402.exe
C:\Users\Susi\AppData\Local\Temp\SP66445.exe
C:\Users\Susi\AppData\Local\Temp\SP66487.exe
C:\Users\Susi\AppData\Local\Temp\SP66531.exe
C:\Users\Susi\AppData\Local\Temp\SP66584.exe
C:\Users\Susi\AppData\Local\Temp\SP67464.exe
C:\Users\Susi\AppData\Local\Temp\SP68380.exe
C:\Users\Susi\AppData\Local\Temp\SP68562.exe
C:\Users\Susi\AppData\Local\Temp\SP70478.exe
C:\Users\Susi\AppData\Local\Temp\Uninstaller.exe
C:\Users\Susi\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Susi\AppData\Local\Temp\VersionUpdater.exe
C:\Users\Susi\AppData\Local\Temp\WtgDriverInstallX.dll
C:\Users\Susi\AppData\Local\Temp\WTGXMLUtil.dll
C:\Users\Susi\AppData\Local\Temp\WtgZip.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-26 23:44

==================== End Of Log ============================
--- --- ---
FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Susi at 2015-03-20 20:36:36
Running from C:\Users\Susi\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Total Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.39.0 - Alcor Micro Corp.)
Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.39.0 - Alcor Micro Corp.) Hidden
ALDI TALK Verbindungsassistent (HKLM-x32\...\ALDITALKVerbindungsassistent) (Version: ALDI TALK 4.0 - ALDI TALK Verbindungsassistent)
Amazon Music (HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\Amazon Amazon Music) (Version: 3.0.0.564 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.0.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 3.0.0 - Amazon Services LLC) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Benutzerhandbuch EPSON SX235 Series (HKLM-x32\...\EPSON SX235 Series Useg) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5300 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.223.232 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: - Broadcom Corporation)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
CodeTwo Sync for iCloud (HKLM-x32\...\{0D8DF5B9-96A7-47B3-9D9C-49F044DB603C}) (Version: 1.3.2.2 - CodeTwo)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.2106 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2531 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.5101 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.1.3423 - CyberLink Corp.)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.2.0 - Hewlett-Packard Company)
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.000 - Nuance Communications Inc.)
Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.41.36204 - Hewlett-Packard Company)
Dropbox (HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Embedded Security for HP ProtectTools (HKLM\...\{43BE25B8-E69F-42CF-9414-7DDCF891629B}) (Version: 7.0.000.2882 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Epson Easy Photo Print 2 (HKLM-x32\...\{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Evernote v. 5.4.1 (HKLM-x32\...\{A5F7DF42-F67D-11E3-B7EB-00163E98E7D6}) (Version: 5.4.1.3962 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.2.2.4549 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (Version: 7.2.2.4549 - Hewlett-Packard Company) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{B64F0818-316F-4237-8CB4-35BC2DA784C2}) (Version: 5.1.12.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{C0ED9561-8312-457C-BB1B-BDC7EE034CED}) (Version: 4.7.4.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{C65D5947-5FAF-499E-859F-75C3852D84B0}) (Version: 1.1.1.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company)
HP File Sanitizer (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 8.1.1.1 - Hewlett-Packard Company)
HP GPS and Location (HKLM-x32\...\{23A7D0B7-51CF-4986-8248-2ACE6629A00C}) (Version: 1.2.9.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.16 - SunplusIT)
HP Hotkey Support (HKLM-x32\...\{53C48A27-4079-49EB-8E73-76BA85D2BF6F}) (Version: 5.0.24.1 - Hewlett-Packard Company)
HP Mobile Broadband Drivers (HKLM-x32\...\{646E8C34-C88B-42F9-9F41-985A801219E1}) (Version: 7.2.8.1 - Ericsson AB)
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.2.1213 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{FE465061-894A-4023-8580-56FCDD4F23F9}) (Version: 3.4.4.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{3A61A282-4F08-4D43-920C-DC30ECE528E8}) (Version: 2.6.1 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6402.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 19.2 - Intel)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.5.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{90170407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
mylife DIABASS (HKLM-x32\...\mylife DIABASS) (Version: 0 (Build 12.6.0.1) - mediaspects GmbH)
Netzwerkhandbuch EPSON SX235 Series (HKLM-x32\...\EPSON SX235 Series Netg) (Version: - )
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.50 - PDF Complete, Inc)
PDF24 Creator 6.9.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.5.0 - Prolific Technology INC)
Privacy Manager for HP ProtectTools (HKLM\...\{29AB47F0-C5A3-401F-8A84-3324F2DC8E46}) (Version: 7.0.1.892 - Hewlett-Packard Company)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scrivener (HKLM-x32\...\Scrivener 1720) (Version: 1720 - Literature and Latte)
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
SiDiary 6 (HKLM-x32\...\{73C96D3B-F9D2-4A0C-81F7-FBED6C75CE77}) (Version: 6.0 - SINOVO Ltd. & Co. KG)
Silhouette Studio (HKLM-x32\...\{6FC20A5B-2B6A-4867-B1CF-F5201DC4D935}) (Version: 2.7.18 - Aspex Research & Technology)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.23 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.1.02 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 7.0.1.02 - Hewlett-Packard Company) Hidden
Unity Web Player (HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Validity Fingerprint Sensor Driver (HKLM\...\{AA51ED2E-DCE7-415F-9C32-CB9B561D216D}) (Version: 4.4.228.0 - Validity Sensors, Inc.)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. )
yWriter5 (HKLM-x32\...\yWriter5_is1) (Version: - Spacejock Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Susi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

18-02-2015 15:26:31 Windows Update
19-02-2015 09:08:35 Windows Update
24-02-2015 20:39:12 Windows Update
24-02-2015 22:10:52 Windows Update
01-03-2015 08:25:51 Windows Update
04-03-2015 17:00:17 Windows Update
07-03-2015 10:58:54 Revo Uninstaller's restore point - TicTaCouepon
07-03-2015 11:02:03 Revo Uninstaller's restore point - IncrementMonitor
07-03-2015 11:50:47 Revo Uninstaller's restore point - CopyTrans Control Center deinstallieren
18-03-2015 19:30:56 HPSF Applying updates
20-03-2015 15:56:53 Windows Update
20-03-2015 16:05:33 Revo Uninstaller's restore point - Silhouette Studio
20-03-2015 19:38:00 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {12826EC9-352E-45E7-88D2-5AD01F163A12} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {29CE849C-595F-4284-94FD-EC44B806321C} - System32\Tasks\{D276A26F-B643-41D6-994E-DB94B3502D18} => C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe [2011-09-13] ()
Task: {33083DD4-6FC6-4538-AEBC-7756B83496AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {37F7AF05-76AB-4C14-9989-153B229246E9} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {3FA36A2A-B3E8-4D68-AA6F-2C1F2ABAA3DC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {43866705-97B9-44D8-BF97-D75210AB1E7F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4C56A4E5-0442-454E-BA64-A83AA9ACBC8B} - System32\Tasks\{246FE5D8-529F-40CE-A7EC-74BFC338B0D4} => pcalua.exe -a C:\Users\Susi\APPDATA\LOCAL\TEMP\wzdd73\CopyTransDriversInstaller.exe -d C:\Users\Susi\Downloads
Task: {5306E38A-54AF-4CF8-BF4D-FDA7A5EAF47D} - System32\Tasks\WSE_Vosteran => C:\Users\Susi\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {98386ED5-8D7D-4CB5-9359-3F43E5317EC9} - System32\Tasks\{B45715CC-1EBE-4F03-83CB-1A19020900A1} => C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe [2011-09-13] ()
Task: {9F2496F2-C382-4B88-BD18-46FCE4F7D5D4} - System32\Tasks\{6AC74502-C1F1-42DB-9A0C-DCDC7D5B7BE8} => pcalua.exe -a D:\.\Setup.exe -d D:\ -c AUTORUN=1
Task: {AF728C8C-90FB-4777-83F1-20B32651DC18} - System32\Tasks\{5A4526D0-BFBE-43B2-8DA7-C4E9B5C6CBC6} => pcalua.exe -a C:\Users\Susi\APPDATA\LOCAL\TEMP\wzc226\CopyTransDriversInstaller.exe -d C:\Users\Susi\Downloads
Task: {B0B73BA8-C582-4BB3-8865-0AF71955BEB5} - System32\Tasks\{8CCF74E3-7A81-4B2C-830E-BEB2A58C4EA1} => C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe [2011-09-13] ()
Task: {B38296E9-7C4F-4983-9AAF-4B573B634BA3} - System32\Tasks\{F616B885-2DA5-4955-9435-58F6194AFF6D} => C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe [2011-09-13] ()
Task: {B489FBE9-56E8-4916-AAA6-E557E0966E50} - System32\Tasks\{DD31270D-B119-4FDB-94DC-9E8E382CFBCA} => C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe [2011-09-13] ()
Task: {BD35759C-4C92-4A48-9933-E84E99E7D0CB} - System32\Tasks\Amazon Music Helper => C:\Users\Susi\AppData\Local\Amazon Music\Amazon Music Helper.exe [2014-06-04] ()
Task: {DF0B53D9-2679-4DC3-AA5F-0DB16BC06A60} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {F0FA7554-E67A-48B6-930D-7BCA293EE9AB} - System32\Tasks\HPCeeScheduleForSusi => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\HPCeeScheduleForSusi.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\WSE_Vosteran.job => C:\Users\Susi\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2012-01-17 15:57 - 2012-01-17 15:57 - 00298368 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2013-03-27 11:11 - 2013-03-27 11:11 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2011-10-12 10:03 - 2011-10-12 10:03 - 00213328 _____ () C:\windows\system32\PassThroughOTP.dll
2010-09-06 21:18 - 2010-09-06 21:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2013-03-27 10:26 - 2013-03-27 10:26 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2014-09-02 09:29 - 2011-09-13 09:16 - 00342984 ____N () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-27 10:28 - 2013-03-27 10:28 - 01327104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2014-06-15 17:32 - 2014-06-04 23:18 - 03162944 _____ () C:\Users\Susi\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-09-02 09:29 - 2011-09-13 09:16 - 00510920 ____N () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
2012-02-10 22:26 - 2012-02-10 22:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2014-03-19 07:00 - 2014-03-19 07:00 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\kpcengine.2.3.dll
2013-03-27 10:54 - 2013-03-27 10:54 - 02854912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2013-03-27 10:26 - 2013-03-27 10:26 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2013-03-27 10:52 - 2013-03-27 10:52 - 03035136 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2013-03-27 10:57 - 2013-03-27 10:57 - 02867200 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2013-03-27 10:55 - 2013-03-27 10:55 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2013-03-27 10:30 - 2013-03-27 10:30 - 02043904 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2013-03-27 10:31 - 2013-03-27 10:31 - 01949696 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2014-08-29 16:40 - 2011-07-13 09:10 - 00065576 ____R () C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-19 18:39 - 2013-08-07 04:16 - 00806664 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2014-02-19 18:39 - 2013-03-06 04:04 - 01353688 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\DEU\P2GRC.dll
2014-02-19 18:39 - 2013-08-07 04:16 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
2014-02-19 18:39 - 2013-08-05 08:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00750080 _____ () C:\Users\Susi\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-20 19:43 - 2015-03-20 19:43 - 00043008 _____ () c:\users\susi\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr2sry2.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00047616 _____ () C:\Users\Susi\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00865280 _____ () C:\Users\Susi\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:07 - 2015-03-04 23:07 - 00200704 _____ () C:\Users\Susi\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-06-17 17:10 - 2014-06-17 17:10 - 00436576 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-06-17 17:10 - 2014-06-17 17:10 - 00318304 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2009-02-26 12:46 - 2009-02-26 12:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 10:46 - 2011-06-22 10:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2011-05-26 19:18 - 2011-05-26 19:18 - 00136536 _____ () C:\Program Files (x86)\Microsoft Office\Office12\OUTLCTL.DLL
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-10-17 08:07 - 2014-10-17 08:07 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\d8090ffb538a2803336e702091cd0bdd\IsdiInterop.ni.dll
2013-04-14 00:05 - 2013-08-31 20:31 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-03-19 07:00 - 2014-03-19 07:00 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2013-08-03 17:57 - 2013-10-28 22:40 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\Users\Susi\Desktop\wie sorutzen.docx:com.dropbox.attributes
AlternateDataStreams: C:\Users\Susi\Desktop\~WRL3030.tmp:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Susi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3640161593-1920862833-3677333132-500 - Administrator - Disabled)
Gast (S-1-5-21-3640161593-1920862833-3677333132-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3640161593-1920862833-3677333132-1003 - Limited - Enabled)
Susi (S-1-5-21-3640161593-1920862833-3677333132-1001 - Administrator - Enabled) => C:\Users\Susi

==================== Faulty Device Manager Devices =============

Name: {55318141-dabf-4786-b4b2-f50790587c26}Gw64
Description: {55318141-dabf-4786-b4b2-f50790587c26}Gw64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: {55318141-dabf-4786-b4b2-f50790587c26}Gw64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/20/2015 07:41:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2015 07:34:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6496443

Error: (03/20/2015 07:34:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6496443

Error: (03/20/2015 07:34:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/20/2015 07:34:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6495445

Error: (03/20/2015 07:34:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6495445

Error: (03/20/2015 07:34:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/20/2015 07:34:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6494431

Error: (03/20/2015 07:34:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6494431

Error: (03/20/2015 07:34:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (03/20/2015 07:42:20 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/20/2015 07:42:01 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.0.206192.168.137.0255.255.255.0

Error: (03/20/2015 07:42:01 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (03/20/2015 07:41:41 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
{55318141-dabf-4786-b4b2-f50790587c26}Gw64

Error: (03/20/2015 07:41:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update ace race" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (03/20/2015 07:38:40 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {60A90A2F-858D-42AF-8929-82BE9D99E8A1}

Error: (03/20/2015 07:34:54 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (03/20/2015 03:46:00 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/20/2015 03:45:58 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.0.206192.168.137.0255.255.255.0

Error: (03/20/2015 03:45:58 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:


Microsoft Office Sessions:
=========================
Error: (01/12/2015 07:59:44 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 179 seconds with 60 seconds of active time. This session ended with a crash.

Error: (09/15/2014 03:42:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 29 seconds with 0 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2015-02-18 15:48:54.497
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-02-18 15:48:54.497
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-02-18 15:44:28.204
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-02-18 15:44:28.142
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 67%
Total physical RAM: 3975.55 MB
Available physical RAM: 1311.28 MB
Total Pagefile: 7949.29 MB
Available Pagefile: 4167.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:443.73 GB) (Free:328.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32
Drive f: (Al-Kitaab Part 1) (CDROM) (Total:1.89 GB) (Free:0 GB) CDFS
Drive g: (HP_RECOVERY) (Fixed) (Total:19.74 GB) (Free:3.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 50318F85)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=443.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End Of Log ============================
--- --- ---
********GMER***********
GMER Logfile:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-20 20:53:03
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HGST_HTS rev.GH2O 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Susi\AppData\Local\Temp\pwliypod.sys


---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c84dcd7bd0d
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c84dcd7bd0d (not active ControlSet)

---- EOF - GMER 2.1 ----
--- --- ---

M-K-D-B 20.03.2015 21:43
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Danke für deine Mitarbeit!




Zukünftig bitte beachten:
Zitat:
Running from C:\Users\Susi\Downloads
Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Tapoka 21.03.2015 06:04
Danke, Matthias!
Combofix.txt:
Code:
ComboFix 15-03-14.03 - Susi 21.03.2015  0:38.3.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.43.1031.18.3976.2418 [GMT 1:00]
ausgeführt von:: c:\users\Susi\Desktop\ComboFix.exe
AV: Kaspersky Total Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Total Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Total Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-02-20 bis 2015-03-20  ))))))))))))))))))))))))))))))
.
.
2015-03-20 23:50 . 2015-03-20 23:50        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-03-20 23:35 . 2015-03-20 23:35        --------        d-----w-        c:\programdata\HPQLOG
2015-03-20 19:35 . 2015-03-20 19:37        --------        d-----w-        C:\FRST
2015-03-20 18:57 . 2015-03-20 22:42        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{5870A188-8CD6-4D39-B89D-DD61E641518B}\offreg.dll
2015-03-20 15:40 . 2015-03-20 15:40        --------        d-----w-        c:\programdata\Malwarebytes
2015-03-20 15:40 . 2015-03-20 19:46        --------        d-----w-        c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-03-20 15:40 . 2015-03-20 18:55        136408        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-20 15:39 . 2015-03-20 20:06        107736        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2015-03-20 15:10 . 2015-02-03 03:30        1202176        ----a-w-        c:\windows\system32\drmv2clt.dll
2015-03-20 15:08 . 2015-02-03 03:31        215552        ----a-w-        c:\windows\system32\ubpm.dll
2015-03-20 15:07 . 2015-01-17 02:48        1067520        ----a-w-        c:\windows\system32\msctf.dll
2015-03-20 15:07 . 2015-01-17 02:30        828928        ----a-w-        c:\windows\SysWow64\msctf.dll
2015-03-20 15:07 . 2015-02-03 03:31        1424896        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2015-03-20 15:07 . 2015-02-03 03:12        1230848        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2015-03-20 15:06 . 2015-02-26 03:25        3204096        ----a-w-        c:\windows\system32\win32k.sys
2015-03-20 15:05 . 2015-02-04 03:16        465920        ----a-w-        c:\windows\system32\WMPhoto.dll
2015-03-20 15:05 . 2015-02-04 02:54        417792        ----a-w-        c:\windows\SysWow64\WMPhoto.dll
2015-03-20 14:57 . 2015-01-29 09:07        11910896        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{5870A188-8CD6-4D39-B89D-DD61E641518B}\mpengine.dll
2015-03-07 10:02 . 2015-03-07 10:02        --------        d-----w-        c:\programdata\7ea562880000266e
2015-02-25 18:52 . 2015-01-09 03:14        91136        ----a-w-        c:\windows\system32\wdi.dll
2015-02-25 18:52 . 2015-01-09 03:14        950272        ----a-w-        c:\windows\system32\perftrack.dll
2015-02-25 18:52 . 2015-01-09 03:14        29696        ----a-w-        c:\windows\system32\powertracker.dll
2015-02-25 18:52 . 2015-01-09 02:48        76800        ----a-w-        c:\windows\SysWow64\wdi.dll
2015-02-24 21:10 . 2015-02-24 21:10        --------        d-----w-        c:\program files\iTunes
2015-02-24 21:10 . 2015-02-24 21:10        --------        d-----w-        c:\program files\iPod
2015-02-24 21:10 . 2015-02-24 21:10        --------        d-----w-        c:\program files (x86)\iTunes
2015-02-24 21:10 . 2015-02-24 21:10        --------        d-----w-        c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-24 20:58 . 2015-02-24 20:58        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2015-02-24 20:58 . 2015-02-24 20:58        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2015-02-24 20:58 . 2015-02-24 20:58        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2015-02-24 20:58 . 2015-02-24 20:58        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2015-02-24 20:58 . 2015-02-24 20:58        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2015-02-24 20:58 . 2015-02-24 20:58        --------        d-----w-        c:\program files (x86)\QuickTime
2015-02-21 05:10 . 2015-02-21 05:10        --------        d-----w-        c:\program files (x86)\Common Files\Java
2015-02-21 05:10 . 2015-02-21 05:09        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-02-21 05:09 . 2015-02-21 05:11        --------        d-----w-        c:\programdata\Oracle
2015-02-21 05:09 . 2015-02-21 05:09        --------        d-----w-        c:\program files (x86)\Java
2015-02-20 19:31 . 2015-02-20 19:31        --------        d-----w-        c:\program files\Microsoft Silverlight
2015-02-20 19:31 . 2015-02-20 19:31        --------        d-----w-        c:\program files (x86)\Microsoft Silverlight
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-18 17:59 . 2014-08-20 17:04        819896        ----a-w-        c:\windows\system32\drivers\klif.sys
2015-02-24 03:17 . 2010-11-21 03:27        295552        ------w-        c:\windows\system32\MpSigStub.exe
2015-02-17 15:04 . 2015-02-17 15:04        1202848        ----a-w-        c:\windows\SysWow64\FM20.DLL
2015-02-05 16:07 . 2013-04-13 23:38        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 16:07 . 2013-04-13 23:38        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-04 03:16 . 2015-02-11 16:42        609280        ----a-w-        c:\windows\system32\generaltel.dll
2015-02-04 03:16 . 2015-02-11 16:42        762368        ----a-w-        c:\windows\system32\invagent.dll
2015-02-04 03:16 . 2015-02-11 16:42        414720        ----a-w-        c:\windows\system32\devinv.dll
2015-02-04 03:16 . 2015-02-11 16:42        894976        ----a-w-        c:\windows\system32\appraiser.dll
2015-02-04 03:16 . 2015-02-11 16:42        227328        ----a-w-        c:\windows\system32\aepdu.dll
2015-02-04 03:16 . 2015-02-11 16:42        192000        ----a-w-        c:\windows\system32\aepic.dll
2015-02-04 03:13 . 2015-02-11 16:42        1098752        ----a-w-        c:\windows\system32\aeinv.dll
2015-01-27 23:36 . 2015-02-11 16:42        1239720        ----a-w-        c:\windows\system32\aitstatic.exe
2015-01-03 15:15 . 2014-08-13 18:34        77512        ----a-w-        c:\windows\system32\drivers\klwtp.sys
2015-01-03 15:15 . 2014-08-18 13:43        150536        ----a-w-        c:\windows\system32\drivers\klflt.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{014F27E2-6D75-4E42-A0E9-2A2C68498AFA}"
[HKEY_CLASSES_ROOT\CLSID\{014F27E2-6D75-4E42-A0E9-2A2C68498AFA}]
2015-01-03 15:15        552232        ----a-w-        c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-11-21 43816]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-10-12 2068856]
"Power2GoExpress8"="c:\program files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe" [2013-08-07 1713416]
"Amazon Music"="c:\users\Susi\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-06-04 3162944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-08-31 56128]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-08-29 292088]
"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2012-10-24 139792]
"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2012-10-24 168464]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-07-13 93296]
"DsMgr"="c:\program files (x86)\Hewlett-Packard\HP GPS and Location\dsMgr.exe" [2012-04-02 183168]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2012-08-07 12313720]
"IFXSPMGT"="c:\program files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2012-01-26 1127800]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-02-13 60712]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2011-10-12 2068856]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" [2010-10-27 328992]
"CLMLServer_For_P2G8"="c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [2013-08-05 111576]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2013-08-07 490760]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2014-02-10 336672]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2013-07-18 683656]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2014-04-09 185144]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2014-11-12 193568]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-12-17 508800]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
.
c:\users\Susi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Susi\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-3-4 42560368]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2014-6-17 1109344]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2014-3-6 1396440]
Launcher.lnk - c:\program files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe [2014-9-2 510920]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2012-11-19 17:12        75648        ----a-w-        c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          DPPassFilter scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 {55318141-dabf-4786-b4b2-f50790587c26}Gw64;{55318141-dabf-4786-b4b2-f50790587c26}Gw64;c:\windows\system32\drivers\{55318141-dabf-4786-b4b2-f50790587c26}Gw64.sys;c:\windows\SYSNATIVE\drivers\{55318141-dabf-4786-b4b2-f50790587c26}Gw64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Update ace race;Update ace race;c:\program files (x86)\ace race\updateacerace.exe;c:\program files (x86)\ace race\updateacerace.exe [x]
R3 AVP15.0.1;Kaspersky Anti-Virus Service 15.0.1;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R4 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK);c:\windows\system32\DRIVERS\cm_km_w.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km_w.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 MfeEpeOpal;MfeEpeOpal; [x]
S0 MfeEpePc;MfeEpePc; [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 Klwtp;Klwtp;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys;c:\windows\SYSNATIVE\drivers\psd.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 ALDITALKVerbindungsassistent_Service;ALDITALKVerbindungsassistent_Service;c:\program files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe;c:\program files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode [x]
S3 clwvd;CyberLink Webcam Sharing Manager;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
S3 h36wgps;HP  Mobile Broadband Module NMEA;c:\windows\system32\DRIVERS\h36wgps64.sys;c:\windows\SYSNATIVE\DRIVERS\h36wgps64.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys;c:\windows\SYSNATIVE\DRIVERS\johci.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 Mbm3CBus;HP hs2350 HSPA+ Mobile Broadband Module USB Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3CBus.sys [x]
S3 Mbm3DevMt;HP  Mobile Broadband Module Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3DevMt.sys [x]
S3 Mbm3mdfl;HP  Mobile Broadband Module Modem Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3mdfl.sys [x]
S3 Mbm3Mdm;HP  Mobile Broadband Module Modem Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3Mdm.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys;c:\windows\SYSNATIVE\Drivers\SPUVCbv_x64.sys [x]
S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys;c:\windows\SYSNATIVE\DRIVERS\WwanUsbMp64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-13 16:07]
.
2015-03-18 c:\windows\Tasks\HPCeeScheduleForSusi.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        185824        ----a-w-        c:\users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        185824        ----a-w-        c:\users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        185824        ----a-w-        c:\users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        185824        ----a-w-        c:\users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        185824        ----a-w-        c:\users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        185824        ----a-w-        c:\users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        185824        ----a-w-        c:\users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        185824        ----a-w-        c:\users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{014F27E2-6D75-4E42-A0E9-2A2C68498AFA}"
[HKEY_CLASSES_ROOT\CLSID\{014F27E2-6D75-4E42-A0E9-2A2C68498AFA}]
2015-01-03 15:15        726312        ----a-w-        c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2012-03-14 15232]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11\WLTRAY.exe" [2014-08-29 8641536]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-08-31 1425408]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.orf.at/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Auswahl speichern - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Bild ausschneiden - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Diese Seite ausschneiden - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Neue Notiz - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: URL notieren - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: {{09A10376-994C-4BBF-9121-F50CF7BA237E} - {F2A56BFE-7911-451A-BC74-A9C3C2E95126} - c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll
TCP: Interfaces\{FB101878-B1CF-44C2-8241-D38CB969618F}: DhcpNameServer = 192.168.0.254
TCP: Interfaces\{FB101878-B1CF-44C2-8241-D38CB969618F}\2616562756E6C696E6B6: DhcpNameServer = 168.95.1.1
FF - ProfilePath - c:\users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\4t8mgvp3.default\
FF - user.js: extensions.srchvstrn.hmpg - true
FF - user.js: extensions.srchvstrn.hmpgUrl - hxxp://Vosteran.com/?f=1&a=vst_coinis_15_01_ie&cd=2XzuyEtN2Y1L1Qzu0DyE0Czy0E0FyDtA0E0ByCzz0F0B0D0BtN0D0Tzu0StCtDzyyBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0AtDyCyCtC0AyCtGtC0ByD0BtG0E0DtB0BtG0E0F0FyDtGyCzyzztDyD0B0C0BtDtByByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzytA0A0CyEzztDtGyEzyyBtAtGyEyByC0EtG0BtA0EzztGzytCtC0AtCyCyDtBtAtDyC0A2Q&cr=2102174447&ir=
FF - user.js: extensions.srchvstrn.dfltSrch - true
FF - user.js: extensions.srchvstrn.srchPrvdr - Vosteran
FF - user.js: extensions.srchvstrn.dnsErr - true
FF - user.js: extensions.srchvstrn_i.newTab - true
FF - user.js: extensions.srchvstrn.newTabUrl - hxxp://Vosteran.com/?f=2&a=vst_coinis_15_01_ie&cd=2XzuyEtN2Y1L1Qzu0DyE0Czy0E0FyDtA0E0ByCzz0F0B0D0BtN0D0Tzu0StCtDzyyBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0AtDyCyCtC0AyCtGtC0ByD0BtG0E0DtB0BtG0E0F0FyDtGyCzyzztDyD0B0C0BtDtByByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzytA0A0CyEzztDtGyEzyyBtAtGyEyByC0EtG0BtA0EzztGzytCtC0AtCyCyDtBtAtDyC0A2Q&cr=2102174447&ir=
FF - user.js: extensions.srchvstrn.tlbrSrchUrl - hxxp://Vosteran.com/?f=3&a=vst_coinis_15_01_ie&cd=2XzuyEtN2Y1L1Qzu0DyE0Czy0E0FyDtA0E0ByCzz0F0B0D0BtN0D0Tzu0StCtDzyyBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0AtDyCyCtC0AyCtGtC0ByD0BtG0E0DtB0BtG0E0F0FyDtGyCzyzztDyD0B0C0BtDtByByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzytA0A0CyEzztDtGyEzyyBtAtGyEyByC0EtG0BtA0EzztGzytCtC0AtCyCyDtBtAtDyC0A2Q&cr=2102174447&ir=&q=
FF - user.js: extensions.srchvstrn.id - D4C9EF53EB68FBDB
FF - user.js: extensions.srchvstrn.instlDay - 16438
FF - user.js: extensions.srchvstrn.vrsn -
FF - user.js: extensions.srchvstrn.vrsni -
FF - user.js: extensions.srchvstrn_i.vrsnTs - 8:53
FF - user.js: extensions.srchvstrn.prtnrId - WSE_Vosteran
FF - user.js: extensions.srchvstrn.prdct - srchvstrn
FF - user.js: extensions.srchvstrn.aflt - vst_coinis_15_01_ie
FF - user.js: extensions.srchvstrn_i.smplGrp - none
FF - user.js: extensions.srchvstrn.tlbrId -
FF - user.js: extensions.srchvstrn.instlRef - 142905_b
FF - user.js: extensions.srchvstrn.dfltLng -
FF - user.js: extensions.srchvstrn.appId - {4CB3598A-82E8-4D1F-983F-061238AE696E}
FF - user.js: extensions.srchvstrn.excTlbr - false
FF - user.js: extensions.srchvstrn.cr - 2102174447
FF - user.js: extensions.srchvstrn.cd - 2XzuyEtN2Y1L1Qzu0DyE0Czy0E0FyDtA0E0ByCzz0F0B0D0BtN0D0Tzu0StCtDzyyBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0AtDyCyCtC0AyCtGtC0ByD0BtG0E0DtB0BtG0E0F0FyDtGyCzyzztDyD0B0C0BtDtByByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzytA0A0CyEzztDtGyEzyyBtAtGyEyByC0EtG0BtA0EzztGzytCtC0AtCyCyDtBtAtDyC0A2Q
FF - user.js: extensions.srchvstrn.AL - 2
FF - user.js: plugin.state.npcontentblocker - 2
FF - user.js: plugin.state.nponlinebanking - 2
FF - user.js: plugin.state.npvkplugin - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{066ff30c-e431-4c70-9998-c94b7b431752} - c:\program files (x86)\TicTaCouepon\AA1SHzgYYdKN1L.dll
Wow6432Node-HKCU-Run-com.apple.dav.bookmarks.daemon - c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{438363A8-F486-4C37-834C-4955773CB3D3} - msiexec
BHO-{066ff30c-e431-4c70-9998-c94b7b431752} - c:\program files (x86)\TicTaCouepon\AA1SHzgYYdKN1L.x64.dll
HKLM-Run-MfeEpePcMonitor - c:\program files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-03-21  01:05:26
ComboFix-quarantined-files.txt  2015-03-21 00:05
.
Vor Suchlauf: 21 Verzeichnis(se), 357.137.231.872 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 356.390.162.432 Bytes frei
.
- - End Of File - - 84C448156A8B0D86F4D70AE9CDA9A124

M-K-D-B 21.03.2015 13:04
Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von JRT,
  • die beiden neuen Logdateien von FRST.

Tapoka 21.03.2015 20:04
Hallo Matthias, ich hoffe ich habs richtig gemacht:

Code:
# AdwCleaner v4.112 - Bericht erstellt 21/03/2015 um 18:57:48
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-05.1 [Lokal]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Susi - SUSI_LAPTOP
# Gestarted von : C:\Users\Susi\Desktop\AdwCleaner_4.112.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : Update ace race
[#] Dienst Gelöscht : {55318141-dabf-4786-b4b2-f50790587c26}Gw64

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\dealpeak
Ordner Gelöscht : C:\ProgramData\ChampionDeals
Ordner Gelöscht : C:\ProgramData\DiscountLeOecator
Ordner Gelöscht : C:\ProgramData\3511ea3e0000251b
Ordner Gelöscht : C:\ProgramData\7ea562880000266e
Ordner Gelöscht : C:\ProgramData\bbf6628ec914cb37
Ordner Gelöscht : C:\ProgramData\d8af5aa600003d9e
Ordner Gelöscht : C:\Program Files (x86)\ace race
Ordner Gelöscht : C:\Users\Susi\AppData\Roaming\Tuneup Pro
Ordner Gelöscht : C:\Users\Susi\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\4t8mgvp3.default\Extensions\Kt55@cf7.com
Ordner Gelöscht : C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\4t8mgvp3.default\Extensions\m4Pi@aZru.net
Ordner Gelöscht : C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\4t8mgvp3.default\Extensions\Z4@g3HPP.net
Datei Gelöscht : C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\4t8mgvp3.default\user.js

***** [ Geplante Tasks ] *****

Task Gelöscht : LaunchSignup

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P065d0754_2287_430e_8968_bdbcbd5cb899_.P065d0754_2287_430e_8968_bdbcbd5cb899_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P065d0754_2287_430e_8968_bdbcbd5cb899_.P065d0754_2287_430e_8968_bdbcbd5cb899_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P066ff30c_e431_4c70_9998_c94b7b431752_.P066ff30c_e431_4c70_9998_c94b7b431752_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P066ff30c_e431_4c70_9998_c94b7b431752_.P066ff30c_e431_4c70_9998_c94b7b431752_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Pfdcb91a6_c5d2_4fec_8208_25cb012f2deb_.Pfdcb91a6_c5d2_4fec_8208_25cb012f2deb_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Pfdcb91a6_c5d2_4fec_8208_25cb012f2deb_.Pfdcb91a6_c5d2_4fec_8208_25cb012f2deb_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{065d0754-2287-430e-8968-bdbcbd5cb899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{066ff30c-e431-4c70-9998-c94b7b431752}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{fdcb91a6-c5d2-4fec-8208-25cb012f2deb}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{066ff30c-e431-4c70-9998-c94b7b431752}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{065d0754-2287-430e-8968-bdbcbd5cb899}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{066ff30c-e431-4c70-9998-c94b7b431752}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{fdcb91a6-c5d2-4fec-8208-25cb012f2deb}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{065d0754-2287-430e-8968-bdbcbd5cb899}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{066ff30c-e431-4c70-9998-c94b7b431752}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{fdcb91a6-c5d2-4fec-8208-25cb012f2deb}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{065d0754-2287-430e-8968-bdbcbd5cb899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{066ff30c-e431-4c70-9998-c94b7b431752}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{fdcb91a6-c5d2-4fec-8208-25cb012f2deb}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{065d0754-2287-430e-8968-bdbcbd5cb899}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{fdcb91a6-c5d2-4fec-8208-25cb012f2deb}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\CoinisRS
Schlüssel Gelöscht : HKCU\Software\Vosteran Browser
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Tuneup Pro
Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v35.0.1 (x86 de)

[4t8mgvp3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.N5FvW3Hr8ctiy55M.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"rjrEqHsGrTs4rdCHqTU6qdn7qY\")>-1url.indexOf(\"acebook\")>-1[...]
[4t8mgvp3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.YH2doL1Xm6QIYCxU.url", "hxxp://jpiserver.info/sync2/?q=hfZ9ofDLDGhEAen0rihTB6lKDzt4okxktNtVh7n0rjkErjsHrdk8qjnHtMFHhd9FqjaFrTkFqjr5rTYMDMlGojUMAe4UojrErdU4pdYGpjs6pdCErdYHqHwMC6q[...]
[4t8mgvp3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_coinis_15_01_ie&cd=2XzuyEtN2Y1L1Qzu0DyE0Czy0E0FyDtA0E0ByCzz0F0B0D0BtN0D0Tzu0StCtDzyyBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzyt[...]
[4t8mgvp3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_coinis_15_01_ie&cd=2XzuyEtN2Y1L1Qzu0DyE0Czy0E0FyDtA0E0ByCzz0F0B0D0BtN0D0Tzu0StCtDzyyBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBz[...]
[4t8mgvp3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
[4t8mgvp3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
[4t8mgvp3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_coinis_15_01_ie&cd=2XzuyEtN2Y1L1Qzu0DyE0Czy0E0FyDtA0E0ByCzz0F0B0D0BtN0D0Tzu0StCtDzyyBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEt[...]

*************************

AdwCleaner[R0].txt - [8291 Bytes] - [21/03/2015 18:56:18]
AdwCleaner[S0].txt - [7873 Bytes] - [21/03/2015 18:57:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7932  Bytes] ##########
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 21.03.2015
Suchlauf-Zeit: 19:08:03
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.03.21.05
Rootkit Datenbank: v2015.02.25.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Susi

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 417119
Verstrichene Zeit: 11 Min, 14 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 1
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, In Quarantäne, [ae7b3c0c236716202282f64c49bc9967]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows 7 Professional x64
Ran by Susi on 21.03.2015 at 19:43:41,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\isuspm
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\isuspm



~~~ Registry Keys



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\flexnet"
Successfully deleted: [Folder] "C:\Users\Susi\AppData\Roaming\flexnet"



~~~ FireFox

Successfully deleted the following from C:\Users\Susi\AppData\Roaming\mozilla\firefox\profiles\4t8mgvp3.default\prefs.js

user_pref("extensions.CHQ2g0XBF1vY7nbx.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"rjrEqHsGrTs4rdCHqTU6qdn7qY\")>-1||ur
user_pref("extensions.YH2doL1Xm6QIYCxU.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"rjrEqHsGrTs4rdCHqTU6qdn7qY\")>-1||ur
Emptied folder: C:\Users\Susi\AppData\Roaming\mozilla\firefox\profiles\4t8mgvp3.default\minidumps [13 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.03.2015 at 19:46:48,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Susi (administrator) on SUSI_LAPTOP on 21-03-2015 19:52:24
Running from C:\Users\Susi\Downloads
Loaded Profiles: Susi (Available profiles: Susi)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
(Ericsson AB) C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
() C:\Users\Susi\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Susi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avpui.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [8641536 2014-08-29] (Broadcom Corporation)
HKLM\...\Run: [MfeEpePcMonitor] => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-08-31] (IDT, Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816240 2014-10-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2013-08-31] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2014-08-29] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Mirage] => c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [139792 2012-10-25] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [168464 2012-10-25] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [DsMgr] => C:\Program Files (x86)\Hewlett-Packard\HP GPS and Location\dsMgr.exe [183168 2012-04-02] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12313720 2012-08-07] (Hewlett-Packard)
HKLM-x32\...\Run: [IFXSPMGT] => c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1127800 2012-01-27] (Infineon Technologies AG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-07] (CyberLink Corp.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-02-10] (Hewlett-Packard Company)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-07-18] (PDF Complete Inc)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2014-04-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-12] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1713416 2013-08-07] (CyberLink Corp.)
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\Run: [Amazon Music] => C:\Users\Susi\AppData\Local\Amazon Music\Amazon Music Helper.exe [3162944 2014-06-04] ()
Lsa: [Notification Packages] DPPassFilter scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Susi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Susi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Susi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\shellex.dll (Kaspersky Lab ZAO)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.orf.at/
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
Toolbar: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.254

FireFox:
========
FF ProfilePath: C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\4t8mgvp3.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-28] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-28] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-21] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-03] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-03] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-03] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll [2013-02-11] (Nuance Communications Inc.)
FF Plugin HKU\.DEFAULT: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll [2012-07-20] (Digital Persona, Inc.)
FF Plugin HKU\S-1-5-21-3640161593-1920862833-3677333132-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Susi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Extension: Evernote Web Clipper - C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\4t8mgvp3.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-07-20]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-08-31]
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-02-11]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-02-06]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-03]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-03]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-03]
FF HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-02-11]
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\dpchrome.crx [2012-07-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [342984 2011-09-13] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R3 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [494456 2012-07-20] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-11-19] (Hewlett-Packard Company)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-02-10] (Hewlett-Packard Company)
R2 IFXSpMgtSrv; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1127800 2012-01-27] (Infineon Technologies AG)
R2 IFXTCS; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [984440 2012-01-27] (Infineon Technologies AG)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-12-05] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-10-28] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-10-28] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2013-03-27] () [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-07-18] (PDF Complete Inc)
R2 PersonalSecureDriveService; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [212344 2012-01-27] (Infineon Technologies AG)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5894144 2014-08-29] (Broadcom Corporation) [File not signed]
R2 WMCoreService; C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [689560 2012-10-18] (Ericsson AB)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2014-10-24] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-02] (Broadcom Corporation.)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-26] (CyberLink)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [138752 2014-08-28] (Huawei Technologies Co., Ltd.)
S3 ewusbnet; C:\Windows\SysWOW64\DRIVERS\ewusbnet.sys [138752 2014-09-02] (Huawei Technologies Co., Ltd.)
S3 ew_hwusbdev; C:\Windows\SysWOW64\DRIVERS\ew_hwusbdev.sys [117248 2014-09-02] (Huawei Technologies Co., Ltd.)
R3 h36wgps; C:\Windows\System32\DRIVERS\h36wgps64.sys [103184 2012-03-02] (Ericsson AB)
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [121600 2014-09-02] (Huawei Technologies Co., Ltd.)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-07-16] (JMicron Technology Corp.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-01-03] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-01-03] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [443648 2013-04-22] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [455936 2013-04-22] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [22272 2013-04-22] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [508160 2013-04-22] (MCCI Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [91432 2013-03-27] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158760 2013-03-27] (McAfee, Inc.)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2010-01-26] (Infineon Technologies AG)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2012-09-23] (Sunplus)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [284912 2013-11-25] (Ericsson AB)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-21 19:50 - 2015-03-21 19:50 - 00066566 _____ () C:\Users\Susi\Desktop\FRST.txt
2015-03-21 19:46 - 2015-03-21 19:48 - 00001587 _____ () C:\Users\Susi\Desktop\JRT.txt
2015-03-21 19:42 - 2015-03-21 19:43 - 01388672 _____ (Thisisu) C:\Users\Susi\Desktop\JRT.exe
2015-03-21 19:07 - 2015-03-21 19:07 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-21 19:07 - 2015-03-21 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-21 19:07 - 2015-03-21 19:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-21 19:07 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-03-21 19:07 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-03-21 19:04 - 2015-03-21 19:04 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Susi\Downloads\mbam-setup-2.1.4.1018.exe
2015-03-21 18:56 - 2015-03-21 18:57 - 00000000 ____D () C:\AdwCleaner
2015-03-21 18:50 - 2015-03-21 18:51 - 02171392 _____ () C:\Users\Susi\Desktop\AdwCleaner_4.112.exe
2015-03-21 05:56 - 2015-03-21 05:56 - 00039908 _____ () C:\Users\Susi\Desktop\ComboFix.txt
2015-03-21 01:05 - 2015-03-21 01:05 - 00039908 _____ () C:\ComboFix.txt
2015-03-21 00:35 - 2015-03-21 00:35 - 00000000 ____D () C:\ProgramData\HPQLOG
2015-03-20 23:38 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-03-20 23:38 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-03-20 23:38 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-03-20 23:38 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-03-20 23:38 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-03-20 23:38 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-03-20 23:38 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-03-20 23:38 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-03-20 23:33 - 2015-03-21 01:06 - 00000000 ____D () C:\Qoobox
2015-03-20 23:32 - 2015-03-21 00:13 - 00000000 ____D () C:\windows\erdnt
2015-03-20 23:28 - 2015-03-20 23:31 - 05615380 ____R (Swearware) C:\Users\Susi\Desktop\ComboFix.exe
2015-03-20 20:53 - 2015-03-20 20:53 - 00000545 _____ () C:\Users\Susi\Documents\GMER20_03_15.log
2015-03-20 20:39 - 2015-03-20 20:39 - 00000679 _____ () C:\Users\Susi\Documents\Susi - Verknüpfung.lnk
2015-03-20 20:38 - 2015-03-20 20:38 - 00380416 _____ () C:\Users\Susi\Downloads\Gmer-19357.exe
2015-03-20 20:36 - 2015-03-20 20:37 - 00039288 _____ () C:\Users\Susi\Downloads\Addition.txt
2015-03-20 20:35 - 2015-03-21 19:52 - 00031439 _____ () C:\Users\Susi\Downloads\FRST.txt
2015-03-20 20:35 - 2015-03-21 19:52 - 00000000 ____D () C:\FRST
2015-03-20 20:35 - 2015-03-20 20:35 - 02095616 _____ (Farbar) C:\Users\Susi\Downloads\FRST64.exe
2015-03-20 20:33 - 2015-03-20 20:33 - 00050477 _____ () C:\Users\Susi\Downloads\Defogger.exe
2015-03-20 20:33 - 2015-03-20 20:33 - 00000470 _____ () C:\Users\Susi\Desktop\defogger_disable.log
2015-03-20 20:33 - 2015-03-20 20:33 - 00000000 _____ () C:\Users\Susi\defogger_reenable
2015-03-20 19:49 - 2015-03-20 19:49 - 00007605 _____ () C:\Users\Susi\AppData\Local\Resmon.ResmonCfg
2015-03-20 16:40 - 2015-03-21 19:07 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-20 16:40 - 2015-03-21 19:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-20 16:40 - 2015-03-20 20:46 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-20 16:39 - 2015-03-20 20:28 - 00000000 ____D () C:\Users\Susi\Desktop\mbar
2015-03-20 16:39 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-03-20 16:38 - 2015-03-20 16:39 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Susi\Downloads\mbar-1.09.1.1004.exe
2015-03-20 16:11 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-03-20 16:11 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-03-20 16:11 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-20 16:11 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-03-20 16:11 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-03-20 16:11 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-03-20 16:11 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-03-20 16:11 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-20 16:11 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-03-20 16:11 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-20 16:11 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-20 16:11 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-20 16:11 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-20 16:11 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-03-20 16:11 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-03-20 16:11 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-03-20 16:11 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-03-20 16:11 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-20 16:11 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-03-20 16:11 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-03-20 16:11 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-03-20 16:11 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-03-20 16:11 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-20 16:11 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-03-20 16:11 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-20 16:11 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-03-20 16:11 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-03-20 16:11 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-03-20 16:11 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-03-20 16:11 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-03-20 16:11 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-03-20 16:11 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-03-20 16:11 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-20 16:11 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-03-20 16:11 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-03-20 16:11 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-20 16:11 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-20 16:11 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-03-20 16:11 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-03-20 16:11 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-03-20 16:11 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-03-20 16:11 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-03-20 16:11 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-20 16:11 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-03-20 16:11 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-03-20 16:11 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-03-20 16:11 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-03-20 16:11 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-03-20 16:11 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-03-20 16:11 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-20 16:11 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-03-20 16:11 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-03-20 16:11 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-20 16:11 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-20 16:11 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-20 16:11 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-03-20 16:11 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-03-20 16:11 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-20 16:11 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-03-20 16:11 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-03-20 16:11 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-03-20 16:11 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-20 16:11 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-03-20 16:11 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-03-20 16:11 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-03-20 16:11 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-03-20 16:10 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-20 16:10 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-03-20 16:10 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-03-20 16:10 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-03-20 16:10 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-03-20 16:10 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-03-20 16:10 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-03-20 16:10 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-03-20 16:10 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-03-20 16:10 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-03-20 16:10 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-03-20 16:10 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-03-20 16:10 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-03-20 16:10 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-03-20 16:10 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-03-20 16:10 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-03-20 16:10 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-03-20 16:10 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-03-20 16:10 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-03-20 16:10 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-03-20 16:10 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-03-20 16:10 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-03-20 16:10 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-03-20 16:10 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-03-20 16:10 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-03-20 16:10 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-03-20 16:10 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-03-20 16:10 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-03-20 16:10 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-03-20 16:10 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-20 16:10 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-03-20 16:10 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-03-20 16:08 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-20 16:08 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-03-20 16:08 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-03-20 16:08 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-03-20 16:08 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-20 16:08 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-03-20 16:08 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-03-20 16:08 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-03-20 16:08 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-03-20 16:08 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-03-20 16:08 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-03-20 16:08 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-03-20 16:08 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-03-20 16:08 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-03-20 16:08 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-03-20 16:08 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-03-20 16:08 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-03-20 16:08 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-03-20 16:08 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-03-20 16:08 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-03-20 16:08 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-03-20 16:08 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-03-20 16:08 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-03-20 16:08 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-03-20 16:08 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-03-20 16:08 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-03-20 16:08 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-03-20 16:08 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-03-20 16:08 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-03-20 16:08 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-03-20 16:08 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-03-20 16:08 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-03-20 16:08 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-20 16:08 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-20 16:08 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2015-03-20 16:08 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-20 16:07 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-20 16:07 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-03-20 16:07 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-20 16:07 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-03-20 16:06 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-20 16:05 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-20 16:05 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-02-25 19:52 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-25 19:52 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-25 19:52 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-25 19:52 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-02-24 22:11 - 2015-01-09 00:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-02-24 22:11 - 2015-01-09 00:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-24 22:10 - 2015-02-24 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-24 22:10 - 2015-02-24 22:10 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-24 22:10 - 2015-02-24 22:10 - 00000000 ____D () C:\Program Files\iTunes
2015-02-24 22:10 - 2015-02-24 22:10 - 00000000 ____D () C:\Program Files\iPod
2015-02-24 22:10 - 2015-02-24 22:10 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-24 22:00 - 2015-02-24 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-02-24 21:58 - 2015-02-24 21:58 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-02-24 21:58 - 2015-02-24 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-02-24 21:58 - 2015-02-24 21:58 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-02-21 06:23 - 2015-02-21 06:23 - 00001130 _____ () C:\Users\Susi\Desktop\arriba.lnk
2015-02-21 06:10 - 2015-02-21 06:10 - 00000000 ____D () C:\ProgramData\Sun
2015-02-21 06:10 - 2015-02-21 06:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-21 06:10 - 2015-02-21 06:09 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-21 06:09 - 2015-02-21 06:11 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-21 06:09 - 2015-02-21 06:09 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-21 06:00 - 2015-02-21 06:01 - 11353082 _____ (GPZK Gesellschaft für Patientenzentrierte Kommunikation mbH) C:\Users\Susi\Downloads\arriba.exe
2015-02-20 20:31 - 2015-02-20 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-20 20:31 - 2015-02-20 20:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-02-20 20:31 - 2015-02-20 20:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-21 19:50 - 2014-08-27 16:36 - 00000439 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2015-03-21 19:50 - 2013-08-03 17:29 - 01463475 _____ () C:\windows\WindowsUpdate.log
2015-03-21 19:42 - 2009-07-14 05:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-21 19:42 - 2009-07-14 05:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-21 19:40 - 2015-01-03 16:09 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-21 19:07 - 2014-05-18 14:45 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-21 19:02 - 2013-08-29 08:16 - 00003938 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{C5309636-0E07-4CB6-B1B0-D0A190B7B579}
2015-03-21 19:01 - 2013-09-15 12:17 - 00000000 ___RD () C:\Users\Susi\Dropbox
2015-03-21 19:01 - 2013-09-15 12:15 - 00000000 ____D () C:\Users\Susi\AppData\Roaming\Dropbox
2015-03-21 18:59 - 2013-04-14 00:34 - 00000000 ____D () C:\ProgramData\PDFC
2015-03-21 18:59 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-21 18:59 - 2009-07-14 05:51 - 00117343 _____ () C:\windows\setupact.log
2015-03-21 18:42 - 2010-11-21 04:47 - 00190802 _____ () C:\windows\PFRO.log
2015-03-21 01:05 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-03-21 00:51 - 2009-07-14 03:34 - 00000245 _____ () C:\windows\system.ini
2015-03-21 00:36 - 2009-07-14 06:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2015-03-21 00:36 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-21 00:35 - 2009-07-14 05:45 - 00426416 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-21 00:33 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-03-21 00:33 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\Dism
2015-03-21 00:32 - 2013-08-29 14:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-20 20:33 - 2013-08-29 08:12 - 00000000 ____D () C:\Users\Susi
2015-03-20 19:40 - 2015-01-04 11:00 - 00032768 _____ () C:\windows\system32\persistent_q.db-shm
2015-03-20 19:40 - 2015-01-04 11:00 - 00028328 _____ () C:\windows\system32\persistent_q.db-wal
2015-03-20 19:40 - 2015-01-04 11:00 - 00005120 _____ () C:\windows\system32\persistent_q.db
2015-03-20 19:40 - 2013-08-03 18:23 - 00000000 ____D () C:\windows\Hewlett-Packard
2015-03-20 17:38 - 2013-08-31 18:23 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2015-03-18 20:05 - 2013-09-07 15:23 - 00003180 _____ () C:\windows\System32\Tasks\HPCeeScheduleForSusi
2015-03-18 20:05 - 2013-09-07 15:23 - 00000328 _____ () C:\windows\Tasks\HPCeeScheduleForSusi.job
2015-03-18 19:42 - 2013-09-03 09:44 - 00000000 ____D () C:\temp
2015-03-18 19:40 - 2011-07-29 00:51 - 00000000 ____D () C:\swsetup
2015-03-18 19:35 - 2014-07-12 06:43 - 00000573 _____ () C:\Users\Susi\Desktop\Fernwartung starten.lnk
2015-03-18 19:35 - 2013-09-03 09:44 - 00000605 _____ () C:\Users\Susi\Desktop\Indexdateien löschen.lnk
2015-03-18 19:23 - 2013-09-15 12:17 - 00001017 _____ () C:\Users\Susi\Desktop\Dropbox.lnk
2015-03-18 19:23 - 2013-09-15 12:15 - 00000000 ____D () C:\Users\Susi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-18 18:59 - 2014-08-20 18:04 - 00819896 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klif.sys
2015-03-18 18:55 - 2009-07-14 06:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2015-03-01 08:42 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\tracing
2015-02-26 20:03 - 2013-08-31 18:10 - 00000000 ____D () C:\Users\Susi\AppData\Roaming\Apple Computer
2015-02-24 22:10 - 2013-08-31 18:08 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-24 22:07 - 2013-09-03 08:47 - 00000000 ____D () C:\Daten
2015-02-24 21:21 - 2013-08-29 08:16 - 00000000 ____D () C:\Users\Susi\AppData\Local\PDFC
2015-02-24 04:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-02-22 18:47 - 2014-02-08 20:05 - 00000000 ____D () C:\Users\Susi\Documents\Diabetes
2015-02-21 06:40 - 2014-03-07 07:45 - 00077312 _____ () C:\Users\Susi\Desktop\1BE-KH_Schätzhilfe.xls

==================== Files in the root of some directories =======

2014-08-20 17:11 - 2014-08-20 18:30 - 0000636 _____ () C:\Users\Susi\AppData\Roaming\CMLS15.tst.txt
2013-11-09 14:10 - 2013-11-16 11:45 - 0001679 _____ () C:\Users\Susi\AppData\Roaming\SAS7_000.DAT
2015-01-03 10:31 - 2015-01-03 10:31 - 0000044 _____ () C:\Users\Susi\AppData\Roaming\WB.CFG
2015-03-20 19:49 - 2015-03-20 19:49 - 0007605 _____ () C:\Users\Susi\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Susi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr16krl.dll
C:\Users\Susi\AppData\Local\Temp\Quarantine.exe
C:\Users\Susi\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-26 23:44

==================== End Of Log ============================
--- --- ---


Code:
2012-01-17 15:57 - 2012-01-17 15:57 - 00298368 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2013-03-27 11:11 - 2013-03-27 11:11 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2011-10-12 10:03 - 2011-10-12 10:03 - 00213328 _____ () C:\windows\system32\PassThroughOTP.dll
2010-09-06 21:18 - 2010-09-06 21:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2013-03-27 10:26 - 2013-03-27 10:26 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2014-09-02 09:29 - 2011-09-13 09:16 - 00342984 ____N () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-27 10:28 - 2013-03-27 10:28 - 01327104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2014-06-15 17:32 - 2014-06-04 23:18 - 03162944 _____ () C:\Users\Susi\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-09-02 09:29 - 2011-09-13 09:16 - 00510920 ____N () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
2012-02-10 22:26 - 2012-02-10 22:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2014-03-19 07:00 - 2014-03-19 07:00 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2013-03-27 10:54 - 2013-03-27 10:54 - 02854912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2013-03-27 10:26 - 2013-03-27 10:26 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2013-03-27 10:52 - 2013-03-27 10:52 - 03035136 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2013-03-27 10:57 - 2013-03-27 10:57 - 02867200 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2013-03-27 10:55 - 2013-03-27 10:55 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2013-03-27 10:30 - 2013-03-27 10:30 - 02043904 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2013-03-27 10:31 - 2013-03-27 10:31 - 01949696 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2014-08-29 16:40 - 2011-07-13 09:10 - 00065576 ____R () C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-19 18:39 - 2013-08-07 04:16 - 00806664 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2014-02-19 18:39 - 2013-03-06 04:04 - 01353688 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\DEU\P2GRC.dll
2014-02-19 18:39 - 2013-08-07 04:16 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00750080 _____ () C:\Users\Susi\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-21 19:01 - 2015-03-21 19:01 - 00043008 _____ () c:\users\susi\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr16krl.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00047616 _____ () C:\Users\Susi\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00865280 _____ () C:\Users\Susi\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:07 - 2015-03-04 23:07 - 00200704 _____ () C:\Users\Susi\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-06-17 17:10 - 2014-06-17 17:10 - 00436576 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-06-17 17:10 - 2014-06-17 17:10 - 00318304 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2014-02-19 18:39 - 2013-08-05 08:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-10-17 08:07 - 2014-10-17 08:07 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\d8090ffb538a2803336e702091cd0bdd\IsdiInterop.ni.dll
2013-04-14 00:05 - 2013-08-31 20:31 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-08-03 17:57 - 2013-10-28 22:40 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-03-19 07:00 - 2014-03-19 07:00 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\kpcengine.2.3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\Users\Susi\Desktop\wie sorutzen.docx:com.dropbox.attributes
AlternateDataStreams: C:\Users\Susi\Desktop\~WRL3030.tmp:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Susi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3640161593-1920862833-3677333132-500 - Administrator - Disabled)
Gast (S-1-5-21-3640161593-1920862833-3677333132-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3640161593-1920862833-3677333132-1003 - Limited - Enabled)
Susi (S-1-5-21-3640161593-1920862833-3677333132-1001 - Administrator - Enabled) => C:\Users\Susi

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (03/21/2015 07:50:54 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.0.206192.168.137.0255.255.255.0

Error: (03/21/2015 07:50:51 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (03/21/2015 07:49:29 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.0.206192.168.137.0255.255.255.0

Error: (03/21/2015 07:49:04 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.0.206192.168.137.0255.255.255.0


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 56%
Total physical RAM: 3975.55 MB
Available physical RAM: 1739.7 MB
Total Pagefile: 7949.29 MB
Available Pagefile: 4719.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:443.73 GB) (Free:332.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:19.74 GB) (Free:3.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 50318F85)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=443.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End Of Log ============================
Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von JRT,
  • die beiden neuen Logdateien von FRST.
[/QUOTE]

M-K-D-B 22.03.2015 11:46
Servus,


FRST bitte nochmal ausführen, da die Logdateien unvollständig sind:
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.

Tapoka 22.03.2015 13:36
So, da sind die beiden:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Susi (administrator) on SUSI_LAPTOP on 22-03-2015 13:29:09
Running from C:\Users\Susi\Downloads
Loaded Profiles: Susi (Available profiles: Susi)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
(Ericsson AB) C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
() C:\Users\Susi\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Susi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avpui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [8641536 2014-08-29] (Broadcom Corporation)
HKLM\...\Run: [MfeEpePcMonitor] => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-08-31] (IDT, Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816240 2014-10-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2013-08-31] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2014-08-29] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Mirage] => c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [139792 2012-10-25] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [168464 2012-10-25] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [DsMgr] => C:\Program Files (x86)\Hewlett-Packard\HP GPS and Location\dsMgr.exe [183168 2012-04-02] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12313720 2012-08-07] (Hewlett-Packard)
HKLM-x32\...\Run: [IFXSPMGT] => c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1127800 2012-01-27] (Infineon Technologies AG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-07] (CyberLink Corp.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-02-10] (Hewlett-Packard Company)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-07-18] (PDF Complete Inc)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2014-04-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-12] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1713416 2013-08-07] (CyberLink Corp.)
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\Run: [Amazon Music] => C:\Users\Susi\AppData\Local\Amazon Music\Amazon Music Helper.exe [3162944 2014-06-04] ()
Lsa: [Notification Packages] DPPassFilter scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Susi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Susi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Susi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\shellex.dll (Kaspersky Lab ZAO)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.orf.at/
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
Toolbar: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.254

FireFox:
========
FF ProfilePath: C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\4t8mgvp3.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-28] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-28] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-21] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-03] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-03] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-03] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll [2013-02-11] (Nuance Communications Inc.)
FF Plugin HKU\.DEFAULT: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll [2012-07-20] (Digital Persona, Inc.)
FF Plugin HKU\S-1-5-21-3640161593-1920862833-3677333132-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Susi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Extension: Evernote Web Clipper - C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\4t8mgvp3.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-07-20]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-08-31]
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-02-11]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-02-06]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-03]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-03]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-03]
FF HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-02-11]
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\dpchrome.crx [2012-07-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [342984 2011-09-13] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [494456 2012-07-20] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-11-19] (Hewlett-Packard Company)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-02-10] (Hewlett-Packard Company)
R2 IFXSpMgtSrv; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1127800 2012-01-27] (Infineon Technologies AG)
R2 IFXTCS; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [984440 2012-01-27] (Infineon Technologies AG)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-12-05] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-10-28] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-10-28] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2013-03-27] () [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-07-18] (PDF Complete Inc)
R2 PersonalSecureDriveService; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [212344 2012-01-27] (Infineon Technologies AG)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5894144 2014-08-29] (Broadcom Corporation) [File not signed]
R2 WMCoreService; C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [689560 2012-10-18] (Ericsson AB)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2014-10-24] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-02] (Broadcom Corporation.)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-26] (CyberLink)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [138752 2014-08-28] (Huawei Technologies Co., Ltd.)
S3 ewusbnet; C:\Windows\SysWOW64\DRIVERS\ewusbnet.sys [138752 2014-09-02] (Huawei Technologies Co., Ltd.)
S3 ew_hwusbdev; C:\Windows\SysWOW64\DRIVERS\ew_hwusbdev.sys [117248 2014-09-02] (Huawei Technologies Co., Ltd.)
R3 h36wgps; C:\Windows\System32\DRIVERS\h36wgps64.sys [103184 2012-03-02] (Ericsson AB)
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [121600 2014-09-02] (Huawei Technologies Co., Ltd.)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-07-16] (JMicron Technology Corp.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-01-03] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-01-03] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [443648 2013-04-22] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [455936 2013-04-22] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [22272 2013-04-22] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [508160 2013-04-22] (MCCI Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [91432 2013-03-27] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158760 2013-03-27] (McAfee, Inc.)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2010-01-26] (Infineon Technologies AG)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2012-09-23] (Sunplus)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [284912 2013-11-25] (Ericsson AB)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-21 20:02 - 2015-03-21 20:02 - 00001373 _____ () C:\Users\Susi\Desktop\mbam.txt
2015-03-21 19:46 - 2015-03-21 19:48 - 00001587 _____ () C:\Users\Susi\Desktop\JRT.txt
2015-03-21 19:42 - 2015-03-21 19:43 - 01388672 _____ (Thisisu) C:\Users\Susi\Desktop\JRT.exe
2015-03-21 19:07 - 2015-03-21 19:07 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-21 19:07 - 2015-03-21 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-21 19:07 - 2015-03-21 19:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-21 19:07 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-03-21 19:07 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-03-21 19:04 - 2015-03-21 19:04 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Susi\Downloads\mbam-setup-2.1.4.1018.exe
2015-03-21 18:56 - 2015-03-21 18:57 - 00000000 ____D () C:\AdwCleaner
2015-03-21 18:50 - 2015-03-21 18:51 - 02171392 _____ () C:\Users\Susi\Desktop\AdwCleaner_4.112.exe
2015-03-21 05:56 - 2015-03-21 05:56 - 00039908 _____ () C:\Users\Susi\Desktop\ComboFix.txt
2015-03-21 01:05 - 2015-03-21 01:05 - 00039908 _____ () C:\ComboFix.txt
2015-03-21 00:35 - 2015-03-21 00:35 - 00000000 ____D () C:\ProgramData\HPQLOG
2015-03-20 23:38 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-03-20 23:38 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-03-20 23:38 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-03-20 23:38 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-03-20 23:38 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-03-20 23:38 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-03-20 23:38 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-03-20 23:38 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-03-20 23:33 - 2015-03-21 01:06 - 00000000 ____D () C:\Qoobox
2015-03-20 23:32 - 2015-03-21 00:13 - 00000000 ____D () C:\windows\erdnt
2015-03-20 23:28 - 2015-03-20 23:31 - 05615380 ____R (Swearware) C:\Users\Susi\Desktop\ComboFix.exe
2015-03-20 20:53 - 2015-03-20 20:53 - 00000545 _____ () C:\Users\Susi\Documents\GMER20_03_15.log
2015-03-20 20:39 - 2015-03-20 20:39 - 00000679 _____ () C:\Users\Susi\Documents\Susi - Verknüpfung.lnk
2015-03-20 20:38 - 2015-03-20 20:38 - 00380416 _____ () C:\Users\Susi\Downloads\Gmer-19357.exe
2015-03-20 20:36 - 2015-03-21 19:53 - 00009140 _____ () C:\Users\Susi\Downloads\Addition.txt
2015-03-20 20:35 - 2015-03-22 13:29 - 00031549 _____ () C:\Users\Susi\Downloads\FRST.txt
2015-03-20 20:35 - 2015-03-22 13:29 - 00000000 ____D () C:\FRST
2015-03-20 20:35 - 2015-03-20 20:35 - 02095616 _____ (Farbar) C:\Users\Susi\Downloads\FRST64.exe
2015-03-20 20:33 - 2015-03-20 20:33 - 00050477 _____ () C:\Users\Susi\Downloads\Defogger.exe
2015-03-20 20:33 - 2015-03-20 20:33 - 00000470 _____ () C:\Users\Susi\Desktop\defogger_disable.log
2015-03-20 20:33 - 2015-03-20 20:33 - 00000000 _____ () C:\Users\Susi\defogger_reenable
2015-03-20 19:49 - 2015-03-20 19:49 - 00007605 _____ () C:\Users\Susi\AppData\Local\Resmon.ResmonCfg
2015-03-20 16:40 - 2015-03-22 13:28 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-20 16:40 - 2015-03-21 19:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-20 16:40 - 2015-03-20 20:46 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-20 16:39 - 2015-03-20 20:28 - 00000000 ____D () C:\Users\Susi\Desktop\mbar
2015-03-20 16:39 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-03-20 16:38 - 2015-03-20 16:39 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Susi\Downloads\mbar-1.09.1.1004.exe
2015-03-20 16:11 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-03-20 16:11 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-03-20 16:11 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-20 16:11 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-03-20 16:11 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-03-20 16:11 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-03-20 16:11 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-03-20 16:11 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-20 16:11 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-03-20 16:11 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-20 16:11 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-20 16:11 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-20 16:11 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-20 16:11 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-03-20 16:11 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-03-20 16:11 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-03-20 16:11 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-03-20 16:11 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-20 16:11 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-03-20 16:11 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-03-20 16:11 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-03-20 16:11 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-03-20 16:11 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-20 16:11 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-03-20 16:11 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-20 16:11 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-03-20 16:11 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-03-20 16:11 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-03-20 16:11 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-03-20 16:11 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-03-20 16:11 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-03-20 16:11 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-03-20 16:11 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-20 16:11 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-03-20 16:11 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-03-20 16:11 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-20 16:11 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-20 16:11 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-03-20 16:11 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-03-20 16:11 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-03-20 16:11 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-03-20 16:11 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-03-20 16:11 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-20 16:11 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-03-20 16:11 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-03-20 16:11 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-03-20 16:11 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-03-20 16:11 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-03-20 16:11 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-03-20 16:11 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-20 16:11 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-03-20 16:11 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-03-20 16:11 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-20 16:11 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-20 16:11 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-20 16:11 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-03-20 16:11 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-03-20 16:11 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-20 16:11 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-03-20 16:11 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-03-20 16:11 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-03-20 16:11 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-20 16:11 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-03-20 16:11 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-03-20 16:11 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-03-20 16:11 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-03-20 16:10 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-20 16:10 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-03-20 16:10 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-03-20 16:10 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-03-20 16:10 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-03-20 16:10 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-03-20 16:10 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-03-20 16:10 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-03-20 16:10 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-03-20 16:10 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-03-20 16:10 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-03-20 16:10 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-03-20 16:10 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-03-20 16:10 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-03-20 16:10 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-03-20 16:10 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-03-20 16:10 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-03-20 16:10 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-03-20 16:10 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-03-20 16:10 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-03-20 16:10 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-03-20 16:10 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-03-20 16:10 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-03-20 16:10 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-03-20 16:10 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-03-20 16:10 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-03-20 16:10 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-03-20 16:10 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-03-20 16:10 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-03-20 16:10 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-03-20 16:10 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-03-20 16:10 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-03-20 16:10 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-20 16:10 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-03-20 16:10 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-03-20 16:08 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-20 16:08 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-03-20 16:08 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-03-20 16:08 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-03-20 16:08 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-20 16:08 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-03-20 16:08 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-03-20 16:08 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-03-20 16:08 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-03-20 16:08 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-03-20 16:08 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-03-20 16:08 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-03-20 16:08 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-03-20 16:08 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-03-20 16:08 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-03-20 16:08 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-03-20 16:08 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-03-20 16:08 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-03-20 16:08 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-03-20 16:08 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-03-20 16:08 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-03-20 16:08 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-03-20 16:08 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-03-20 16:08 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-03-20 16:08 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-03-20 16:08 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-03-20 16:08 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-03-20 16:08 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-03-20 16:08 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-03-20 16:08 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-03-20 16:08 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-03-20 16:08 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-03-20 16:08 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-20 16:08 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-20 16:08 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2015-03-20 16:08 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-20 16:07 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-20 16:07 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-03-20 16:07 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-20 16:07 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-03-20 16:06 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-20 16:05 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-20 16:05 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-02-25 19:52 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-25 19:52 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-25 19:52 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-25 19:52 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-02-24 22:11 - 2015-01-09 00:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-02-24 22:11 - 2015-01-09 00:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-24 22:10 - 2015-02-24 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-24 22:10 - 2015-02-24 22:10 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-24 22:10 - 2015-02-24 22:10 - 00000000 ____D () C:\Program Files\iTunes
2015-02-24 22:10 - 2015-02-24 22:10 - 00000000 ____D () C:\Program Files\iPod
2015-02-24 22:10 - 2015-02-24 22:10 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-24 22:00 - 2015-02-24 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-02-24 21:58 - 2015-02-24 21:58 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-02-24 21:58 - 2015-02-24 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-02-24 21:58 - 2015-02-24 21:58 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-02-21 06:23 - 2015-02-21 06:23 - 00001130 _____ () C:\Users\Susi\Desktop\arriba.lnk
2015-02-21 06:10 - 2015-02-21 06:10 - 00000000 ____D () C:\ProgramData\Sun
2015-02-21 06:10 - 2015-02-21 06:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-21 06:10 - 2015-02-21 06:09 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-21 06:09 - 2015-02-21 06:11 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-21 06:09 - 2015-02-21 06:09 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-21 06:00 - 2015-02-21 06:01 - 11353082 _____ (GPZK Gesellschaft für Patientenzentrierte Kommunikation mbH) C:\Users\Susi\Downloads\arriba.exe
2015-02-20 20:31 - 2015-02-20 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-20 20:31 - 2015-02-20 20:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-02-20 20:31 - 2015-02-20 20:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-22 13:29 - 2013-08-29 08:16 - 00003938 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{C5309636-0E07-4CB6-B1B0-D0A190B7B579}
2015-03-22 13:28 - 2014-08-27 16:36 - 00000439 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2015-03-22 13:28 - 2014-05-18 14:45 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-22 13:28 - 2013-09-15 12:17 - 00000000 ___RD () C:\Users\Susi\Dropbox
2015-03-22 13:28 - 2013-09-15 12:15 - 00000000 ____D () C:\Users\Susi\AppData\Roaming\Dropbox
2015-03-22 13:28 - 2013-08-03 17:29 - 01495261 _____ () C:\windows\WindowsUpdate.log
2015-03-22 09:39 - 2009-07-14 05:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-22 09:39 - 2009-07-14 05:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-22 09:33 - 2015-01-03 16:09 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-22 09:32 - 2013-04-14 00:34 - 00000000 ____D () C:\ProgramData\PDFC
2015-03-22 09:31 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-22 09:31 - 2009-07-14 05:51 - 00117455 _____ () C:\windows\setupact.log
2015-03-21 21:02 - 2010-11-21 04:47 - 00191174 _____ () C:\windows\PFRO.log
2015-03-21 01:05 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-03-21 00:51 - 2009-07-14 03:34 - 00000245 _____ () C:\windows\system.ini
2015-03-21 00:36 - 2009-07-14 06:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2015-03-21 00:36 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-21 00:35 - 2009-07-14 05:45 - 00426416 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-21 00:33 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-03-21 00:33 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\Dism
2015-03-21 00:32 - 2013-08-29 14:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-20 20:33 - 2013-08-29 08:12 - 00000000 ____D () C:\Users\Susi
2015-03-20 19:40 - 2015-01-04 11:00 - 00032768 _____ () C:\windows\system32\persistent_q.db-shm
2015-03-20 19:40 - 2015-01-04 11:00 - 00028328 _____ () C:\windows\system32\persistent_q.db-wal
2015-03-20 19:40 - 2015-01-04 11:00 - 00005120 _____ () C:\windows\system32\persistent_q.db
2015-03-20 19:40 - 2013-08-03 18:23 - 00000000 ____D () C:\windows\Hewlett-Packard
2015-03-20 17:38 - 2013-08-31 18:23 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2015-03-18 20:05 - 2013-09-07 15:23 - 00003180 _____ () C:\windows\System32\Tasks\HPCeeScheduleForSusi
2015-03-18 20:05 - 2013-09-07 15:23 - 00000328 _____ () C:\windows\Tasks\HPCeeScheduleForSusi.job
2015-03-18 19:42 - 2013-09-03 09:44 - 00000000 ____D () C:\temp
2015-03-18 19:40 - 2011-07-29 00:51 - 00000000 ____D () C:\swsetup
2015-03-18 19:35 - 2014-07-12 06:43 - 00000573 _____ () C:\Users\Susi\Desktop\Fernwartung starten.lnk
2015-03-18 19:35 - 2013-09-03 09:44 - 00000605 _____ () C:\Users\Susi\Desktop\Indexdateien löschen.lnk
2015-03-18 19:23 - 2013-09-15 12:17 - 00001017 _____ () C:\Users\Susi\Desktop\Dropbox.lnk
2015-03-18 19:23 - 2013-09-15 12:15 - 00000000 ____D () C:\Users\Susi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-18 18:59 - 2014-08-20 18:04 - 00819896 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klif.sys
2015-03-18 18:55 - 2009-07-14 06:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2015-03-01 08:42 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\tracing
2015-02-26 20:03 - 2013-08-31 18:10 - 00000000 ____D () C:\Users\Susi\AppData\Roaming\Apple Computer
2015-02-24 22:10 - 2013-08-31 18:08 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-24 22:07 - 2013-09-03 08:47 - 00000000 ____D () C:\Daten
2015-02-24 21:21 - 2013-08-29 08:16 - 00000000 ____D () C:\Users\Susi\AppData\Local\PDFC
2015-02-24 04:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-02-22 18:47 - 2014-02-08 20:05 - 00000000 ____D () C:\Users\Susi\Documents\Diabetes
2015-02-21 06:40 - 2014-03-07 07:45 - 00077312 _____ () C:\Users\Susi\Desktop\1BE-KH_Schätzhilfe.xls

==================== Files in the root of some directories =======

2014-08-20 17:11 - 2014-08-20 18:30 - 0000636 _____ () C:\Users\Susi\AppData\Roaming\CMLS15.tst.txt
2013-11-09 14:10 - 2013-11-16 11:45 - 0001679 _____ () C:\Users\Susi\AppData\Roaming\SAS7_000.DAT
2015-01-03 10:31 - 2015-01-03 10:31 - 0000044 _____ () C:\Users\Susi\AppData\Roaming\WB.CFG
2015-03-20 19:49 - 2015-03-20 19:49 - 0007605 _____ () C:\Users\Susi\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Susi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyb2kkg.dll
C:\Users\Susi\AppData\Local\Temp\Quarantine.exe
C:\Users\Susi\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-26 23:44

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Susi at 2015-03-22 13:30:01
Running from C:\Users\Susi\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Total Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.39.0 - Alcor Micro Corp.)
Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.39.0 - Alcor Micro Corp.) Hidden
ALDI TALK Verbindungsassistent (HKLM-x32\...\ALDITALKVerbindungsassistent) (Version: ALDI TALK 4.0 - ALDI TALK Verbindungsassistent)
Amazon Music (HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\Amazon Amazon Music) (Version: 3.0.0.564 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.0.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 3.0.0 - Amazon Services LLC) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Benutzerhandbuch EPSON SX235 Series (HKLM-x32\...\EPSON SX235 Series Useg) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version:  - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5300 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.223.232 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version:  - Broadcom Corporation)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
CodeTwo Sync for iCloud (HKLM-x32\...\{0D8DF5B9-96A7-47B3-9D9C-49F044DB603C}) (Version: 1.3.2.2 - CodeTwo)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.2106 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2531 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.5101 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.1.3423 - CyberLink Corp.)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.2.0 - Hewlett-Packard Company)
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.000 - Nuance Communications Inc.)
Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.41.36204 - Hewlett-Packard Company)
Dropbox (HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Embedded Security for HP ProtectTools (HKLM\...\{43BE25B8-E69F-42CF-9414-7DDCF891629B}) (Version: 7.0.000.2882 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Epson Easy Photo Print 2 (HKLM-x32\...\{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Evernote v. 5.4.1 (HKLM-x32\...\{A5F7DF42-F67D-11E3-B7EB-00163E98E7D6}) (Version: 5.4.1.3962 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.2.2.4549 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (Version: 7.2.2.4549 - Hewlett-Packard Company) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{B64F0818-316F-4237-8CB4-35BC2DA784C2}) (Version: 5.1.12.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{C0ED9561-8312-457C-BB1B-BDC7EE034CED}) (Version: 4.7.4.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{C65D5947-5FAF-499E-859F-75C3852D84B0}) (Version: 1.1.1.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company)
HP File Sanitizer (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 8.1.1.1 - Hewlett-Packard Company)
HP GPS and Location (HKLM-x32\...\{23A7D0B7-51CF-4986-8248-2ACE6629A00C}) (Version: 1.2.9.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.16 - SunplusIT)
HP Hotkey Support (HKLM-x32\...\{53C48A27-4079-49EB-8E73-76BA85D2BF6F}) (Version: 5.0.24.1 - Hewlett-Packard Company)
HP Mobile Broadband Drivers (HKLM-x32\...\{646E8C34-C88B-42F9-9F41-985A801219E1}) (Version: 7.2.8.1 - Ericsson AB)
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.2.1213 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{FE465061-894A-4023-8580-56FCDD4F23F9}) (Version: 3.4.4.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{3A61A282-4F08-4D43-920C-DC30ECE528E8}) (Version: 2.6.1 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6402.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 19.2 - Intel)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.5.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{90170407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
mylife DIABASS (HKLM-x32\...\mylife DIABASS) (Version: 0 (Build 12.6.0.1) - mediaspects GmbH)
Netzwerkhandbuch EPSON SX235 Series (HKLM-x32\...\EPSON SX235 Series Netg) (Version:  - )
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.50 - PDF Complete, Inc)
PDF24 Creator 6.9.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.5.0 - Prolific Technology INC)
Privacy Manager for HP ProtectTools (HKLM\...\{29AB47F0-C5A3-401F-8A84-3324F2DC8E46}) (Version: 7.0.1.892 - Hewlett-Packard Company)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scrivener (HKLM-x32\...\Scrivener 1720) (Version: 1720 - Literature and Latte)
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
SiDiary 6 (HKLM-x32\...\{73C96D3B-F9D2-4A0C-81F7-FBED6C75CE77}) (Version: 6.0 - SINOVO Ltd. & Co. KG)
Silhouette Studio (HKLM-x32\...\{6FC20A5B-2B6A-4867-B1CF-F5201DC4D935}) (Version: 2.7.18 - Aspex Research & Technology)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.23 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.1.02 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 7.0.1.02 - Hewlett-Packard Company) Hidden
Unity Web Player (HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Validity Fingerprint Sensor Driver (HKLM\...\{AA51ED2E-DCE7-415F-9C32-CB9B561D216D}) (Version: 4.4.228.0 - Validity Sensors, Inc.)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. )
yWriter5 (HKLM-x32\...\yWriter5_is1) (Version:  - Spacejock Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Susi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

19-02-2015 09:08:35 Windows Update
24-02-2015 20:39:12 Windows Update
24-02-2015 22:10:52 Windows Update
01-03-2015 08:25:51 Windows Update
04-03-2015 17:00:17 Windows Update
07-03-2015 10:58:54 Revo Uninstaller's restore point - TicTaCouepon
07-03-2015 11:02:03 Revo Uninstaller's restore point - IncrementMonitor
07-03-2015 11:50:47 Revo Uninstaller's restore point - CopyTrans Control Center deinstallieren
18-03-2015 19:30:56 HPSF Applying updates
20-03-2015 15:56:53 Windows Update
20-03-2015 16:05:33 Revo Uninstaller's restore point - Silhouette Studio
20-03-2015 19:38:00 Malwarebytes Anti-Rootkit Restore Point
21-03-2015 00:26:11 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-03-20 23:55 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {29CE849C-595F-4284-94FD-EC44B806321C} - System32\Tasks\{D276A26F-B643-41D6-994E-DB94B3502D18} => C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe [2011-09-13] ()
Task: {33083DD4-6FC6-4538-AEBC-7756B83496AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {37F7AF05-76AB-4C14-9989-153B229246E9} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {3FA36A2A-B3E8-4D68-AA6F-2C1F2ABAA3DC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {43866705-97B9-44D8-BF97-D75210AB1E7F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4C56A4E5-0442-454E-BA64-A83AA9ACBC8B} - System32\Tasks\{246FE5D8-529F-40CE-A7EC-74BFC338B0D4} => pcalua.exe -a C:\Users\Susi\APPDATA\LOCAL\TEMP\wzdd73\CopyTransDriversInstaller.exe -d C:\Users\Susi\Downloads
Task: {98386ED5-8D7D-4CB5-9359-3F43E5317EC9} - System32\Tasks\{B45715CC-1EBE-4F03-83CB-1A19020900A1} => C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe [2011-09-13] ()
Task: {9F2496F2-C382-4B88-BD18-46FCE4F7D5D4} - System32\Tasks\{6AC74502-C1F1-42DB-9A0C-DCDC7D5B7BE8} => pcalua.exe -a D:\.\Setup.exe -d D:\ -c AUTORUN=1
Task: {AF728C8C-90FB-4777-83F1-20B32651DC18} - System32\Tasks\{5A4526D0-BFBE-43B2-8DA7-C4E9B5C6CBC6} => pcalua.exe -a C:\Users\Susi\APPDATA\LOCAL\TEMP\wzc226\CopyTransDriversInstaller.exe -d C:\Users\Susi\Downloads
Task: {B0B73BA8-C582-4BB3-8865-0AF71955BEB5} - System32\Tasks\{8CCF74E3-7A81-4B2C-830E-BEB2A58C4EA1} => C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe [2011-09-13] ()
Task: {B38296E9-7C4F-4983-9AAF-4B573B634BA3} - System32\Tasks\{F616B885-2DA5-4955-9435-58F6194AFF6D} => C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe [2011-09-13] ()
Task: {B489FBE9-56E8-4916-AAA6-E557E0966E50} - System32\Tasks\{DD31270D-B119-4FDB-94DC-9E8E382CFBCA} => C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe [2011-09-13] ()
Task: {BD35759C-4C92-4A48-9933-E84E99E7D0CB} - System32\Tasks\Amazon Music Helper => C:\Users\Susi\AppData\Local\Amazon Music\Amazon Music Helper.exe [2014-06-04] ()
Task: {DF0B53D9-2679-4DC3-AA5F-0DB16BC06A60} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {F0FA7554-E67A-48B6-930D-7BCA293EE9AB} - System32\Tasks\HPCeeScheduleForSusi => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\HPCeeScheduleForSusi.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2012-01-17 15:57 - 2012-01-17 15:57 - 00298368 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2013-03-27 11:11 - 2013-03-27 11:11 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2011-10-12 10:03 - 2011-10-12 10:03 - 00213328 _____ () C:\windows\system32\PassThroughOTP.dll
2010-09-06 21:18 - 2010-09-06 21:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2013-03-27 10:26 - 2013-03-27 10:26 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2014-09-02 09:29 - 2011-09-13 09:16 - 00342984 ____N () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-27 10:28 - 2013-03-27 10:28 - 01327104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2014-06-15 17:32 - 2014-06-04 23:18 - 03162944 _____ () C:\Users\Susi\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-09-02 09:29 - 2011-09-13 09:16 - 00510920 ____N () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
2012-02-10 22:26 - 2012-02-10 22:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2014-03-19 07:00 - 2014-03-19 07:00 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\kpcengine.2.3.dll
2013-03-27 10:54 - 2013-03-27 10:54 - 02854912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2013-03-27 10:26 - 2013-03-27 10:26 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2013-03-27 10:52 - 2013-03-27 10:52 - 03035136 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2013-03-27 10:57 - 2013-03-27 10:57 - 02867200 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2013-03-27 10:55 - 2013-03-27 10:55 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2013-03-27 10:30 - 2013-03-27 10:30 - 02043904 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2013-03-27 10:31 - 2013-03-27 10:31 - 01949696 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2014-08-29 16:40 - 2011-07-13 09:10 - 00065576 ____R () C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-19 18:39 - 2013-08-07 04:16 - 00806664 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2014-02-19 18:39 - 2013-03-06 04:04 - 01353688 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\DEU\P2GRC.dll
2014-02-19 18:39 - 2013-08-07 04:16 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00750080 _____ () C:\Users\Susi\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-22 09:32 - 2015-03-22 09:32 - 00043008 _____ () c:\users\susi\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyb2kkg.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00047616 _____ () C:\Users\Susi\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00865280 _____ () C:\Users\Susi\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:07 - 2015-03-04 23:07 - 00200704 _____ () C:\Users\Susi\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-06-17 17:10 - 2014-06-17 17:10 - 00436576 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-06-17 17:10 - 2014-06-17 17:10 - 00318304 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2014-02-19 18:39 - 2013-08-05 08:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-10-17 08:07 - 2014-10-17 08:07 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\d8090ffb538a2803336e702091cd0bdd\IsdiInterop.ni.dll
2013-04-14 00:05 - 2013-08-31 20:31 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-08-03 17:57 - 2013-10-28 22:40 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-03-19 07:00 - 2014-03-19 07:00 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\Users\Susi\Desktop\wie sorutzen.docx:com.dropbox.attributes
AlternateDataStreams: C:\Users\Susi\Desktop\~WRL3030.tmp:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Susi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3640161593-1920862833-3677333132-500 - Administrator - Disabled)
Gast (S-1-5-21-3640161593-1920862833-3677333132-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3640161593-1920862833-3677333132-1003 - Limited - Enabled)
Susi (S-1-5-21-3640161593-1920862833-3677333132-1001 - Administrator - Enabled) => C:\Users\Susi

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/22/2015 09:32:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2015 09:04:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2015 08:50:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15693

Error: (03/21/2015 08:50:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15693

Error: (03/21/2015 08:45:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/21/2015 08:04:43 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT-AUTORITÄT)
Description: Produkt: Dragon NaturallySpeaking 12 -- Fehler 1706. Für das Produkt Dragon NaturallySpeaking 12 wurde kein Installationspaket gefunden. Wiederholen Sie die Installation und verwenden Sie dabei eine gültige Kopie des Installationspakets "Dragon NaturallySpeaking 12.msi".

Error: (03/21/2015 08:04:17 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT-AUTORITÄT)
Description: Produkt: Dragon NaturallySpeaking 12 -- Fehler 1706. Für das Produkt Dragon NaturallySpeaking 12 wurde kein Installationspaket gefunden. Wiederholen Sie die Installation und verwenden Sie dabei eine gültige Kopie des Installationspakets "Dragon NaturallySpeaking 12.msi".


System errors:
=============
Error: (03/22/2015 01:28:40 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.0.206192.168.137.0255.255.255.0

Error: (03/22/2015 01:28:40 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (03/22/2015 09:32:50 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 169.254.240.243192.168.137.0255.255.255.0

Error: (03/22/2015 09:32:50 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (03/22/2015 09:32:36 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (03/22/2015 09:32:32 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/21/2015 09:04:40 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.0.206192.168.137.0255.255.255.0

Error: (03/21/2015 09:04:40 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (03/21/2015 09:03:44 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/21/2015 09:01:02 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {FC38B03D-0921-4C97-B736-7CFE5DDA1E5C}


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 60%
Total physical RAM: 3975.55 MB
Available physical RAM: 1567.17 MB
Total Pagefile: 7949.29 MB
Available Pagefile: 4962.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:443.73 GB) (Free:331.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:19.74 GB) (Free:3.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 50318F85)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=443.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End Of Log ============================

M-K-D-B 22.03.2015 13:41
Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.





Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
Toolbar: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
CHR dev: Chrome dev build detected! <======= ATTENTION
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.









Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von HitmanPro,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

Tapoka 22.03.2015 22:25
Ihr antwortet ja sogar am Sonntag!
Danke!

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Susi at 2015-03-22 18:25:31 Run:1
Running from C:\Users\Susi\Downloads
Loaded Profiles: Susi (Available profiles: Susi)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
Toolbar: HKU\S-1-5-21-3640161593-1920862833-3677333132-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
CHR dev: Chrome dev build detected! <======= ATTENTION
EmptyTemp:
end
   
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
HKU\S-1-5-21-3640161593-1920862833-3677333132-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} => value deleted successfully.
"HKCR\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}" => Key deleted successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
EmptyTemp: => Removed 365.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog 18:27:02 ====
Code:

       
Code:

       
HitmanPro 3.7.9.238
www.hitmanpro.com

   Computer name . . . . : SUSI_LAPTOP
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Susi_Laptop\Susi
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2015-03-22 18:35:22
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 39s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 11

   Objects scanned . . . : 2.077.188
   Files scanned . . . . : 35.463
   Remnants scanned  . . : 400.946 files / 1.640.779 keys

Suspicious files ____________________________________________________________

   C:\Users\Susi\Downloads\FRST64.exe -> Deleted
      Size . . . . . . . : 2.095.616 bytes
      Age  . . . . . . . : 1.9 days (2015-03-20 20:35:27)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 72AAB1C62CF0BC00F5B102954B603D1509B2AF5F0BD1911E9CAE98C4DDE2D152
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Susi\Downloads\FRST64.exe
          0.0s C:\Users\Susi\Downloads\FRST64.exe

   C:\windows\PEV.exe -> Deleted
      Size . . . . . . . : 256.000 bytes
      Age  . . . . . . . : 1.8 days (2015-03-20 23:38:21)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : AE0F5CC54E4B133DF66A54572A7CE52FAFF11F8FD0CAEAB088AAD3699D6EC924
      Fuzzy  . . . . . . : 22.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The .rsrc (resources) section in this program is set to executable. This is an indication of malware infection.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
         -3.3s C:\Qoobox\BackEnv\
         -3.2s C:\Qoobox\Quarantine\catchme.log
         -3.2s C:\Qoobox\Quarantine\catchme.log
         -3.2s C:\Qoobox\Quarantine\catchme.log
         -3.2s C:\Qoobox\Quarantine\catchme.log
         -3.2s C:\Qoobox\Quarantine\catchme.log
          0.0s C:\Windows\SWXCACLS.exe
          0.0s C:\Windows\SWXCACLS.exe
          0.0s C:\Windows\SWXCACLS.exe
          0.0s C:\Windows\SWXCACLS.exe
          0.0s C:\Windows\SWSC.exe
          0.0s C:\Windows\sed.exe
          0.0s C:\Windows\grep.exe
          0.0s C:\Windows\zip.exe
          0.0s C:\Windows\SWREG.exe
          0.0s C:\Windows\PEV.exe
          0.0s C:\Windows\NIRCMD.exe
          0.0s C:\Windows\MBR.exe
          0.0s C:\Windows\MBR.exe

   C:\windows\SysWOW64\DPProCsp.dll -> Deleted
      Size . . . . . . . : 142.672 bytes
      Age  . . . . . . . : 509.8 days (2013-10-28 22:30:52)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 4216453738D7CF1285731B28298313B74958CDEC6059AD954DE063C531B3F8FA
      Product  . . . . . : HP ProtectTools Security Manager
      Publisher  . . . . : DigitalPersona, Inc.
      Description  . . . : DigitalPersona One Touch CSP
      Version  . . . . . : 5.1.0.403
      Copyright  . . . . : Copyright © DigitalPersona, Inc. 1996-2010
      RSA Key Size . . . : 1024
      LanguageID . . . . : 0
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 22.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\Interface\{0416BDB0-AFB0-4464-952D-1EAB5047B8E6}\ (UniDeals) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{3F97FDF1-DA2B-4579-AD3E-E46641F9DBAB}\ (UniDeals) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{A220BAB5-C335-48BA-8A01-309FDA37446F}\ (UniDeals) -> Deleted
   HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player) -> Deleted
   HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\ (UniDeals) -> Deleted
   HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player) -> PendingDelete
   HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\ (UniDeals) -> PendingDelete

Cookies _____________________________________________________________________

   C:\Users\Susi\AppData\Roaming\Microsoft\Windows\Cookies\J1H7T5SS.txt


Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=811ee9d75ba58a44ac0729660739e626
# engine=23025
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-22 07:40:11
# local_time=2015-03-22 08:40:11 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Total Security'
# compatibility_mode=1298 16777213 100 100 11413 54624841 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 11588 178683061 0 0
# scanned=257112
# found=5
# cleaned=0
# scan_time=6298
sh=DF678B81D0A2C063E5467C5113DCCFF238B44DC4 ft=1 fh=55941976f4437196 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\swsetup\WinZBas\Setup.exe"
sh=06273DB259F0E22DD90734B9F8B9D27DE1C14830 ft=1 fh=ed5765fa04e0e51c vn="Win32/InstalleRex.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Susi\AppData\Roaming\Apple Computer\MobileSync\Backup\e4e18e5c6df7719a70d24d059b87f8811000643b\a9c03df04903920755bf47ef9b2c735c65f5e050"
sh=06273DB259F0E22DD90734B9F8B9D27DE1C14830 ft=1 fh=ed5765fa04e0e51c vn="Win32/InstalleRex.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Susi\AppData\Roaming\Apple Computer\MobileSync\Backup\e4e18e5c6df7719a70d24d059b87f8811000643b-20141227-181405\a9c03df04903920755bf47ef9b2c735c65f5e050"
sh=E55DA6BAC6CA0E85E13D3FC2805B1C49D8045DD0 ft=1 fh=a341758a219db876 vn="Win32/Systweak.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Susi\Downloads\tall_290805215069954857.exe"
sh=ED5C7FA74CB6DCD8F9AFEACDF9A3B8E5B395C832 ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\130285.msi"
Code:
Results of screen317's Security Check version 0.99.97 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Total Security 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 31 
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31 
 Mozilla Firefox 35.0.1 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe 
 Kaspersky Lab Kaspersky Total Security 15.0.1 avp.exe 
 Kaspersky Lab Kaspersky Total Security 15.0.1 avpui.exe 
 Kaspersky Lab Kaspersky Total Security 15.0.1 x64 wmi64.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

M-K-D-B 23.03.2015 15:06
Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
CloseProcesses:
C:\swsetup\WinZBas\Setup.exe
C:\Users\Susi\AppData\Roaming\Apple Computer\MobileSync\Backup\e4e18e5c6df7719a70d24d059b87f8811000643b\a9c03df04903920755bf47ef9b2c735c65f5e050
C:\Users\Susi\AppData\Roaming\Apple Computer\MobileSync\Backup\e4e18e5c6df7719a70d24d059b87f8811000643b-20141227-181405\a9c03df04903920755bf47ef9b2c735c65f5e050
C:\Users\Susi\Downloads\tall_290805215069954857.exe
C:\Windows\Installer\130285.msi
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird!









Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:
http://filepony.de/icon/emsisoft_anti_malware.png
Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Tapoka 23.03.2015 21:03
D a n k e ! ! !
 
Hallo MAtthias

ganz großes herzliches Danke aus Wien - hat alles super funktioniert und Ihr erklärt das so gut, dass sogar ich das alles hingekriegt hab.:huepp:

Zitat:
Zitat von M-K-D-B (Beitrag 1445610)
Reste entfernen
Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:
na klar, mach ich gleich!

Susanne

HIer noch das letzte Log:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Susi at 2015-03-23 20:42:45 Run:2
Running from C:\Users\Susi\Desktop
Loaded Profiles: Susi (Available profiles: Susi)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\swsetup\WinZBas\Setup.exe
C:\Users\Susi\AppData\Roaming\Apple Computer\MobileSync\Backup\e4e18e5c6df7719a70d24d059b87f8811000643b\a9c03df04903920755bf47ef9b2c735c65f5e050
C:\Users\Susi\AppData\Roaming\Apple Computer\MobileSync\Backup\e4e18e5c6df7719a70d24d059b87f8811000643b-20141227-181405\a9c03df04903920755bf47ef9b2c735c65f5e050
C:\Users\Susi\Downloads\tall_290805215069954857.exe
C:\Windows\Installer\130285.msi
EmptyTemp:
end
*****************

Processes closed successfully.
C:\swsetup\WinZBas\Setup.exe => Moved successfully.
C:\Users\Susi\AppData\Roaming\Apple Computer\MobileSync\Backup\e4e18e5c6df7719a70d24d059b87f8811000643b\a9c03df04903920755bf47ef9b2c735c65f5e050 => Moved successfully.
C:\Users\Susi\AppData\Roaming\Apple Computer\MobileSync\Backup\e4e18e5c6df7719a70d24d059b87f8811000643b-20141227-181405\a9c03df04903920755bf47ef9b2c735c65f5e050 => Moved successfully.
C:\Users\Susi\Downloads\tall_290805215069954857.exe => Moved successfully.
C:\Windows\Installer\130285.msi => Moved successfully.
EmptyTemp: => Removed 55 MB temporary data.


The system needed a reboot.

==== End of Fixlog 20:42:57 ====

M-K-D-B 23.03.2015 23:03
Ich bin froh, dass wir helfen konnten :abklatsch:

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! :)

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:25 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19