Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 09.06.2015
Suchlauf-Zeit: 18:38:43
Logdatei: Malware.txt
Administrator: Ja
Version: 2.01.6.1022
Malware Datenbank: v2015.06.09.04
Rootkit Datenbank: v2015.06.02.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Louisa
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 467080
Verstrichene Zeit: 24 Min, 41 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente gefunden)
Module: 0
(Keine schädliche Elemente gefunden)
Registrierungsschlüssel: 2
PUP.Optional.Ask.A, HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{59EF53E4-5719-4F8C-A7D7-29FC4D0E8245}, , [32761f99a9e1c3735ce9e4a30005d62a],
PUP.Optional.ICQ.A, HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6552C7DD-90A4-4387-B795-F8F96747DE19}, , [6c3ca6125832aa8cd85950316b9acd33],
Registrierungswerte: 3
PUP.Optional.Ask.A, HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{59EF53E4-5719-4F8C-A7D7-29FC4D0E8245}|URL, hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=60D7AED4-98D4-4619-9A20-E8F386ADE084&apn_sauid=7114B921-E439-414B-B4C5-4D6858EE81DA, , [32761f99a9e1c3735ce9e4a30005d62a]
PUP.Optional.ICQ.A, HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6552C7DD-90A4-4387-B795-F8F96747DE19}|URL, hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd, , [6c3ca6125832aa8cd85950316b9acd33]
PUP.Optional.ICQ.A, HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6552C7DD-90A4-4387-B795-F8F96747DE19}|FaviconURL, hxxp://c.icq.com/favicon.ico, , [2286ad0bafdb63d39c9592ef3fc6fa06]
Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)
Ordner: 0
(Keine schädliche Elemente gefunden)
Dateien: 5
PUP.Optional.InstallCore.A, C:\Users\Louisa\AppData\Local\Temp\ICReinstall_13077574224658429547.exe, , [b5f3c3f5deacd6609baace987a881de3],
PUP.Optional.InstallCore.A, C:\Users\Louisa\AppData\Local\Temp\13077574224658429547.exe, , [04a4b8004d3de056f253006645bd8c74],
PUP.Optional.MyStartSearch.A, C:\Users\Louisa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage, , [00a8bafe9febd561a10cf7045ca7d42c],
PUP.Optional.MyStartSearch.A, C:\Users\Louisa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage-journal, , [6b3d892ffb8fa492fdb06f8c1ae96898],
PUP.Optional.HttpBreaker, C:\Users\Louisa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Gut: ("session":{"restore_on_startup":5}}), Schlecht: ("session":{"restore_on_startup":4,"startup_urls":["hxxp://www.mystartsearch.com/?type=hppp&ts=1423745148&from=smt&uid=WDCXWD5000BPVT-80HXZT1_WD-WX21A11T4587T4587"]},"sync":{"remaining_rollback_tries":0}}), ,[248430885634a78f2d71ceaf17effb05]
Physische Sektoren: 0
(Keine schädliche Elemente gefunden)
(end)
GMER Log: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-09 17:46:56
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: sytkgtuo.exe; Driver: C:\Users\Louisa\AppData\Local\Temp\uwroiaow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800035f8000 85 bytes [D6, 48, 8B, CB, E8, 87, A8, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 614 fffff800035f8056 15 bytes [4C, 89, 2D, CB, 7E, 15, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Norman\npm\bin\nfservice.exe[840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075eb1465 2 bytes {JMP 0x77}
.text C:\Program Files\Norman\npm\bin\nfservice.exe[840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075eb14bb 2 bytes {JMP 0x77}
.text ... * 2
.text C:\Program Files\Norman\Ngs\Bin\Nprosec.exe[948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075eb1465 2 bytes {JMP 0x77}
.text C:\Program Files\Norman\Ngs\Bin\Nprosec.exe[948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075eb14bb 2 bytes {JMP 0x77}
.text ... * 2
.text C:\Program Files\Norman\Npm\Bin\nwscmon.exe[992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075eb1465 2 bytes {JMP 0x77}
.text C:\Program Files\Norman\Npm\Bin\nwscmon.exe[992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075eb14bb 2 bytes {JMP 0x77}
.text ... * 2
.text C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075eb1465 2 bytes {JMP 0x77}
.text C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075eb14bb 2 bytes {JMP 0x77}
.text ... * 2
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075eb1465 2 bytes {JMP 0x77}
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075eb14bb 2 bytes {JMP 0x77}
.text ... * 2
.text C:\Program Files\Norman\Npm\Bin\Njeeves2.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075eb1465 2 bytes {JMP 0x77}
.text C:\Program Files\Norman\Npm\Bin\Njeeves2.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075eb14bb 2 bytes {JMP 0x77}
.text ... * 2
.text C:\Program Files\Norman\Npm\Bin\zlh.exe[4656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075eb1465 2 bytes {JMP 0x77}
.text C:\Program Files\Norman\Npm\Bin\zlh.exe[4656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075eb14bb 2 bytes {JMP 0x77}
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075eb1465 2 bytes {JMP 0x77}
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075eb14bb 2 bytes {JMP 0x77}
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075eb1465 2 bytes {JMP 0x77}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075eb14bb 2 bytes {JMP 0x77}
.text ... * 2
.text C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE[1292] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000751e8791 5 bytes JMP 0000000164407f8e
.text C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE[1292] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 00000000755a6143 5 bytes JMP 000000016494ca31
.text C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE[1292] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075dd3e59 5 bytes JMP 000000016443aba8
.text C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE[1292] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075dd3eae 5 bytes JMP 000000016444b17a
.text C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE[1292] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075dd4731 5 bytes JMP 000000016444aa6c
.text C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE[1292] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075dd5dee 5 bytes JMP 000000016446dc0e
---- EOF - GMER 2.1 ----
[CODE]Additional
FRST Logfile: Code:
scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Louisa at 2015-06-09 17:24:20
Running from C:\Users\Louisa\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1308098430-1506930464-3000473889-500 - Administrator - Disabled)
Gast (S-1-5-21-1308098430-1506930464-3000473889-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1308098430-1506930464-3000473889-1003 - Limited - Enabled)
Louisa (S-1-5-21-1308098430-1506930464-3000473889-1001 - Administrator - Enabled) => C:\Users\Louisa
UpdatusUser (S-1-5-21-1308098430-1506930464-3000473889-1000 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norman Endpoint Protection Anti-Virus (Disabled - Out of date) {F86A2F90-6CAD-D491-E1E0-29799D9EE21F}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norman Endpoint Protection Anti-Spyware (Disabled - Out of date) {430BCE74-4A97-DB1F-DB50-120BE619A8A2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version: - ArcSoft)
Ask Toolbar Updater (HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.3.29495 - Ask.com) <==== ATTENTION
ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.0.6 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.43 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0030 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.3.585 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0007 - ASUS)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP180 Benutzerregistrierung (HKLM-x32\...\Canon MP180 Benutzerregistrierung) (Version: - )
Canon Utilities Easy-PhotoPrint (HKLM-x32\...\Easy-PhotoPrint) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cisco AnyConnect Diagnostics and Reporting Tool (HKLM-x32\...\{7FC762C0-6D5B-4BEF-A2A8-24E5FC248517}) (Version: 3.1.05182 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05182 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05182 - Cisco Systems, Inc.) Hidden
Click to Call with Skype (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.5.8013 - Skype Technologies S.A.)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Complemento Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DealPly (HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\...\DealPly) (Version: - )
Die*Sims™*3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
Dropbox (HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-1308098430-1506930464-3000473889-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
ETDWare PS/2-X64 8.0.5.0_WHQL (HKLM\...\Elantech) (Version: 8.0.5.0 - ELAN Microelectronic Corp.)
Facebook Video Calling 1.2.0.159 (HKLM-x32\...\{7CAC6A44-C3DE-4153-ACA6-7524602C789E}) (Version: 1.2.159 - Skype Limited)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.8 - ASUS)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.2.802 - Foxit Corporation)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Apps Migration For Microsoft Outlook® 3.4.27.52 (HKLM-x32\...\{65960C6E-BFA2-4FE7-A1BC-8028F3072566}) (Version: 3.4.27.52 - Google, Inc.)
Google Apps Sync™ for Microsoft Outlook® 3.7.410.1100 (HKLM-x32\...\{799A7E2B-388F-4BDE-B55B-47AF42C6440A}) (Version: 3.7.410.1100 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2253 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 分享元件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MobileMe Control Panel (HKLM\...\{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}) (Version: 3.1.6.0 - Apple Inc.)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Norman Endpoint Protection (HKLM\...\{86FEEF96-13D5-464B-A1DE-BE717D31182C}) (Version: 9.00.0000 - Norman ASA)
NVIDIA Graphics Driver 266.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.43 - NVIDIA Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)
ScanSoft OmniPage SE 4.0 (HKLM-x32\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
Sony PC Companion 2.10.236 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.236 - Sony)
Spotify (HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Spotify (HKU\S-1-5-21-1308098430-1506930464-3000473889-1001\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
Update for Zip Opener (HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\...\DSite) (Version: - ) <==== ATTENTION
USB2.0 UVC VGA WebCam (HKLM\...\USB2.0 UVC VGA WebCam) (Version: 5.8.55133.208 - Sonix)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
webcam 7 (HKLM-x32\...\webcam 7) (Version: 1.3.5.0 - Moonware Studios)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
Zip Opener Packages (HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\...\Zip Opener Packages) (Version: - ) <==== ATTENTION
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
מסייע Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1308098430-1506930464-3000473889-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Louisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1308098430-1506930464-3000473889-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Louisa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1308098430-1506930464-3000473889-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Louisa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1308098430-1506930464-3000473889-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Louisa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1308098430-1506930464-3000473889-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Louisa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1308098430-1506930464-3000473889-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Louisa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1308098430-1506930464-3000473889-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Louisa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1308098430-1506930464-3000473889-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Louisa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1308098430-1506930464-3000473889-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Louisa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
31-05-2015 19:00:11 Windows-Sicherung
07-06-2015 20:10:50 Windows-Sicherung
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0C9FA6B7-635E-408B-9D6B-AF4ED6249414} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {17AD5418-061F-49E6-84A2-D03CC3007469} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1308098430-1506930464-3000473889-1001Core => C:\Users\Louisa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {269D0DC1-0640-437F-99A9-AD11C5A4EB1A} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-06-29] (Microsoft Corporation)
Task: {48F0EA13-FFDA-406B-9234-57DDD8B434BC} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-18] (ASUS)
Task: {53CE3203-CFB9-4962-8BF2-AE97A01E2DE9} - System32\Tasks\{8D2AF14D-65D3-4547-B4BA-428C01EF01AB} => pcalua.exe -a "C:\Program Files (x86)\Canon\IJEREG\MP180\UNINST.EXE"
Task: {6C91F40B-25A5-4AE6-A64B-F48A2A06C861} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-02] (ASUS)
Task: {72777F55-C823-412A-984B-9E9015E493F9} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {88ECBE55-CD91-4EE3-9B8E-F2D7F9FC8421} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1308098430-1506930464-3000473889-1001UA => C:\Users\Louisa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {9074F0A8-954C-4B35-B4E9-3C092A45CCD6} - System32\Tasks\{A8B97A18-86D2-4C79-BC94-5AE0CF7B96BA} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2015-01-23] (Skype Technologies S.A.)
Task: {B49D7F3D-0864-455C-8AE0-2993FF0FFAE0} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {D3ED6992-8C30-4163-B499-180ACAC454EA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {D44A7C1B-ED52-4EB8-99E3-E97A321EBBF1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-17] (Adobe Systems Incorporated)
Task: {D9676A97-5023-4569-A485-6C20945E7A66} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2011-08-31] (ASUSTeK Computer Inc.)
Task: {E836D1CD-22F7-4780-972E-9ABEF1E4FB81} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1308098430-1506930464-3000473889-1001Core.job => C:\Users\Louisa\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1308098430-1506930464-3000473889-1001UA.job => C:\Users\Louisa\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2010-04-03 05:21 - 2008-10-01 09:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-07-15 02:11 - 2010-07-15 02:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2013-10-17 16:27 - 2013-10-17 16:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2010-03-16 03:48 - 2010-03-16 03:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2010-11-28 14:34 - 2010-11-28 14:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-11-22 02:03 - 2014-11-22 02:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-11-28 19:30 - 2014-11-26 16:36 - 00179080 _____ () C:\Program Files\Norman\Npm\Bin\Njeeves2.exe
2010-09-24 02:53 - 2010-09-24 02:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-16 03:48 - 2010-03-16 03:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2011-03-07 07:50 - 2011-03-07 07:50 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2011-03-07 07:50 - 2011-03-07 07:50 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2015-06-09 17:18 - 2015-06-09 17:18 - 00050477 _____ () C:\Users\Louisa\Downloads\Defogger.exe
2014-08-15 20:25 - 2014-08-15 20:25 - 00063400 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-31 15:33 - 2011-08-31 15:33 - 00208384 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
2013-10-17 01:26 - 2013-07-02 11:05 - 00218208 _____ () C:\Program Files\Norman\Npm\Bin\lua.dll
2011-03-07 08:05 - 2010-12-27 15:41 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2014-09-12 11:43 - 2014-09-12 11:43 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll
2010-07-01 12:21 - 2010-07-01 12:21 - 00204800 _____ () C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-05-25 20:04 - 2015-05-22 22:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-25 20:04 - 2015-05-22 22:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-03-24 13:40 - 2015-05-30 10:00 - 41287224 _____ () C:\Users\Louisa\AppData\Roaming\Spotify\libcef.dll
2015-03-24 13:40 - 2015-05-30 10:00 - 01488440 _____ () C:\Users\Louisa\AppData\Roaming\Spotify\libglesv2.dll
2015-03-24 13:40 - 2015-05-30 10:00 - 00079928 _____ () C:\Users\Louisa\AppData\Roaming\Spotify\libegl.dll
2015-03-24 13:40 - 2015-03-24 13:40 - 09305656 _____ () C:\Users\Louisa\AppData\Roaming\Spotify\pdf.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\...\uni-kl.de -> hxxps://vpn.uni-kl.de
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1308098430-1506930464-3000473889-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Louisa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^Louisa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: EA Core => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent
MSCONFIG\startupreg: Facebook Update => "C:\Users\Louisa\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SonicMasterTray => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: Spotify => "C:\Users\Louisa\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Louisa\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{568B1360-8125-4F97-854A-A222D509BA2D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{8031DC1B-EE2E-4AE5-A244-7296794B9648}] => (Allow) LPort=2869
FirewallRules: [{C8CAF5AE-EBC0-4920-94AC-FC48FD056F8A}] => (Allow) LPort=1900
FirewallRules: [{36735A44-7752-4816-9911-7A73D8B0E631}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C3C9B7C1-12D0-4B11-85B9-C608A020F645}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{6148D936-936B-4B62-A802-A21785B7DA6D}] => (Allow) LPort=5353
FirewallRules: [{844EC7CD-3533-420E-9D3B-C241FC06181C}] => (Allow) LPort=8182
FirewallRules: [{FB523AAE-8E97-4993-9E3B-6A063B0539C4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{520BF5FB-87FD-4E54-9FD6-D2685E3C0F6D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{EE6C9E31-5BB1-4B53-833C-7A1375C149D6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D9FC1BBA-B255-4405-B57A-0AFDF50C1C12}] => (Allow) C:\Users\Louisa\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [TCP Query User{672602BE-F496-461E-B74C-F9A1ED1185E4}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe] => (Block) C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
FirewallRules: [UDP Query User{90A8BD27-3106-4513-AECB-DEFF939F8E1B}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe] => (Block) C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
FirewallRules: [{22CAA372-D24E-4AA7-9E9C-E3DD619A8C9F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{CDED1C97-2261-4A39-B580-5383A5CCE05F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CCD778C4-AE37-4D69-97B7-B3B6EACD62C0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{469BBA65-3945-4AB2-8C86-7EEE55687019}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E7747C0E-41BB-4600-9F5D-ADD98C4C53CB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B9C1BF3B-4C0E-4ADE-852E-2B24845C4277}] => (Allow) C:\Program Files\Norman\Npm\Bin\Njeeves.exe
FirewallRules: [{3C3612B6-5F84-4442-9545-9298A1706AC2}] => (Allow) C:\Program Files\Norman\Npm\Bin\Njeeves.exe
FirewallRules: [{E3BA15A7-8199-4AAE-8D14-957064371D18}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{93309ED7-4097-48B6-828B-E348BD60673C}] => (Allow) C:\Users\Louisa\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D2DB54F9-D9A6-49CB-96CE-B136CD8038EC}] => (Allow) C:\Users\Louisa\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{BA6088B7-94A6-4534-96F2-5167784E6102}C:\users\louisa\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\louisa\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{6C09BDC9-A237-4393-A3BD-4155FDECF6C6}C:\users\louisa\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\louisa\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{17195C0C-520D-46C0-AFEC-894375B3BD37}C:\users\louisa\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\louisa\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C8F5C0E3-141F-49E1-8A5A-393C37425F43}C:\users\louisa\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\louisa\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{4B447191-32F3-4A9F-9A26-BD46ECBF1C09}C:\users\louisa\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\louisa\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{48EDBA21-84B6-4441-83E2-D7FB7CFA1E7F}C:\users\louisa\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\louisa\appdata\roaming\spotify\spotify.exe
FirewallRules: [{8DD5E38A-4D3D-4062-A6C3-0BADBA16BBE9}] => (Allow) C:\Program Files (x86)\webcam 7\webcam7.exe
FirewallRules: [{71AF43EA-A416-4FB4-9391-54D0B7AB27F4}] => (Allow) C:\Program Files (x86)\webcam 7\webcam7.exe
FirewallRules: [{664DAB79-150F-4663-9615-EE61745BFD41}] => (Allow) C:\Program Files (x86)\webcam 7\webcam7.Service.exe
FirewallRules: [{BDDFD970-5A7D-416E-8E88-DBDDBBDD6204}] => (Allow) C:\Program Files (x86)\webcam 7\webcam7.Service.exe
FirewallRules: [TCP Query User{3CAEE627-1D99-4D0C-A06F-D3EA3602C3AC}C:\program files (x86)\webcam 7\webcam7.exe] => (Block) C:\program files (x86)\webcam 7\webcam7.exe
FirewallRules: [UDP Query User{56EBD390-A636-4FC5-9C6B-8D0E50A62E66}C:\program files (x86)\webcam 7\webcam7.exe] => (Block) C:\program files (x86)\webcam 7\webcam7.exe
FirewallRules: [TCP Query User{90860EE6-BEA8-4423-9375-1040DD4AA8E3}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{810086B3-7587-4030-80BE-082C6B7E1695}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{4100C7F9-D5AF-4614-A1E5-A2E8AB13DBDA}] => (Block) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{2DE9F684-3ACA-4322-8E26-4EC019F5835B}] => (Block) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{0EFA86D1-C190-4974-BEFF-A91EEF110ED2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/08/2015 08:13:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: a08
Startzeit: 01d0a1fb60af2daa
Endzeit: 32
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID: fd0bdc12-0e09-11e5-9ca3-bcaec55f63db
Error: (06/08/2015 10:03:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5075930
Error: (06/08/2015 10:03:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5075930
Error: (06/08/2015 10:03:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/08/2015 08:39:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2091
Error: (06/08/2015 08:39:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2091
Error: (06/08/2015 08:39:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/08/2015 08:39:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1061
Error: (06/08/2015 08:39:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1061
Error: (06/08/2015 08:39:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (06/09/2015 05:14:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f081f fehlgeschlagen: Windows Update Core
Error: (06/09/2015 01:08:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f081f fehlgeschlagen: Windows Update Core
Error: (06/09/2015 08:06:41 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f081f fehlgeschlagen: Windows Update Core
Error: (06/09/2015 03:05:09 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f081f fehlgeschlagen: Windows Update Core
Error: (06/08/2015 10:03:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f081f fehlgeschlagen: Windows Update Core
Error: (06/08/2015 08:13:05 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error: (06/08/2015 08:13:02 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error: (06/08/2015 08:12:59 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error: (06/08/2015 08:12:56 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error: (06/08/2015 08:12:53 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Microsoft Office:
=========================
Error: (06/08/2015 08:13:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567a0801d0a1fb60af2daa32C:\Windows\Explorer.EXEfd0bdc12-0e09-11e5-9ca3-bcaec55f63db
Error: (06/08/2015 10:03:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5075930
Error: (06/08/2015 10:03:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5075930
Error: (06/08/2015 10:03:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/08/2015 08:39:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2091
Error: (06/08/2015 08:39:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2091
Error: (06/08/2015 08:39:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/08/2015 08:39:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1061
Error: (06/08/2015 08:39:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1061
Error: (06/08/2015 08:39:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 51%
Total physical RAM: 6055.77 MB
Available physical RAM: 2950.93 MB
Total Pagefile: 12109.72 MB
Available Pagefile: 8674.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:20.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:327.83 GB) (Free:34.11 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=21.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=327.8 GB) - (Type=OF Extended)
==================== End of log ============================
--- --- --- Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Louisa (administrator) on R12-AEM1-27 on 09-06-2015 17:23:03
Running from C:\Users\Louisa\Downloads
Loaded Profiles: UpdatusUser & Louisa (Available Profiles: UpdatusUser & Louisa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\nfservice.exe
(Norman Safeground AS) C:\Program Files\Norman\Nse\bin\nseupdatesvc.exe
(Norman Safeground AS) C:\Program Files\Norman\Nvc\bin\nvcsvc.exe
(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\nvoy.exe
(Norman Safeground AS) C:\Program Files\Norman\Ngs\bin\nprosec.exe
(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\nwscmon.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\zanda.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sonix Technology Co., Ltd.) C:\Windows\vsnp2uvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(syncables, LLC) C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
(Spotify Ltd) C:\Users\Louisa\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\scheduler.exe
() C:\Program Files\Norman\Npm\Bin\njeeves2.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\zlh.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Norman Safeground AS) C:\Program Files\Norman\Npm\Bin\zlhh.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Louisa\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Louisa\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Louisa\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Louisa\AppData\Roaming\Spotify\Spotify.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Louisa\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [909824 2010-01-21] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-13] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Norman ZANDA] => C:\Program Files\Norman\Npm\Bin\ZLH.EXE [88536 2014-08-26] (Norman Safeground AS)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707496 2014-08-15] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-07] (Google Inc.)
HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\...\Run: [Facebook Update] => C:\Users\Louisa\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\...\Run: [EA Core] => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent
HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\...\Run: [Syncables] => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31090792 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\...\Run: [Spotify] => C:\Users\Louisa\AppData\Roaming\Spotify\Spotify.exe [7323192 2015-05-30] (Spotify Ltd)
HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\...\Run: [Spotify Web Helper] => "C:\Users\Louisa\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\...\Run: [GoogleChromeAutoLaunch_B8050DFF4F24BBB17C69D489F2D5390E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)
HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin
HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\...\MountPoints2: {05ec7609-5f04-11e4-badf-bcaec55f63db} - F:\Startme.exe
HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\...\MountPoints2: {0df2617f-3364-11e4-bab4-bcaec55f63db} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\...\MountPoints2: {2c4f2250-4936-11e3-9b44-bcaec55f63db} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\...\MountPoints2: {3ab95135-1057-11e4-9300-bcaec55f63db} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\...\MountPoints2: {8df8a0a9-4883-11e0-94f4-806e6f6e6963} - E:\Autorun.exe
HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1308098430-1506930464-3000473889-1001\...\Run: [Syncables] => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
HKU\S-1-5-21-1308098430-1506930464-3000473889-1001\...\Run: [Spotify Web Helper] => C:\Users\Louisa\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-05-30] (Spotify Ltd)
HKU\S-1-5-21-1308098430-1506930464-3000473889-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-1308098430-1506930464-3000473889-1001\...\Run: [Spotify] => C:\Users\Louisa\AppData\Roaming\Spotify\Spotify.exe [7323192 2015-05-30] (Spotify Ltd)
HKU\S-1-5-21-1308098430-1506930464-3000473889-1001\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1308098430-1506930464-3000473889-1001\...\MountPoints2: {05ec7609-5f04-11e4-badf-bcaec55f63db} - G:\Startme.exe
HKU\S-1-5-21-1308098430-1506930464-3000473889-1001\...\MountPoints2: {0df2617f-3364-11e4-bab4-bcaec55f63db} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1308098430-1506930464-3000473889-1001\...\MountPoints2: {2c4f2250-4936-11e3-9b44-bcaec55f63db} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1308098430-1506930464-3000473889-1001\...\MountPoints2: {3ab95135-1057-11e4-9300-bcaec55f63db} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1308098430-1506930464-3000473889-1001\...\MountPoints2: {d950d664-9d55-11e4-9cc6-bcaec55f63db} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1308098430-1506930464-3000473889-1001\...\MountPoints2: {dd13257f-b168-11e4-9931-bcaec55f63db} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1308098430-1506930464-3000473889-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-06-05] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [192616 2010-12-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2011-03-07]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2011-03-07]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013-04-02]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1308098430-1506930464-3000473889-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-1308098430-1506930464-3000473889-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-1308098430-1506930464-3000473889-1000 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKU\S-1-5-21-1308098430-1506930464-3000473889-1000 - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1308098430-1506930464-3000473889-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1308098430-1506930464-3000473889-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1308098430-1506930464-3000473889-1000 -> {59EF53E4-5719-4F8C-A7D7-29FC4D0E8245} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=60D7AED4-98D4-4619-9A20-E8F386ADE084&apn_sauid=7114B921-E439-414B-B4C5-4D6858EE81DA
SearchScopes: HKU\S-1-5-21-1308098430-1506930464-3000473889-1000 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKU\S-1-5-21-1308098430-1506930464-3000473889-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-1308098430-1506930464-3000473889-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-17] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-07-11] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-17] (Oracle Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-07-11] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-02-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1308098430-1506930464-3000473889-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Louisa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2012-03-15] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Extension: Click to call with Skype - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-11]
Chrome:
=======
CHR Profile: C:\Users\Louisa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Louisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-15]
CHR Extension: (Google Docs) - C:\Users\Louisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-07]
CHR Extension: (Google Drive) - C:\Users\Louisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-07]
CHR Extension: (YouTube) - C:\Users\Louisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-07]
CHR Extension: (Adblock Plus) - C:\Users\Louisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-22]
CHR Extension: (Google Search) - C:\Users\Louisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-07]
CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Louisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-12-29]
CHR Extension: (Google Sheets) - C:\Users\Louisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-15]
CHR Extension: (Catconvert.com extension) - C:\Users\Louisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpicomjaoadgifcfphifpplbfckhnfjp [2014-12-18]
CHR Extension: (Bookmark Manager) - C:\Users\Louisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Stealthy) - C:\Users\Louisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje [2015-03-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Louisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Louisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Louisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-07]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-07-11]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 nfservice; C:\Program Files\Norman\npm\bin\nfservice.exe [196072 2015-02-16] (Norman Safeground AS)
R3 NJeeves2; C:\Program Files\Norman\Npm\Bin\Njeeves2.exe [179080 2014-11-26] ()
R2 Norman ZANDA; C:\Program Files\Norman\Npm\Bin\Zanda.exe [456664 2014-06-23] (Norman Safeground AS)
R2 NPROSECSVC; C:\Program Files\Norman\Ngs\Bin\Nprosec.exe [140032 2014-10-14] (Norman Safeground AS)
R2 nseupdatesvc; C:\Program Files\Norman\nse\bin\nseupdatesvc.exe [261992 2015-02-16] (Norman Safeground AS)
R2 nvcsvc; C:\Program Files\Norman\nvc\bin\nvcsvc.exe [403608 2015-03-23] (Norman Safeground AS)
R2 NVOY; C:\Program Files\Norman\Npm\Bin\Nvoy.exe [249120 2014-06-18] (Norman Safeground AS)
R2 NWSCMON; C:\Program Files\Norman\Npm\Bin\nwscmon.exe [231008 2014-08-18] (Norman Safeground AS)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R3 Scheduler; C:\Program Files\Norman\Npm\Bin\scheduler.exe [199680 2014-06-18] (Norman Safeground AS)
S3 w7Svc; C:\Program Files (x86)\webcam 7\webcam7.Service.exe [3403760 2014-07-15] (Moonware Studios)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-02-12] (Disc Soft Ltd)
R3 gzflt; C:\Program Files\Norman\nvc\bin\gzflt.sys [155912 2015-02-16] (BitDefender LLC)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-21] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-09] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R1 NGS; c:\program files\norman\ngs\bin\ngs64.sys [23488 2014-06-17] (Norman Safeground AS)
R3 NNetSecC; C:\Program Files\Norman\ngs\bin\nnetsecc64.sys [55408 2014-06-17] (Norman Safeground AS)
R1 NNetSecL; C:\Windows\System32\DRIVERS\nnetsecl64.sys [34440 2011-08-11] (Norman ASA)
R1 NPROSEC; C:\Program Files\Norman\Ngs\Bin\nprosec64.sys [41536 2014-08-27] (Norman Safeground AS)
R2 nregsec; C:\Program Files\Norman\Ngs\Bin\nregsec64.sys [68792 2014-10-14] (Norman Safeground AS)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-02-16] (BitDefender S.R.L.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-08-15] (Cisco Systems, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-09 17:23 - 2015-06-09 17:23 - 00029585 _____ C:\Users\Louisa\Downloads\FRST.txt
2015-06-09 17:22 - 2015-06-09 17:23 - 00000000 ____D C:\FRST
2015-06-09 17:22 - 2015-06-09 17:22 - 02108928 _____ (Farbar) C:\Users\Louisa\Downloads\FRST64.exe
2015-06-09 17:21 - 2015-06-09 17:21 - 01147904 _____ (Farbar) C:\Users\Louisa\Downloads\FRST.exe
2015-06-09 17:21 - 2015-06-09 17:21 - 00000544 _____ C:\Users\Louisa\Downloads\defogger_disable.log
2015-06-09 17:21 - 2015-06-09 17:21 - 00000168 _____ C:\Users\Louisa\defogger_reenable
2015-06-09 17:19 - 2015-06-09 17:19 - 00380416 _____ C:\Users\Louisa\Downloads\sytkgtuo.exe
2015-06-09 17:18 - 2015-06-09 17:18 - 00050477 _____ C:\Users\Louisa\Downloads\Defogger.exe
2015-06-05 12:35 - 2015-06-08 20:14 - 00000000 ____D C:\Users\Louisa\Desktop\Handy
2015-06-01 11:50 - 2015-06-01 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Sync
2015-05-31 21:31 - 2015-05-31 21:32 - 00000000 ____D C:\Users\Louisa\.mediathek3
2015-05-31 21:28 - 2015-05-31 21:29 - 31682440 _____ C:\Users\Louisa\Downloads\MediathekView_9.zip
2015-05-26 14:55 - 2015-06-02 13:50 - 00000000 ____D C:\Users\Louisa\Documents\AaronBewerbungen
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-09 17:21 - 2013-04-02 00:41 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-09 17:21 - 2011-07-21 12:12 - 00000000 ____D C:\Users\Louisa
2015-06-09 17:17 - 2014-12-10 12:48 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-09 17:15 - 2015-02-16 14:03 - 00010143 _____ C:\Windows\setupact.log
2015-06-09 17:15 - 2009-07-14 06:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-09 17:15 - 2009-07-14 06:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-09 17:14 - 2011-03-07 06:50 - 02018403 _____ C:\Windows\WindowsUpdate.log
2015-06-09 17:13 - 2013-12-26 19:13 - 00000000 ____D C:\Users\Louisa\AppData\Roaming\Spotify
2015-06-09 16:42 - 2011-03-07 07:30 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-09 14:39 - 2011-09-06 16:40 - 00001142 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1308098430-1506930464-3000473889-1001UA.job
2015-06-09 02:39 - 2011-09-06 16:40 - 00001120 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1308098430-1506930464-3000473889-1001Core.job
2015-06-08 20:42 - 2011-03-07 07:30 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-08 20:14 - 2009-08-04 11:51 - 00710616 _____ C:\Windows\system32\perfh007.dat
2015-06-08 20:14 - 2009-08-04 11:51 - 00153064 _____ C:\Windows\system32\perfc007.dat
2015-06-08 20:14 - 2009-07-14 07:13 - 01649480 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-08 18:53 - 2013-12-26 19:15 - 00000000 ____D C:\Users\Louisa\AppData\Local\Spotify
2015-06-08 16:57 - 2011-07-21 12:13 - 00045056 _____ C:\Windows\SysWOW64\acovcnt.exe
2015-06-08 16:56 - 2012-08-31 13:39 - 00000000 ____D C:\Program Files\Norman
2015-06-08 16:56 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-04 16:27 - 2014-11-14 22:10 - 00245760 ___SH C:\Users\Louisa\Desktop\Thumbs.db
2015-06-01 00:38 - 2013-01-07 17:51 - 00000000 ____D C:\Users\Louisa\AppData\Roaming\vlc
2015-05-30 11:25 - 2015-01-20 15:04 - 00000000 ____D C:\Users\Louisa\Desktop\Fotos zum ausdrucken
2015-05-28 19:46 - 2011-07-21 18:41 - 00000000 ____D C:\Users\Louisa\AppData\Roaming\Skype
2015-05-21 17:51 - 2014-12-10 12:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-21 17:51 - 2014-12-10 12:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-19 21:56 - 2015-04-22 08:26 - 00014913 _____ C:\Users\Louisa\Desktop\Tourenplan Karlsberg Weizen Sampling 2015 ******* *******.xlsx
2015-05-19 20:37 - 2011-03-07 07:30 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-19 20:37 - 2011-03-07 07:30 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
==================== Files in the root of some directories =======
2013-07-27 14:40 - 2014-12-10 12:42 - 0000095 _____ () C:\Users\Louisa\AppData\Roaming\WB.CFG
2013-06-23 02:43 - 2013-06-23 02:43 - 0000005 _____ () C:\Users\Louisa\AppData\Roaming\WBPU-Q2-TTL.DAT
2014-01-02 23:31 - 2014-01-03 01:40 - 0000005 _____ () C:\Users\Louisa\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-06-22 01:40 - 2014-01-15 02:40 - 0000005 _____ () C:\Users\Louisa\AppData\Roaming\WBPU-TTL.DAT
2011-08-30 21:51 - 2013-02-01 22:13 - 0006656 _____ () C:\Users\Louisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-07 10:00 - 2013-08-07 10:00 - 0051157 _____ () C:\Users\Louisa\AppData\Local\InfoBirdPro.crx
2014-03-24 21:51 - 2014-03-24 21:51 - 0004096 ____H () C:\Users\Louisa\AppData\Local\keyfile3.drm
2012-06-12 13:56 - 2012-06-12 13:57 - 38854712 _____ () C:\Users\Louisa\AppData\Local\T.wav
2014-12-30 10:53 - 2014-12-30 10:53 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-02-05 19:38 - 2014-02-05 19:38 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2011-03-07 07:52 - 2010-07-07 02:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2011-03-07 07:27 - 2011-03-07 07:28 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-03-07 07:26 - 2011-03-07 07:27 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
Some files in TEMP:
====================
C:\Users\Louisa\AppData\Local\Temp\13077574224658429547.exe
C:\Users\Louisa\AppData\Local\Temp\AutoRun.exe
C:\Users\Louisa\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Louisa\AppData\Local\Temp\eauninstall.exe
C:\Users\Louisa\AppData\Local\Temp\First15.exe
C:\Users\Louisa\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Louisa\AppData\Local\Temp\ICReinstall_13077574224658429547.exe
C:\Users\Louisa\AppData\Local\Temp\JDSetup130775742227193186.exe
C:\Users\Louisa\AppData\Local\Temp\Quarantine.exe
C:\Users\Louisa\AppData\Local\Temp\sqlite3.dll
C:\Users\Louisa\AppData\Local\Temp\The Sims 2_uninst.exe
C:\Users\Louisa\AppData\Local\Temp\VP6Install.exe
C:\Users\Louisa\AppData\Local\Temp\VP6VFW.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-03 13:14
==================== End of log ============================
|
So funktioniert es:
Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
dann auf 
und dann auf 
. 
