| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Pc nach Positive Finds InfektionWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.02.2015, 14:38
| #1 |
| |  Pc nach Positive Finds Infektion Hallo Allerseits Ich hatte mir am 16.02 Positive Finds über den Free Youtube Downloader von DVDVideoSoft zugezogen. Der Pc ist inzwischen frei von Symptomen, doch bevor ich die Passwörter ändere und den Browser in normalen Betrieb nehme wäre es schön wenn Ihr einen Blick darauf werft ob tatsächlich alle Spuren beseitigt sind. Es existieren Logfiles, wobei ich einige positive Avira, Adwcleaner und JRT aus den ersten Tagen verloren habe. Folgendes kann ich anbieten: FRST - 18-02-2015 23:56:56 - 19-02-2015 00:33:50 - 19-02-2015 05:13:38 - 19-02-2015 19:22:55 - 20-02-2015 21:56:30 GMER - 2015-02-19 00:18:33 Malwarebytes - Positive 2015-02-18 (14-02-37) - Positive mbam-log-2015-02-19 (00-47-51) - seither negativ. Mbam Schutzprotokolle 18.02,19.02,20.02,21.02 alle mit Funden Malwarebytes Anti Rootkit - lief diverse Male, alles negativ AdwCleaner - 19/02/2015 at 17:31:39 - seither negativ JRT - positiv am 18.02 (verloren) - seither negativ ESET - Positive, alles AdwQuarantäne 19.02.15 11:23:17 - Positive 2015-02-19 03:28:19 - seither negativ. herdProtect - Positive 18-02-15 22-37 - Positive 18.02.15 23-46 - Positive 19-02-15 20-37 Avira - positiv am 17.02 (verloren) - seither negativ. Um den Thread nicht unnötig zu überladen warte ich um zu sehen, was davon mein Helfer als tatsächlich relevant empfindet und poste es dann unverzüglich nach. Auf alle Fälle tausend Dank im Voraus, Nymph |
|
21.02.2015, 14:59
| #2 |
| /// the machine /// TB-Ausbilder    | Pc nach Positive Finds Infektion hi,
__________________frische FRST Logs bitte. Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
21.02.2015, 15:19
| #3 |
| | Pc nach Positive Finds Infektion FRST
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-02-2015 01 Ran by Laura (administrator) on TYSIA on 21-02-2015 15:15:34 Running from C:\Users\Laura\Contacts\Desktop Loaded Profiles: Laura & (Available profiles: Laura & Catsitter & Administrator) Platform: Microsoft Windows 7 Home Premium (X86) OS Language: English (United States) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.) HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC) HKLM\...\Run: [] => [X] HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-05-09] (Realtek Semiconductor) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll",DllRegisterServer HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll",DllRegisterServer HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer HKU\S-1-5-21-3161636880-329456100-441217609-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.) HKU\S-1-5-21-3161636880-329456100-441217609-1001\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3161636880-329456100-441217609-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-3161636880-329456100-441217609-1001\...\Policies\Explorer: [] HKU\S-1-5-21-3161636880-329456100-441217609-1001\...\MountPoints2: I - I:\Setup.exe HKU\S-1-5-21-3161636880-329456100-441217609-1001\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.) HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [] HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: I - I:\Setup.exe HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.) HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\Explorer: [] HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: I - I:\Setup.exe HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.) HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Policies\Explorer: [] HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: I - I:\Setup.exe HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: I - I:\Setup.exe HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: I - I:\Setup.exe HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: I - I:\Setup.exe HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: I - I:\Setup.exe HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: I - I:\Setup.exe HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: I - I:\Setup.exe HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe IFEO\appvlp.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\cvh.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\divxcontrolpanellauncher.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\excel.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\groove.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\hpwucli.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\icloud.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\iclouddrive.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\icloudweb.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\infopath.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\lync.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\msaccess.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\msoev.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\msotd.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\msouc.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\mspub.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\ocpubmgr.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\onenote.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\onenotem.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\outlook.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\powerpnt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\setlang.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\sftdde.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\shellstreamsshortcut.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\skype.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\winword.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) GroupPolicyUsers\S-1-5-21-3161636880-329456100-441217609-1005\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com URLSearchHook: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No File URLSearchHook: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - (No Name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No File URLSearchHook: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 - (No Name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No File SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1001 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms} SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms} SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms} SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms} SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4B2C0209-C85F-4093-B5F2-112754D6F35A} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_cmi_14_28_ch&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DzytD0FyD0DtCyB0C0AyDtN0D0Tzu0SzytBtDtN1L2XzutBtFtBtCtFtCtCtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtByDzztCtA0D0EtGyDtC0DyDtGyByDtDtBtGtD0FyD0AtGtA0B0Fzy0FyCzzyE0C0EyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzzzzz0FtBtGtA0A0AzztG0C0EtDtCtG0CtC0E0BtGtDyDtB0D0D0E0CzytDyCtBtB2Q&cr=2143589514&ir= SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms} SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111123130204745&tb_oid=23-11-2011&tb_mrud=23-11-2011 SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {4B2C0209-C85F-4093-B5F2-112754D6F35A} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_cmi_14_28_ch&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DzytD0FyD0DtCyB0C0AyDtN0D0Tzu0SzytBtDtN1L2XzutBtFtBtCtFtCtCtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtByDzztCtA0D0EtGyDtC0DyDtGyByDtDtBtGtD0FyD0AtGtA0B0Fzy0FyCzzyE0C0EyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzzzzz0FtBtGtA0A0AzztG0C0EtDtCtG0CtC0E0BtGtDyDtB0D0D0E0CzytDyCtBtB2Q&cr=2143589514&ir= SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms} SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111123130204745&tb_oid=23-11-2011&tb_mrud=23-11-2011 SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {4B2C0209-C85F-4093-B5F2-112754D6F35A} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_cmi_14_28_ch&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DzytD0FyD0DtCyB0C0AyDtN0D0Tzu0SzytBtDtN1L2XzutBtFtBtCtFtCtCtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtByDzztCtA0D0EtGyDtC0DyDtGyByDtDtBtGtD0FyD0AtGtA0B0Fzy0FyCzzyE0C0EyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzzzzz0FtBtGtA0A0AzztG0C0EtDtCtG0CtC0E0BtGtDyDtB0D0D0E0CzytDyCtBtB2Q&cr=2143589514&ir= SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms} SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111123130204745&tb_oid=23-11-2011&tb_mrud=23-11-2011 SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4B2C0209-C85F-4093-B5F2-112754D6F35A} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_cmi_14_28_ch&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DzytD0FyD0DtCyB0C0AyDtN0D0Tzu0SzytBtDtN1L2XzutBtFtBtCtFtCtCtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtByDzztCtA0D0EtGyDtC0DyDtGyByDtDtBtGtD0FyD0AtGtA0B0Fzy0FyCzzyE0C0EyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzzzzz0FtBtGtA0A0AzztG0C0EtDtCtG0CtC0E0BtGtDyDtB0D0D0E0CzytDyCtBtB2Q&cr=2143589514&ir= SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms} SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111123130204745&tb_oid=23-11-2011&tb_mrud=23-11-2011 SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {4B2C0209-C85F-4093-B5F2-112754D6F35A} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_cmi_14_28_ch&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DzytD0FyD0DtCyB0C0AyDtN0D0Tzu0SzytBtDtN1L2XzutBtFtBtCtFtCtCtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtByDzztCtA0D0EtGyDtC0DyDtGyByDtDtBtGtD0FyD0AtGtA0B0Fzy0FyCzzyE0C0EyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzzzzz0FtBtGtA0A0AzztG0C0EtDtCtG0CtC0E0BtGtDyDtB0D0D0E0CzytDyCtBtB2Q&cr=2143589514&ir= SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms} SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111123130204745&tb_oid=23-11-2011&tb_mrud=23-11-2011 SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {4B2C0209-C85F-4093-B5F2-112754D6F35A} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_cmi_14_28_ch&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DzytD0FyD0DtCyB0C0AyDtN0D0Tzu0SzytBtDtN1L2XzutBtFtBtCtFtCtCtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtByDzztCtA0D0EtGyDtC0DyDtGyByDtDtBtGtD0FyD0AtGtA0B0Fzy0FyCzzyE0C0EyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzzzzz0FtBtGtA0A0AzztG0C0EtDtCtG0CtC0E0BtGtDyDtB0D0D0E0CzytDyCtBtB2Q&cr=2143589514&ir= SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms} SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111123130204745&tb_oid=23-11-2011&tb_mrud=23-11-2011 BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation) BHO: HP Smart Print Helper -> {FD6C6509-FE36-44B0-A917-6C2A0DDBDF88} -> C:\Program Files\Hewlett-Packard\Smart Print 2.7\Espresso.dll (Hewlett-Packard) Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\biV8Jwpq.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @java.com/DTPlugin,version=11.11.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.11.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Avira Browser Safety - C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\biV8Jwpq.default\Extensions\abs@avira.com [2015-02-20] Chrome: ======= CHR HomePage: Default -> hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP CHR StartupUrls: Default -> "hxxp://google.com/" CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.) CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\internal-nacl-plugin No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll () CHR Plugin: (Star Stable Online) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbhalcddeebgbegbfkgngofgldddanae\1.0.0.5_0\npstudioruntime.dll (World of Horsecraft AB) CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java Deployment Toolkit 8.0.110.12) - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Java(TM) Platform SE 8 U11) - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll () CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) CHR Profile: C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (A Quotation) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\aafpohheobbibbehfjogminpinjhlpmg [2015-02-20] CHR Extension: (StudyMode.com) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\afhaomgjckjnioommpjdnanglalimoon [2015-02-20] CHR Extension: (oTranscribe) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcepnaeajjgbbagpgaihnljdadhhibb [2015-02-20] CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2015-02-20] CHR Extension: (Newsela) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfpeiapdhnegnfcfkdfihabadngjagfj [2015-02-20] CHR Extension: (Todoist for Chromebook) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjohebimpjdhhocbknplfelpmdhifhd [2015-02-20] CHR Extension: (Quizlet) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgofflgeghkhocbociocnckocbjmomjh [2015-02-20] CHR Extension: (Gliffy Diagrams) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmicilclplefnflapjmnngmkkkkpfad [2015-02-20] CHR Extension: (WOT) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-02-19] CHR Extension: (YouTube) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-20] CHR Extension: (CurriculumLoft) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnmoibmekgcegldojdjnhjfhcjkhoihd [2015-02-20] CHR Extension: (FastFig) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\bogefeobnkbodnohkifkjfdipjmdljkd [2015-02-20] CHR Extension: (EasyBib) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbpiiblghhnlalifiaddecedaeaijdpe [2015-02-20] CHR Extension: (Flashcard Stash) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgopclnilgekngdlkfkegddejocmmmim [2015-02-20] CHR Extension: (Bookalize) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\coibmloalinjcpcboimmeibmdhonfhad [2015-02-20] CHR Extension: (Wörterbuch Latein) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpmklgjkhbekncoffnedmenihggbcbpd [2015-02-20] CHR Extension: (iVocab: GRE, TOEFL and SAT) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddbfkngjokojcmmadaaipmjiacnnmgbl [2015-02-20] CHR Extension: (Davitily Math Academy) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdgkencbhniekejnjmlkpfmcambmikj [2015-02-20] CHR Extension: (Brilliant) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\eommhbliilafdkodaijeejngbjiiaccl [2015-02-20] CHR Extension: (Type Scout) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\fedokkaolmkkoeedicihicdeppjjeamj [2015-02-20] CHR Extension: (Avira Browser Safety) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-06] CHR Extension: (Science Penguin) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\gimenpegjajnbdolclaoenakboibojfd [2015-02-20] CHR Extension: (Days Until) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjoncaelhmjienakbbocmlceofcjpdlg [2015-02-20] CHR Extension: (Google Calendar (by Google)) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2015-02-20] CHR Extension: (Typo Express) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\haijhjgfgmgemgjeoomhobpcfgekifcj [2015-02-20] CHR Extension: (Pomodoro Timer) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgjlgjnpkpmnpojkkpfkogapiclopop [2015-02-20] CHR Extension: (KanbanFlow) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhlbmjihokflibmbfmldajolmkaemhi [2015-02-20] CHR Extension: (Send Anywhere (File Transfer)) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihbikoooaenkpdooehgemieligjejcb [2015-02-20] CHR Extension: (Popular Math) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\hldopnmmmjmhibkkhjihpejkbpnnnmkm [2015-02-20] CHR Extension: (Google Keep - notes and lists) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-02-20] CHR Extension: (Cram.com Flashcards) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibnbbdmpeahiaeeiadlfamiomkomeijh [2015-02-20] CHR Extension: (wikiHow Survival Kit) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ickaeddjnhfofihhibhnjemlphjmnchl [2015-02-20] CHR Extension: (Memrise) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipanemchpnjhopmgcmmjhjcniogmoooc [2015-02-20] CHR Extension: (Anatomy Games) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbplkkegndhkgnendpdhcffamoplajga [2015-02-20] CHR Extension: (RechnungXXL) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfpokejaigabbkedehdmkdoblcamilok [2015-02-20] CHR Extension: (ProProfs Flashcards Software) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmgkcoagcbljcbdnapoioiifghiioaba [2015-02-20] CHR Extension: (Star Stable Online starstable.sat1spiele.de) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbhalcddeebgbegbfkgngofgldddanae [2015-02-18] CHR Extension: (iDoneThis) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\lokihmieoechcdpifjfhokeamedacaed [2015-02-20] CHR Extension: (Word Counter Notepad - Counts what you write.) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbmbpobpcglgjninpmpmdocbjdjimid [2015-02-20] CHR Extension: (Ghostery) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-02-20] CHR Extension: (Math Science Engineering Calculators) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnaaclhkigagfmmmejenjpgjmemgkipa [2015-02-20] CHR Extension: (DropTask) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbjipcefkmoefanpmoknoeagoaokhifa [2015-02-20] CHR Extension: (TeacherTube) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbnaepfkikcjdhaciekglfcjnfbgpmdn [2015-02-20] CHR Extension: (BrainShare) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nokdnmolecgbjheobnnnloifgilgimof [2015-02-20] CHR Extension: (TypingClub) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah [2015-02-20] CHR Extension: (Artezio Chronometers) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfanegcbhiaecibiehjcgobhbaibepg [2015-02-20] CHR Extension: (Wunderlist for Chrome) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojcflmmmcfpacggndoaaflkmcoblhnbh [2015-02-20] CHR Extension: (Freelancy Time Tracker) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkajbcicgbkoefeclmjjbdhidnnmgkh [2015-02-20] CHR Extension: (Reference.com) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooffafbjcjgjinobbfdgkefebeiodngk [2015-02-20] CHR Extension: (k-12 Mathematical Simulations) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\phibhpccfjfcchdcmkjlfflancpppomn [2015-02-20] CHR Extension: (Evernote Web Clipper) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2015-02-08] CHR Extension: (Gmail) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-20] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-11-10] (Adobe Systems) [File not signed] R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG) S4 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1679536 2014-11-11] (Microsoft Corporation) S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [1087792 2014-11-10] (Flexera Software LLC) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1729336 2013-12-10] (TuneUp Software) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11944 2013-03-08] (Advanced Micro Devices Inc.) R0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [15528 2012-09-23] (Advanced Micro Devices, Inc.) R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [62592 2010-05-14] (Advanced Micro Devices) R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [24192 2010-05-14] (Advanced Micro Devices) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-11-24] (Avira Operations GmbH & Co. KG) R3 johci; C:\Windows\System32\DRIVERS\johci.sys [23136 2012-07-16] (JMicron Technology Corp.) R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider) R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [28464 2011-12-29] (COMPAL ELECTRONIC INC.) R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-11-21] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-21] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF32.sys [108544 2011-08-15] (Matrox Graphics Inc.) [File not signed] S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [104744 2009-03-25] (MCCI Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-11-24] (Avira GmbH) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-11-16] (TuneUp Software) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] U3 ugtdipod; \??\C:\Users\Laura\AppData\Local\Temp\ugtdipod.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-21 15:14 - 2015-02-21 15:14 - 00000000 _____ () C:\Users\Laura\defogger_reenable 2015-02-21 03:02 - 2015-02-21 03:02 - 00000000 ____D () C:\Windows\system32\SPReview 2015-02-20 19:08 - 2015-02-20 19:08 - 00132100 _____ () C:\Windows\PFRO.log 2015-02-20 16:45 - 2015-02-20 16:45 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Avira 2015-02-20 16:44 - 2015-02-20 16:41 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-02-20 16:40 - 2015-02-20 16:40 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Mozilla 2015-02-20 16:35 - 2014-11-24 10:23 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-02-20 16:35 - 2014-11-24 10:23 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-02-20 16:35 - 2014-11-24 10:23 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2015-02-20 16:35 - 2014-11-24 10:23 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys 2015-02-20 16:29 - 2015-02-20 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-02-20 16:03 - 2015-02-20 19:08 - 00000112 _____ () C:\Windows\setupact.log 2015-02-20 16:03 - 2015-02-20 16:03 - 00459320 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-20 16:03 - 2015-02-20 16:03 - 00000000 _____ () C:\Windows\setuperr.log 2015-02-20 00:17 - 2015-02-20 00:17 - 00001717 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-02-20 00:17 - 2015-02-20 00:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-02-20 00:06 - 2015-02-20 00:06 - 00117776 _____ () C:\Users\Laura\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-20 00:05 - 2015-02-20 00:13 - 00000000 ____D () C:\Users\Laura\Downloads\chrome-youtube-downloader-2.6.20 2015-02-20 00:02 - 2015-02-20 00:02 - 00099158 _____ () C:\Users\Laura\Downloads\chrome-youtube-downloader-2.6.20.zip 2015-02-19 17:26 - 2015-02-21 13:31 - 00000000 ____D () C:\AdwCleaner 2015-02-19 11:29 - 2015-02-19 11:29 - 00000000 ____D () C:\Program Files\VS Revo Group 2015-02-19 11:28 - 2015-02-20 21:24 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-02-19 05:16 - 2015-02-19 11:45 - 00000000 ____D () C:\Program Files\ESET 2015-02-18 21:42 - 2015-02-21 15:15 - 00000000 ____D () C:\FRST 2015-02-18 21:32 - 2015-02-18 21:32 - 00001230 _____ () C:\Users\Public\Desktop\herdProtect.lnk 2015-02-18 21:32 - 2015-02-18 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herdProtect 2015-02-18 21:32 - 2015-02-18 21:32 - 00000000 ____D () C:\Program Files\Reason 2015-02-18 19:28 - 2015-02-18 19:28 - 00000000 ____D () C:\Users\Laura\Tracing 2015-02-18 19:27 - 2015-02-18 19:27 - 00000000 ___RD () C:\Program Files\Skype 2015-02-18 19:27 - 2015-02-18 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-02-18 19:27 - 2015-02-18 19:27 - 00000000 ____D () C:\Program Files\Common Files\Skype 2015-02-18 16:16 - 2015-02-18 16:17 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Live 2015-02-18 14:00 - 2015-02-21 13:19 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-18 13:59 - 2015-02-18 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-18 13:59 - 2015-02-18 13:59 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-18 13:59 - 2015-02-18 13:59 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-02-18 13:59 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-18 13:59 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-18 13:59 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-02-17 14:24 - 2015-02-18 13:05 - 00000000 ____D () C:\Users\Laura\AppData\Local\EvernoteNW 2015-02-17 00:16 - 2013-12-10 18:43 - 00030520 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll 2015-02-17 00:16 - 2013-12-10 18:43 - 00022328 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll 2015-02-17 00:10 - 2015-02-17 00:10 - 00002111 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk 2015-02-17 00:10 - 2015-02-17 00:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 2015-02-17 00:10 - 2013-12-10 18:43 - 00032568 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe 2015-02-16 23:59 - 2015-02-16 23:59 - 00000000 ____D () C:\Users\Catsitter\AppData\Local\Apple Computer 2015-02-16 16:09 - 2015-02-19 04:49 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2015-02-15 22:54 - 2015-02-15 22:54 - 00002211 _____ () C:\Users\Laura\AppData\Local\recently-used.xbel 2015-02-15 22:50 - 2015-02-15 22:54 - 00000000 ____D () C:\Users\Laura\AppData\Local\gtk-2.0 2015-02-11 00:31 - 2015-02-11 00:31 - 00001353 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDMaker - Shortcut.lnk 2015-02-11 00:26 - 2015-02-11 00:26 - 00000000 ____D () C:\Users\Laura\Documents\My Weblog Posts 2015-02-10 23:33 - 2015-02-10 23:33 - 00000000 ____D () C:\Users\Laura\Documents\The Lord of the Rings Online 2015-02-10 23:30 - 2015-02-18 16:17 - 00000000 ___RD () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Player 2015-02-10 22:17 - 2015-02-11 00:35 - 00000000 ___RD () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Creatives 2015-02-10 20:37 - 2015-02-10 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2015-02-09 05:48 - 2015-02-20 16:34 - 00000000 ____D () C:\Program Files\Avira 2015-02-09 02:50 - 2015-02-09 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote 2015-02-09 02:49 - 2015-02-09 02:49 - 00000000 ____D () C:\Program Files\Evernote 2015-02-09 00:57 - 2015-02-19 17:44 - 00000000 ___RD () C:\Users\Laura\.thumbnails 2015-02-09 00:47 - 2015-02-15 22:54 - 00000000 ____D () C:\Users\Laura\.gimp-2.8 2015-02-09 00:47 - 2015-02-09 00:47 - 00000000 ____D () C:\Users\Laura\AppData\Local\gegl-0.2 2015-02-09 00:47 - 2015-02-09 00:47 - 00000000 ____D () C:\Users\Laura\AppData\Local\fontconfig 2015-02-09 00:39 - 2009-07-14 02:14 - 01971200 _____ (Microsoft Corporation) C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDMaker.exe 2015-02-09 00:31 - 2015-02-09 00:31 - 00000000 ____D () C:\Users\Public\CyberLink 2015-02-09 00:31 - 2010-01-06 22:37 - 00415016 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerDVDCopy.exe 2015-02-09 00:30 - 2009-12-03 00:37 - 02684200 _____ (CyberLink Corp.) C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power2GoExpress.exe 2015-02-09 00:29 - 2009-12-03 00:32 - 02508072 _____ (CyberLink Corp.) C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power2Go.exe 2015-02-09 00:28 - 2010-01-15 22:47 - 00664872 _____ (CyberLink Corp.) C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LabelPrint.exe 2015-02-09 00:18 - 2011-06-01 16:57 - 00561984 _____ (Apple Inc.) C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoftwareUpdate.exe 2015-02-09 00:08 - 2015-02-10 22:19 - 00000000 ___RD () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP 2015-02-09 00:07 - 2015-02-08 00:11 - 00001012 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shareaza.lnk 2015-02-09 00:07 - 2014-07-07 20:18 - 00002505 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Skype.lnk 2015-02-09 00:07 - 2011-11-25 20:23 - 00001124 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk 2015-02-09 00:07 - 2011-10-28 15:34 - 00001121 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger.lnk 2015-02-09 00:06 - 2015-02-08 16:22 - 00001717 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iTunes.lnk 2015-02-09 00:06 - 2015-02-08 01:23 - 00001181 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wp7EasyBackup.lnk 2015-02-09 00:02 - 2014-07-21 14:22 - 00001971 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetBeans IDE 8.0.lnk 2015-02-09 00:02 - 2014-07-21 13:59 - 00001992 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Java Mission Control.lnk 2015-02-09 00:02 - 2012-11-29 01:26 - 00002114 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lotro.lnk 2015-02-08 23:57 - 2015-02-08 02:28 - 00001322 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wordpad.lnk 2015-02-08 23:57 - 2015-01-15 06:52 - 00000896 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evernote.lnk 2015-02-08 23:57 - 2014-07-11 02:38 - 00002458 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business 2013.lnk 2015-02-08 23:57 - 2013-10-03 17:30 - 00002516 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InfoPath Designer 2013.lnk 2015-02-08 23:57 - 2013-10-03 17:30 - 00002496 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InfoPath Filler 2013.lnk 2015-02-08 23:57 - 2013-10-03 17:30 - 00002455 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word 2013.lnk 2015-02-08 23:57 - 2013-10-03 17:30 - 00002451 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel 2013.lnk 2015-02-08 23:57 - 2013-10-03 17:30 - 00002441 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\An OneNote 2013 senden.lnk 2015-02-08 23:57 - 2013-10-03 17:30 - 00002430 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint 2013.lnk 2015-02-08 23:57 - 2013-10-03 17:30 - 00002406 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lync 2013.lnk 2015-02-08 23:57 - 2013-10-03 17:30 - 00002405 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Publisher 2013.lnk 2015-02-08 23:57 - 2013-10-03 17:30 - 00002372 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Access 2013.lnk 2015-02-08 23:57 - 2013-10-03 17:30 - 00002369 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneNote 2013.lnk 2015-02-08 23:57 - 2013-10-03 17:30 - 00002341 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook 2013.lnk 2015-02-08 21:09 - 2013-10-03 17:28 - 01804512 _____ () C:\WindowsGABRIOLA.tt2 2015-02-08 20:27 - 2015-02-08 20:27 - 00000000 ____D () C:\Users\Laura\.jmc 2015-02-08 20:27 - 2015-02-08 20:27 - 00000000 ____D () C:\Users\Laura\.eclipse 2015-02-08 16:45 - 2015-02-17 15:15 - 00000000 ____D () C:\Users\Laura\Downloads\Icons and Vectors 2015-02-08 02:08 - 2015-02-10 22:19 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-02-08 00:53 - 2015-02-08 00:53 - 00000000 ____D () C:\Wp7EasyBackup 2015-02-08 00:12 - 2015-02-08 00:12 - 00000000 ____D () C:\Users\Laura\AppData\Local\Shareaza 2015-02-08 00:11 - 2015-02-08 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shareaza 2015-02-08 00:11 - 2015-02-08 00:12 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Shareaza 2015-02-08 00:09 - 2015-02-08 02:35 - 00000000 ____D () C:\Program Files\Shareaza 2015-02-08 00:07 - 2015-02-08 00:24 - 00000000 ____D () C:\Shareaza_2.7.8.0 2015-02-07 23:23 - 2015-02-08 00:42 - 00000000 ____D () C:\Program Files\GIMP 2 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-21 15:15 - 2013-02-25 05:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-21 15:15 - 2011-10-28 13:31 - 01103776 _____ () C:\Windows\WindowsUpdate.log 2015-02-21 15:14 - 2011-10-28 13:32 - 00000000 ____D () C:\Users\Laura 2015-02-20 19:17 - 2014-07-09 16:01 - 00000000 ___RD () C:\Users\Laura\Downloads\Programme Setups 2015-02-20 19:16 - 2009-07-14 05:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-20 19:16 - 2009-07-14 05:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-20 19:08 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-20 16:34 - 2013-08-06 23:04 - 00000000 ____D () C:\ProgramData\Avira 2015-02-20 16:25 - 2014-08-05 11:45 - 00000000 ____D () C:\ProgramData\Package Cache 2015-02-20 00:17 - 2014-10-17 12:38 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB 2015-02-20 00:17 - 2014-09-17 09:48 - 00000000 ____D () C:\Program Files\iTunes 2015-02-20 00:16 - 2014-09-17 09:48 - 00000000 ____D () C:\Program Files\iPod 2015-02-20 00:16 - 2012-10-11 16:33 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-02-20 00:06 - 2013-12-25 02:36 - 00105903 _____ () C:\Users\Laura\Downloads\chrome-youtube-downloader-2.6.20.crx 2015-02-19 04:53 - 2012-10-14 17:18 - 00000000 __SHD () C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} 2015-02-19 02:10 - 2011-11-03 14:24 - 00000000 ____D () C:\Users\Laura\AppData\Local\Windows Live 2015-02-19 00:42 - 2011-10-28 13:29 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-19 00:42 - 2011-10-28 13:29 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-18 21:13 - 2013-05-01 13:01 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Skype 2015-02-18 19:27 - 2013-05-01 13:00 - 00000000 ____D () C:\ProgramData\Skype 2015-02-18 17:45 - 2012-10-14 17:37 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\TuneUp Software 2015-02-18 17:30 - 2012-10-14 17:35 - 00000000 ____D () C:\ProgramData\TuneUp Software 2015-02-18 16:18 - 2013-10-03 17:24 - 00000000 ____D () C:\Program Files\Microsoft Office 2013 2015-02-18 13:11 - 2014-10-08 06:50 - 00000000 ___RD () C:\Users\Laura\iCloudDrive 2015-02-18 13:07 - 2009-07-14 05:53 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-02-18 10:38 - 2014-11-10 11:58 - 00000000 ____D () C:\Users\Laura\AppData\Local\Akamai 2015-02-17 00:15 - 2012-10-14 17:37 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2013 2015-02-17 00:00 - 2013-01-17 10:58 - 00000000 ____D () C:\Users\Catsitter\AppData\Roaming\Apple Computer 2015-02-16 06:34 - 2009-07-14 03:04 - 00000497 _____ () C:\Windows\win.ini 2015-02-15 22:00 - 2011-10-28 13:36 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Adobe 2015-02-14 16:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-02-12 15:12 - 2014-10-08 06:55 - 00000000 ____D () C:\Users\Laura\AppData\Local\20FF9895-9903-4559-85FC-E4E697E8854B.aplzod 2015-02-12 07:11 - 2012-10-11 16:41 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Apple Computer 2015-02-12 07:11 - 2012-10-11 16:41 - 00000000 ____D () C:\Users\Laura\AppData\Local\Apple Computer 2015-02-11 00:52 - 2011-11-02 15:41 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\TS3Client 2015-02-11 00:40 - 2010-11-12 00:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2015-02-11 00:26 - 2012-04-13 15:03 - 00000000 ____D () C:\Users\Laura\AppData\Local\Windows Live Writer 2015-02-10 23:45 - 2012-03-10 12:45 - 00000952 ___SH () C:\ProgramData\KGyGaAvL.sys 2015-02-10 23:38 - 2011-11-02 15:10 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client 2015-02-10 23:37 - 2010-09-15 14:00 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-02-10 21:59 - 2012-10-11 16:35 - 00000000 ____D () C:\Users\Laura\AppData\Local\Apple 2015-02-10 11:52 - 2012-05-29 01:37 - 00117776 _____ () C:\Users\Catsitter\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-10 11:50 - 2012-05-29 01:36 - 00000000 ____D () C:\Users\Catsitter 2015-02-09 05:27 - 2014-11-10 11:57 - 00000000 ____D () C:\Autodesk 2015-02-09 03:03 - 2010-09-15 14:43 - 00000000 ____D () C:\Program Files\CyberLink 2015-02-09 02:52 - 2014-07-11 14:50 - 00000000 ____D () C:\Program Files\Hewlett-Packard 2015-02-09 00:54 - 2012-10-11 16:35 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2015-02-09 00:34 - 2011-10-28 15:55 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\DivX 2015-02-09 00:31 - 2011-10-30 02:23 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\CyberLink 2015-02-09 00:31 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public 2015-02-09 00:14 - 2012-01-31 21:03 - 00000000 ____D () C:\Users\Laura\AppData\Local\Adobe 2015-02-08 22:18 - 2012-05-07 21:43 - 00000000 ___RD () C:\Users\Laura\Documents\Hauswirtschaft 2015-02-08 21:16 - 2009-07-14 08:48 - 00000000 ___RD () C:\Users\Public\Recorded TV 2015-02-08 21:09 - 2013-10-03 17:23 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2015-02-08 16:09 - 2014-09-01 01:19 - 00000000 ____D () C:\Users\Laura\Documents\Magazine 2015-02-08 14:32 - 2014-07-11 14:38 - 00000000 ____D () C:\Users\Laura\AppData\Local\HP 2015-02-08 14:32 - 2013-02-21 08:42 - 00000000 ____D () C:\Users\Laura\AppData\Local\PluginCompendium 2015-02-08 14:32 - 2012-11-28 21:33 - 00000000 ____D () C:\Users\Laura\.swt 2015-02-08 14:32 - 2012-02-01 22:02 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\dvdcss 2015-02-08 14:32 - 2011-11-08 17:12 - 00000000 ____D () C:\Users\Laura\AppData\Local\Turbine 2015-02-08 14:32 - 2011-10-28 13:32 - 00000000 ___RD () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-02-08 14:32 - 2011-10-28 13:32 - 00000000 ___RD () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-02-08 14:31 - 2014-11-10 13:30 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Java Development Kit 2015-02-08 14:31 - 2014-02-24 13:03 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Java 2015-02-08 14:31 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration 2015-02-08 14:31 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat 2015-02-08 01:10 - 2014-10-13 14:08 - 00000000 ____D () C:\Users\Laura\Documents\Life Management 2015-02-07 23:40 - 2010-07-06 21:23 - 00809232 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-07 23:38 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF 2015-02-05 20:15 - 2013-02-25 05:59 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-02-05 20:15 - 2013-02-25 05:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2011-11-08 17:12 - 2011-11-08 17:12 - 0000093 _____ () C:\Users\Laura\AppData\Local\fusioncache.dat 2015-02-15 22:54 - 2015-02-15 22:54 - 0002211 _____ () C:\Users\Laura\AppData\Local\recently-used.xbel 2013-09-02 15:34 - 2013-09-02 15:34 - 0000017 _____ () C:\Users\Laura\AppData\Local\resmon.resmoncfg 2014-07-11 14:49 - 2014-07-11 14:49 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-10-05 13:51 - 2014-10-05 13:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2012-03-10 12:45 - 2015-02-10 23:45 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys 2014-11-10 12:48 - 2014-11-10 12:48 - 0000147 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc Some content of TEMP: ==================== C:\Users\Catsitter\AppData\Local\Temp\avgnt.exe C:\Users\Laura\AppData\Local\Temp\avgnt.exe C:\Users\Laura\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Laura\AppData\Local\Temp\HPPSdr.exe C:\Users\Laura\AppData\Local\Temp\OfficeSetup.exe C:\Users\Laura\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Laura\AppData\Local\Temp\Setup.x86.de-DE_ProPlusRetail_XFYDJ-8N7VQ-6YCWB-2VXRP-3YF3D_act_1_.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-20 20:28 ==================== End Of Log ============================ --- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-02-2015 01
Ran by Laura at 2015-02-21 15:16:31
Running from C:\Users\Laura\Contacts\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
„Der Herr der Ringe Online™“ v03.08.00.8025 (HKLM\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 03.08.00.8025 - Turbine, Inc.)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.0.16600 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-3161636880-329456100-441217609-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Akamai) (Version: - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Akamai) (Version: - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Application Support (32-Bit) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{586647DB-C4AC-6691-FD95-9A1B3B603502}) (Version: 3.0.795.0 - ATI Technologies, Inc.)
Avira (HKLM\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Blender (HKLM\...\Blender) (Version: 2.71 - Blender Foundation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (Version: 2010.0930.2237.38732 - ATI) Hidden
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
CorelDRAW Essentials 4 - Content (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version: - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version: - Corel Corporation)
CorelDRAW Essentials 4 (Version: 4.0 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2515 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
Evernote v. 5.8.3 (HKLM\...\{404B3FB8-A820-11E4-83FC-00163E98E7D6}) (Version: 5.8.3.6507 - Evernote Corp.)
Fotogalerija Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
herdProtect Anti-Malware Scanner (HKLM\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
HP Deskjet 1510 series Basic Device Software (HKLM\...\{61268BF7-3EC8-4CDC-922B-C8F718A0D46F}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 1510 series Help (HKLM\...\{2E25FCEB-EFCB-4696-AA01-D3CBAC721831}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Smart Print 2.7 (HKLM\...\{06B3D8C2-AAF2-4154-A4BD-71806AC41172}) (Version: 2.7.0.238 - Hewlett-Packard)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
iTunes (HKLM\...\{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}) (Version: 12.1.1.4 - Apple Inc.)
Java SE Development Kit 8 Update 11 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180110}) (Version: 8.0.110 - Oracle Corporation)
JavaFX 2.1.0 (HKLM\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LOTRO Plugin Compendium (HKLM\...\{3BF7818D-2482-4676-A237-915A11A97847}) (Version: 1.0.3 - Lunarwater)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Español (HKLM\...\{90150000-001F-0C0A-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Română (HKLM\...\{90150000-001F-0418-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetBeans IDE 8.0 (HKLM\...\nbi-nb-base-8.0.0.0.201403101706) (Version: 8.0 - NetBeans.org)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
PDF Split And Merge Basic (HKLM\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.3 - Andrea Vacondio)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shareaza 2.7.8.0 (HKLM\...\Shareaza_is1) (Version: 2.7.8.0 - Shareaza Development Team)
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TuneUp Utilities 2013 (HKLM\...\TuneUp Utilities 2013) (Version: 13.0.4000.179 - TuneUp Software)
TuneUp Utilities 2013 (Version: 13.0.4000.179 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 13.0.4000.179 - TuneUp Software) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Συλλογή φωτογραφιών του Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{04CC76C7-1ED7-4CAE-9762-B8664ED008ED}\localserver32 -> C:\Program Files\Shareaza\MediaImageServices.exe (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{0EEA2A0F-AD1F-4555-9827-0DD9335611A4}\localserver32 -> C:\Program Files\Shareaza\WindowsThumbnail.exe (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}\InprocServer32 -> C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{0F74BA53-C842-4CB5-B388-DD5663F62479}\InprocServer32 -> C:\Program Files\Shareaza\Preview.dll (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{18D11ED9-1264-48A1-9E14-20F2C633242B}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{2EE9D739-7726-41cf-8F18-4B1B8763BC63}\InprocServer32 -> C:\Program Files\Shareaza\ImageViewer.dll (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{2F74AA28-2498-4805-911A-04C39858D529}\InprocServer32 -> C:\Program Files\Shareaza\ZIPBuilder.dll (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{30FC662A-D72A-4F79-B63A-ACD4FBFE68A3}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{34791E02-51DC-4CF4-9E34-018166D91D0E}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{3DC28AA6-A597-4E03-96DF-ADA19155B0BE}\localserver32 -> C:\Program Files\Shareaza\MediaPlayer.exe (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{570C197C-FE9C-4D1F-B6E0-EFA44D36399F}\localserver32 -> C:\Program Files\Shareaza\MediaLibraryBuilder.exe (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{61700EEC-D5D3-4793-BD1F-514896D67F44}\InprocServer32 -> C:\Program Files\Shareaza\RatDVDReader.dll (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{6C9E61BE-E58F-4AE1-A304-6FF1D183804C}\InprocServer32 -> C:\Program Files\Shareaza\GFLLibraryBuilder.dll (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{76F13243-9F62-4241-AC07-3B359BBE4EC5}\InprocServer32 -> C:\Program Files\Shareaza\VirusTotal.dll (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{76F13243-9F62-4241-AC07-3B359BBE4EC6}\InprocServer32 -> C:\Program Files\Shareaza\ShortURL.dll (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{A4F1E383-B493-4580-8DB6-5CC89CBAAC53}\InprocServer32 -> C:\Program Files\Shareaza\SkinScanSKS.dll (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{B69F80CD-FB15-45E8-B359-92A41CC571A7}\InprocServer32 -> C:\Program Files\Shareaza\7ZipBuilder.dll (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{B978F591-5137-4612-873A-DC2081BAD6CD}\InprocServer32 -> C:\Program Files\Shareaza\SWFPlugin.dll (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{D73ABD28-3A2A-4E36-AD6F-2AA8F011FBE3}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{E1A67AE5-7041-4AE1-94F7-DE03EF759E27}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{E9B2EF9B-4A0C-451E-801F-257861B87FAD}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{E9F51B1E-DB0F-4EEE-9B36-46151994C715}\InprocServer32 -> C:\Program Files\Shareaza\DocumentReader.dll (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{F801DAD7-F08D-48EF-B0DF-6B120377E835}\InprocServer32 -> C:\Program Files\Shareaza\RARBuilder.dll (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{FC4D8F69-0B18-49BB-8AB7-87EB77AA1A9D}\InprocServer32 -> C:\Program Files\Shareaza\SWFPlugin.dll (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{FF5FCD00-2C20-49D8-84F6-888D2E2C95DA}\InprocServer32 -> C:\Program Files\Shareaza\GFLImageServices.dll (Shareaza Development Team)
==================== Restore Points =========================
20-02-2015 00:30:16 Windows 7 Service Pack 1
21-02-2015 03:00:26 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {08251061-8C9E-4F9E-9C93-33ACFCAB6736} - System32\Tasks\{F9576C69-BA64-42CE-8842-189EA62ABA9F} => pcalua.exe -a I:\Setup.exe -d I:\
Task: {08F76391-B9CF-4BE0-B7BA-0CD75FDAAD58} - \Driver Booster SkipUAC (Laura) No Task File <==== ATTENTION
Task: {1891B555-4C37-4979-988A-1B7260EF256E} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2014-01-10] ()
Task: {2E5C040A-1A02-4598-843B-681EC1735B25} - System32\Tasks\{8F158000-C2CC-4C5D-9591-A23BE9C60112} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\setup.exe" -d "C:\Program Files\InstallShield Installation Information\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}"
Task: {36A20614-A150-4C2E-ADDD-4A20FB4B7F5C} - System32\Tasks\{3A5DCAC7-B53A-49CC-AD8C-5D2E00DB4856} => pcalua.exe -a "C:\Program Files\Common Files\Motorola Shared\Mobile Drivers\Motorola Driver Installer.exe" -d "C:\Program Files\Common Files\Motorola Shared\Mobile Drivers\"
Task: {38DB3B4A-13A9-48BD-9636-33C4EC9992CB} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {5EA5C6AB-10A0-42C6-B42E-7AA61E0B899D} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {759C3EE7-4C81-4F91-88DE-CE7F7E2449E1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {835095BE-A1DE-43DB-B2E8-0779607076F3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {86EEFBBD-E8F7-4608-A4AE-10BD2107B920} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {A2413964-91BC-4C84-A816-508DEC800870} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {A45B1DE8-888F-4DF6-BC88-2093CC0939FF} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {ACDDA307-9ADC-44E5-8B90-8EC1F23C591C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {D7D16B22-A9A0-47BF-89A1-DFF45EBD5BA3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {D9ABCF42-8789-49E6-9ADC-5CA81C62EE63} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2013\OneClick.exe [2013-12-10] (TuneUp Software)
Task: {E7F313B0-9544-45D7-83E3-F033CC5261CD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {EB2B8194-AFF3-4106-9C51-91E164F0A046} - System32\Tasks\{EF75C393-DCA7-4157-A2E6-D11990B0763B} => pcalua.exe -a "C:\Program Files\Avira\AntiVir Desktop\setup.exe" -d "C:\Program Files\TuneUp Utilities 2013" -c /REMOVE
Task: {F05B3057-F143-4215-AA01-9FDDEB4CE809} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-10 18:45 - 2013-12-10 18:45 - 00500024 _____ () C:\Program Files\TuneUp Utilities 2013\avgreplibx.dll
2015-02-06 17:16 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-06 17:16 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-06 17:16 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Shareaza_2.7.8.0:Shareaza.GUID
AlternateDataStreams: C:\Users\Laura\Downloads:Shareaza.GUID
AlternateDataStreams: C:\Users\Laura\Downloads\Programme Setups:Shareaza.GUID
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3161636880-329456100-441217609-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Catsitter\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\Catsitter\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> C:\Users\Catsitter\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-3161636880-329456100-441217609-500 - Administrator - Disabled) => C:\Users\Administrator
ASPNET (S-1-5-21-3161636880-329456100-441217609-1004 - Limited - Enabled)
Catsitter (S-1-5-21-3161636880-329456100-441217609-1005 - Limited - Enabled) => C:\Users\Catsitter
Guest (S-1-5-21-3161636880-329456100-441217609-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3161636880-329456100-441217609-1007 - Limited - Enabled)
Laura (S-1-5-21-3161636880-329456100-441217609-1001 - Administrator - Enabled) => C:\Users\Laura
==================== Faulty Device Manager Devices =============
Name: G:\
Description: SD MS Reader
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
Name: H:\
Description: SMC xD Reader
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
Name: F:\
Description: CF Card Reader
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/21/2015 03:16:57 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (02/21/2015 03:05:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (02/20/2015 09:15:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (02/20/2015 09:11:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (02/20/2015 08:29:39 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
System errors:
=============
Error: (02/21/2015 03:09:39 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Windows 7 Service Pack 1 (KB976932).
Error: (02/20/2015 09:26:52 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Microsoft Office Sessions:
=========================
Error: (02/21/2015 03:16:57 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 1510 series\DriverStore\Yeti\V3\amd64\hpinkinsc111.exe
Error: (02/21/2015 03:05:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 1510 series\DriverStore\Yeti\V3\amd64\hpinkinsc111.exe
Error: (02/20/2015 09:15:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 1510 series\DriverStore\Yeti\V3\amd64\hpinkinsc111.exe
Error: (02/20/2015 09:11:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 1510 series\DriverStore\Yeti\V3\amd64\hpinkinsc111.exe
Error: (02/20/2015 08:29:39 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 1510 series\DriverStore\Yeti\V3\amd64\hpinkinsc111.exe
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X3 440 Processor
Percentage of memory in use: 68%
Total physical RAM: 3327.29 MB
Available physical RAM: 1043.18 MB
Total Pagefile: 6652.86 MB
Available Pagefile: 3685.98 MB
Total Virtual: 3071.88 MB
Available Virtual: 2932.32 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:900.41 GB) (Free:728.81 GB) NTFS
Drive d: (Drive) (Fixed) (Total:30 GB) (Free:29.91 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=900.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== End Of Log ============================
|
|
22.02.2015, 08:26
| #4 |
| /// the machine /// TB-Ausbilder | Pc nach Positive Finds Infektion Bis auf TuneUp, ne Milliarde Addons in den Browsern und 40% unnötiger Einträge auf dem Gerät ist alles gut, also ich seh kein Positive Finds.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.02.2015, 15:03
| #5 |
| | Pc nach Positive Finds Infektion Hey Schrauber, danke für die Mühe. Freu mich dass meine Vorarbeit wohl nicht so übel war. Der Addons bin ich mir bewusst, einiges will ich ausprobieren, dann fliegen die auch wieder. TuneUp, nun fand ich nie ganz schlecht. das geht mit der Meinung hier im Forum auseinander wie ich gesehen habe. Ich bin nicht vom Fach und habe Phasen in denen ich mich einarbeite, aber das Wissen ist auch schnell verflogen, wenn ich wieder zum Alltag übergehe. Da kam mir die simple Bereinigung recht gut entgegen. Gibt es da Alternativen zur regelmässigen leichten Bereinigung, oder ausführlichen Lesestoff darüber? Wenn du da was kennst, nehme ich Tipps gerne an. Die 40% unnötiger Einträge Ich fänd es toll sie loszuwerden. Was wären da die Schritte? Was mich noch besorgt: Ich bin den Pc auch noch etwas weiter durchgegangen, nach meinen Möglichkeiten, und habe gestern das hier gefunden: C:/Users/Laura/AppData/Local/DDMSettings/settings.ddi Die Google Recherche war ziemlich erschreckend, der Eintrag kam nur in Frst oder HijackThis logfiles auf Foren vor von infizierten Rechnern. Sagt die das was? Nymph |
|
22.02.2015, 18:58
| #6 | ||
| /// the machine /// TB-Ausbilder | Pc nach Positive Finds InfektionZitat:
 .Zitat:
Mich wundert dass deine Browser überhaupt noch starten.
__________________ --> Pc nach Positive Finds Infektion |
|
22.02.2015, 22:59
| #7 |
| | Pc nach Positive Finds Infektion Und die C:/Users/Laura/AppData/Local/DDMSettings/settings.ddi irritiert nicht? ok, dann hau ich sie raus. |
|
23.02.2015, 16:47
| #8 |
| /// the machine /// TB-Ausbilder | Pc nach Positive Finds Infektion Ich hab ja gesagt, bei 3/4 des Logs besteht keine Garantie auf Vollständigkeit 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Pc nach Positive Finds Infektion |
| anti, avira, beseitigt, betrieb, biete, blick, browser, diverse, downloader, dvdvideosoft free studio, free, free youtube downloader, funde, helfer, infektion, logfiles, malware / spyware, nötig, passwörter, positive finds, poste, rootkit, schön, spuren, thread, unnötig, verloren, youtube, zwischen |
Linear-Darstellung
