| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ständiger Absturz aller Internet BrowserWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.10.2014, 18:35
| #1 |
 |  Ständiger Absturz aller Internet Browser Egal welchen Browser ich benutze, es kommt in unregelmäßigen Abständen zu Abstürzen. Ohne Fehlermeldung. Das Fenster schließt sich einfach - unabhängig vom Browser (getestet habe ich IE, Firefox, Chrome) Und danach kann ich zwar über "Wiederherstellen" die Tabs wieder aktivieren. Aber zum Teil muss ich dann bei passwortgeschützten Seiten, alles wieder neu eingeben. Auch Downloads sind nicht möglich, da alles viel zu instabil geworden ist. Betriebssystem: Windows 7, Lenovo Thinkpad Notebook. Ich benötige bitte eure Hilfe. |
|
20.10.2014, 18:47
| #2 |
| /// the machine /// TB-Ausbilder    | Ständiger Absturz aller Internet Browser hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
21.10.2014, 15:15
| #3 |
| | Ständiger Absturz aller Internet Browser FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-10-2014
Ran by XXX (administrator) on XXX-THINK on 20-10-2014 20:09:51
Running from C:\Users\XXX\Downloads
Loaded Profile: XXX (Available profiles: XXX)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
() C:\Windows\System32\vaultsvd.exe
() C:\Program Files\ASUS\Printer Utilities\UsbService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\ACTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Dropbox, Inc.) C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3110200 2011-06-10] (Lenovo Group Limited)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-04-23] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2379504 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [ACTray] => C:\Program Files\Lenovo\Access Connections\ACTray.exe [433216 2011-10-20] (Lenovo)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-04-23] (Samsung)
HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\...\Run: [GoogleChromeAutoLaunch_3DE93EBB1452A07E5EFE376DE1AED924] => C:\Program Files\Google\Chrome\Application\chrome.exe [854344 2014-10-10] (Google Inc.)
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico ()
Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\XXX\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\XXX\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\XXX\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M104AA6EE-841E-437B-B6C6-5A9032838D99&SearchSource=55&CUI=&UM=6&UP=SP3FFE209F-A259-4A43-A803-98C1B7DA00C9&SSPV=SP21726TB_sp_ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_aw_14_35_ch&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtCtC0A0AtB0FyDyEtC0BtCtN0D0Tzu0SzyyCzytN1L2XzutAtFtDtFtCtDtFyEtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2StDyBtB0E0F0D0DyDtG0F0A0FzytG0DzyyCyEtGzy0DyDtDtGyD0B0B0B0CtA0CtA0BtAyByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByE0FtD0CyE0AzztG0BtAyCyBtGyE0FyEtBtG0AyD0CzztGzz0CtDzytDzyyByCtC0EtAtA2QtN1B1L1H1Ezu1O2U1M1B&cr=707464660&ir=
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {A8945019-18BA-4ECC-B55E-160FD84D07CE} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=386496&p={searchTerms}
SearchScopes: HKCU - {E668679A-8755-47E1-B2EE-49D9FA828DB8} URL =
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files\{2FAD3965-D9E7-4811-8293-96B8EA3E110E}\{4E69839D-FEF0-47B1-8A81-4431DB720D2D}.bin (Download Protect)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\qwf7buxd.default
FF DefaultSearchUrl: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M104AA6EE-841E-437B-B6C6-5A9032838D99&SearchSource=55&CUI=&UM=6&UP=SP3FFE209F-A259-4A43-A803-98C1B7DA00C9&SSPV=SP21726TB_sp_ff
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M104AA6EE-841E-437B-B6C6-5A9032838D99&SearchSource=69&CUI=&SSPV=SP21726TB_sp_ff&Lay=1&UM=6&UP=SP3FFE209F-A259-4A43-A803-98C1B7DA00C9
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017319.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\qwf7buxd.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Download Protect - C:\Program Files\Mozilla Firefox\extensions\{1100902D-4A07-442C-94E6-5EA504FA866B} [2014-09-26]
FF HKLM\...\Firefox\Extensions: [{E8CC15B4-5BC5-4B84-BD03-232485DE6391}] - C:\Windows\Installer\{DBA5AAB4-B514-4439-852E-4C5A473387A6}\{E8CC15B4-5BC5-4B84-BD03-232485DE6391}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{DBA5AAB4-B514-4439-852E-4C5A473387A6}\{E8CC15B4-5BC5-4B84-BD03-232485DE6391}.xpi [2014-06-11]
FF HKLM\...\Firefox\Extensions: [{36CBACBA-37D0-4A3B-BCE3-6520A5BA2BD8}] - C:\Windows\Installer\{CBD29F9D-67BA-4BE8-A200-7B427CA8FEA7}\{36CBACBA-37D0-4A3B-BCE3-6520A5BA2BD8}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{CBD29F9D-67BA-4BE8-A200-7B427CA8FEA7}\{36CBACBA-37D0-4A3B-BCE3-6520A5BA2BD8}.xpi [2014-10-17]
FF HKCU\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension\2.0b12
FF Extension: ThinkVantage Password Manager - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension\2.0b12 [2012-09-11]
FF Extension: No Name - C:\Windows\Installer\{FB9D7926-AF11-4E2A-91CA-DD7B68F3421D}\{FAD80C28-509D-48E1-B3C1-5B7F0B376134}.xpi [Not Found]
Chrome:
=======
CHR Profile: C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (Google Wallet) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-21]
CHR Extension: (Download Protect) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogmkbkadiaoolkhbhigbinbghlpcocdn [2014-10-19]
CHR Extension: (Astromenda New Tab) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae [2014-10-01]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [134208 2011-10-20] (Lenovo)
R2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [269376 2011-10-20] (Lenovo)
R2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [509448 2012-03-15] (Intel Corporation)
R2 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [104208 2012-04-23] (Intel(R) Corporation)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528624 2009-11-17] (Cisco Systems, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [50536 2010-07-27] (Lenovo Group Limited)
R2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45496 2010-04-07] (Lenovo Group Limited)
R2 LENOVO.TPKNRSVC; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [74088 2010-07-27] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S3 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1665120 2012-05-16] (Lenovo Group Limited)
R2 ScrybeUpdater; C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [131432 2011-07-12] (Lenovo Group Limited)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1773368 2014-03-20] (TuneUp Software)
R2 ucsvc32; C:\Windows\system32\vaultsvd.exe [65024 2012-09-15] () [File not signed]
R2 UsbService; C:\Program Files\ASUS\Printer Utilities\UsbService.exe [217088 2010-08-10] () [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2759984 2012-06-25] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [143360 2012-03-15] (Windows (R) Win 7 DDK provider)
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [143360 2012-03-15] (Windows (R) Win 7 DDK provider)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2009-11-17] (Cisco Systems, Inc.) [File not signed]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKslfeac8da9; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EAB071B0-2203-4D2A-AA59-82A75AC0E61F}\MpKslfeac8da9.sys [39464 2014-10-20] (Microsoft Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\Netwsn00.sys [10364416 2012-06-03] (Intel Corporation)
S3 PcaSp60; C:\Windows\System32\DRIVERS\PcaSp60.sys [28672 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [816792 2010-11-19] () [File not signed]
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
S3 s117bus; C:\Windows\System32\DRIVERS\s117bus.sys [82984 2007-06-25] (MCCI Corporation)
S3 s117mdfl; C:\Windows\System32\DRIVERS\s117mdfl.sys [14888 2007-06-25] (MCCI Corporation)
S3 s117mdm; C:\Windows\System32\DRIVERS\s117mdm.sys [108456 2007-06-25] (MCCI Corporation)
S3 s117mgmt; C:\Windows\System32\DRIVERS\s117mgmt.sys [100264 2007-06-25] (MCCI Corporation)
S3 s117nd5; C:\Windows\System32\DRIVERS\s117nd5.sys [22952 2007-06-25] (MCCI Corporation)
S3 s117obex; C:\Windows\System32\DRIVERS\s117obex.sys [98344 2007-06-25] (MCCI Corporation)
S3 s117unic; C:\Windows\System32\DRIVERS\s117unic.sys [98856 2007-06-25] (MCCI Corporation)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [57856 2010-01-07] (SCM Microsystems Inc.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [23608 2012-07-05] (Synaptics Incorporated)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-02-10] (TuneUp Software)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13752 2009-09-29] ()
R3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [66432 2007-12-17] ()
S2 ASPI32; No ImagePath
S3 catchme; \??\C:\Users\XXX\AppData\Local\Temp\catchme.sys [X]
S2 smihlp2; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-20 20:09 - 2014-10-20 20:11 - 00025479 _____ () C:\Users\XXX\Downloads\FRST.txt
2014-10-20 20:09 - 2014-10-20 20:09 - 01102848 _____ (Farbar) C:\Users\XXX\Downloads\FRST.exe
2014-10-20 20:09 - 2014-10-20 20:09 - 00000000 ____D () C:\FRST
2014-10-19 18:31 - 2014-10-19 18:39 - 661097468 _____ () C:\Users\XXX\Downloads\ScoutsPart2_scene1_720p_3800.mp4
2014-10-18 23:34 - 2014-10-18 23:34 - 00002249 _____ () C:\Users\XXX\Desktop\Sean Cody - Tucker.mpg - Verknüpfung.lnk
2014-10-17 12:07 - 2014-10-17 12:07 - 00000000 ____D () C:\Program Files\{2FAD3965-D9E7-4811-8293-96B8EA3E110E}
2014-10-16 16:28 - 2014-10-10 03:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 16:28 - 2014-10-10 03:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 16:28 - 2014-10-10 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 16:28 - 2014-09-29 02:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 16:28 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 16:28 - 2014-07-17 03:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 16:28 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 16:28 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 16:28 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 16:28 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 16:28 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 16:28 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 16:27 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 16:27 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 16:27 - 2014-09-05 03:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 16:27 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 16:27 - 2014-08-29 03:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 16:27 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 16:27 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 16:27 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 16:26 - 2014-09-20 05:58 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 16:26 - 2014-09-20 05:57 - 14368768 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 13757952 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 01762816 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 16:26 - 2014-09-20 05:56 - 01440768 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 16:26 - 2014-09-20 05:56 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 16:26 - 2014-09-20 05:56 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 16:26 - 2014-09-20 05:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 16:26 - 2014-09-20 04:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-16 16:15 - 2014-10-16 16:15 - 00000000 ____D () C:\Program Files\{86A8B659-FA95-48E5-8E24-5E61DBDFCC45}
2014-10-15 18:50 - 2014-10-15 18:59 - 783669891 _____ () C:\Users\XXX\Downloads\DaddysWorkplacePart3_scene1_720p_3800.mp4
2014-10-12 19:35 - 2014-10-12 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-10-12 19:35 - 2014-10-12 19:35 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-10-12 11:54 - 2014-10-20 19:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-12 11:54 - 2014-10-17 08:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-12 11:54 - 2014-10-17 08:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-12 11:54 - 2014-10-12 19:35 - 00002023 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-10-12 11:54 - 2014-10-12 19:35 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-10-09 18:44 - 2014-10-09 18:44 - 00000396 _____ () C:\MyUpdateLogs.log
2014-10-08 18:57 - 2014-10-08 18:57 - 00000000 ____D () C:\Users\XXX\AppData\Local\FreeOCR
2014-10-08 18:02 - 2014-10-08 19:00 - 00000000 ____D () C:\FreeOCR
2014-10-08 18:02 - 2014-10-08 18:02 - 00000601 _____ () C:\Users\XXX\Desktop\FreeOCR.lnk
2014-10-08 18:02 - 2014-10-08 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeOCR
2014-10-08 18:02 - 2007-03-10 10:11 - 02680320 _____ (HiComponents) C:\Windows\system32\ImageEnXLibrary.ocx
2014-10-08 18:00 - 2014-10-08 18:00 - 00000000 ____D () C:\Program Files\Temp
2014-10-08 17:59 - 2014-10-08 17:59 - 00414625 _____ ( ) C:\Users\XXX\Downloads\FreeOCR-5.02.exe
2014-10-08 15:41 - 2014-10-08 15:45 - 823568304 _____ () C:\Users\XXX\Downloads\DaddysWorkplacePart2_scene1_720p_3800.mp4
2014-10-07 15:07 - 2014-10-07 15:12 - 668087110 _____ () C:\Users\XXX\Downloads\Payback_scene1_720p_3800.mp4
2014-10-06 18:44 - 2014-10-07 19:42 - 08281358 _____ () C:\Users\XXX\Desktop\Schmerzpsychotherapie MHH.pptx
2014-10-06 18:22 - 2014-10-06 18:22 - 00333824 _____ () C:\Users\XXX\Downloads\down70516862.ppt
2014-10-06 16:02 - 2014-10-06 16:02 - 02371584 _____ () C:\Users\XXX\Downloads\blicke_1204reha_ss_11 (1).ppt
2014-10-06 16:02 - 2014-10-06 16:02 - 00649216 _____ () C:\Users\XXX\Downloads\FR_09_Schmerzmanagement_Abeln.ppt
2014-10-06 15:52 - 2014-10-06 15:52 - 01895936 _____ () C:\Users\XXX\Downloads\Schmerz2.ppt
2014-10-06 15:52 - 2014-10-06 15:52 - 01570304 _____ () C:\Users\XXX\Downloads\Kapitel_XIV_Ruecken_u__Psyche_Stand_7-2013.ppt
2014-10-06 15:48 - 2014-10-06 15:48 - 00230400 _____ () C:\Users\XXX\Downloads\Texte_Vortraege_Schmerz_Humbel.ppt
2014-10-06 15:45 - 2014-10-06 15:45 - 02413056 _____ () C:\Users\XXX\Downloads\Multimodale_Schmerztherapie_2013.ppt
2014-10-05 19:32 - 2014-10-05 19:41 - 423655048 _____ () C:\Users\XXX\Downloads\HardRelation_scene1_480p_2000.mp4
2014-10-05 19:14 - 2014-10-05 19:27 - 746331267 _____ () C:\Users\XXX\Downloads\TheBusinessOfSexPart4_scene1_720p_3800.mp4
2014-10-01 23:00 - 2014-10-01 23:00 - 04753680 _____ () C:\Users\XXX\Desktop\Schmerzpsychotherapie.pptx
2014-10-01 18:37 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-26 21:06 - 2014-09-26 21:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-25 10:50 - 2014-09-25 10:59 - 178704112 _____ () C:\Users\XXX\Downloads\bs_14-2CD-2014.rar
2014-09-25 10:46 - 2014-09-25 11:44 - 178704110 _____ () C:\Users\XXX\Downloads\VA-Bundesvision_Songcontest_2014-2CD-DE-2014-VOiCE.rar
2014-09-25 10:45 - 2014-09-25 10:45 - 00000222 _____ () C:\Users\XXX\Downloads\124da0b5-03e2-4626-b070-91e9cbc3fe3b (3).htm
2014-09-25 10:43 - 2014-09-25 10:43 - 00000222 _____ () C:\Users\XXX\Downloads\124da0b5-03e2-4626-b070-91e9cbc3fe3b.htm
2014-09-25 10:43 - 2014-09-25 10:43 - 00000222 _____ () C:\Users\XXX\Downloads\124da0b5-03e2-4626-b070-91e9cbc3fe3b (2).htm
2014-09-25 10:43 - 2014-09-25 10:43 - 00000222 _____ () C:\Users\XXX\Downloads\124da0b5-03e2-4626-b070-91e9cbc3fe3b (1).htm
2014-09-25 10:31 - 2014-09-25 10:42 - 49324156 _____ () C:\Users\XXX\Downloads\V-BUVISOCO.rar.crdownload
2014-09-24 05:43 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-22 11:32 - 2014-09-22 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone
2014-09-22 11:32 - 2014-09-22 11:32 - 00000000 ____D () C:\Program Files\Windows Phone
2014-09-22 11:30 - 2014-09-22 11:30 - 00000000 ____D () C:\ProgramData\Applications
2014-09-22 11:20 - 2014-09-22 11:20 - 06745792 _____ (Microsoft Corporation) C:\Users\XXX\Downloads\WindowsPhone (1).exe
2014-09-22 11:19 - 2014-09-22 11:20 - 06745792 _____ (Microsoft Corporation) C:\Users\XXX\Downloads\WindowsPhone.exe
2014-09-22 07:41 - 2014-09-24 08:55 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 07:41 - 2014-09-22 07:41 - 00001075 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-22 07:41 - 2014-09-22 07:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-22 07:41 - 2014-09-22 07:41 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-09-22 07:41 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-22 07:41 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-22 07:37 - 2014-09-22 07:37 - 00000000 ____D () C:\ProgramData\Uniblue
2014-09-22 07:36 - 2014-09-22 07:37 - 05597688 _____ (Uniblue Systems Ltd ) C:\Users\XXX\Downloads\driverscanner.exe
2014-09-21 22:04 - 2014-09-21 22:22 - 761340665 _____ () C:\Users\XXX\Downloads\TheBusinessOfSexPart2_scene1_720p_3800.mp4
2014-09-21 22:04 - 2014-09-21 22:17 - 709902177 _____ () C:\Users\XXX\Downloads\SwingersPart2_scene1_720p_3800.mp4
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-20 19:51 - 2014-06-12 21:10 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-20 17:50 - 2014-06-12 21:10 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-20 16:20 - 2010-12-06 10:29 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Skype
2014-10-20 14:59 - 2011-06-05 15:43 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-10-20 14:54 - 2009-07-14 06:34 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-20 14:54 - 2009-07-14 06:34 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-20 14:53 - 2009-07-21 07:30 - 00393244 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-20 14:51 - 2010-11-19 04:22 - 01163735 _____ () C:\Windows\WindowsUpdate.log
2014-10-20 14:46 - 2010-12-05 23:30 - 00000000 ___RD () C:\Users\XXX\Documents\My Dropbox
2014-10-20 14:46 - 2010-12-05 23:29 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Dropbox
2014-10-20 14:45 - 2014-04-09 15:47 - 00017536 _____ () C:\Windows\setupact.log
2014-10-20 14:45 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-17 12:18 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-17 12:07 - 2014-03-25 23:54 - 00000728 __RSH () C:\ProgramData\ntuser.pol
2014-10-17 12:00 - 2011-06-05 15:43 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-10-17 12:00 - 2009-07-14 06:33 - 00444248 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 11:58 - 2014-04-18 14:50 - 00259292 _____ () C:\Windows\PFRO.log
2014-10-17 11:57 - 2014-04-30 18:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 07:54 - 2010-11-19 23:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-17 07:51 - 2013-08-23 15:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 07:34 - 2010-11-20 09:07 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 15:27 - 2014-06-11 18:23 - 00000000 ____D () C:\Program Files\Opera
2014-10-15 15:19 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-12 11:48 - 2010-11-20 23:04 - 00000000 ____D () C:\Users\XXX\AppData\Local\Adobe
2014-09-29 15:10 - 2013-09-30 16:21 - 00000035 _____ () C:\Windows\Ulead32.INI
2014-09-25 12:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-25 08:35 - 2011-03-09 00:26 - 00000000 ____D () C:\Windows\Minidump
2014-09-24 23:05 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-24 23:03 - 2010-12-06 19:21 - 00000000 ___SD () C:\Users\XXX\Documents\Briefe
2014-09-22 08:41 - 2010-11-19 22:17 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-22 07:58 - 2014-09-02 18:48 - 00000000 ____D () C:\Program Files\{24569821-EF21-4E12-AD45-2D367710474C}
2014-09-22 07:41 - 2013-08-25 19:50 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-09-22 07:41 - 2013-06-13 16:51 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Malwarebytes
2014-09-22 07:41 - 2013-06-13 16:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-22 07:30 - 2013-08-25 15:42 - 00000127 _____ () C:\Users\XXX\AppData\Roaming\WB.CFG
Some content of TEMP:
====================
C:\Users\XXX\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4hkskr.dll
C:\Users\XXX\AppData\Local\temp\nhpmonitor.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-16 17:12
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-10-2014
Ran by XXX at 2014-10-20 20:11:33
Running from C:\Users\XXX\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.01 - Lenovo)
Adobe Acrobat 6.0 Professional - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000001}) (Version: 006.000.000 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - )
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.61.00 - )
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS RT-N65U Wireless Router Utilities (HKLM\...\{279C8532-7E37-4C11-A98B-5EF492034CB6}) (Version: 4.2.5.9 - ASUS)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Burn.Now 4.5 (Version: 4.5.0 - Corel Corporation) Hidden
calibre (HKLM\...\{A66F2101-9BFC-4FB6-9277-7F59EF88BCC2}) (Version: 1.38.0 - Kovid Goyal)
Cisco Systems VPN Client 5.0.06.0160 (HKLM\...\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}) (Version: 5.0.6 - Cisco Systems, Inc.)
Client Security - Password Manager (HKLM\...\{18554B3F-46EA-40A9-B4EA-7EEE83C0559D}) (Version: 8.30.0049.00 - Lenovo Group Limited)
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.48.50 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Create Recovery Media (HKLM\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Desktopicon amazon.de (HKLM\...\DesktopIconAmazon) (Version: 1.0.1 - )
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dienstprogramm "ThinkPad UltraNav" (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Disable AMT Profile Synchronization Pop-up for Windows Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
Energie-Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.32 - )
Eraser 6.0.10.2620 (HKLM\...\{A45C5EC7-F13E-4414-99BE-47373935C0FE}) (Version: 6.0.2620 - The Eraser Project)
Evernote v. 5.4 (HKLM\...\{59071464-DAEE-11E3-9080-00163E98E7D0}) (Version: 5.4.0.3698 - Evernote Corp.)
FreeOCR v5.0 (HKLM\...\freeocr_is1) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GPL Ghostscript 9.00 (HKLM\...\GPL Ghostscript 9.00) (Version: - )
IBM SPSS Smartreader 19 (HKLM\...\{EF0D5825-2FDE-4F02-9B92-A4DB1D7599C8}) (Version: 19.0.0 - IBM)
Integrated Camera Driver Installer Package Ver.1.1.0.48 (HKLM\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.1.0.48 - RICOH)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2622 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
JavaFX 2.1.0 (HKLM\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo Warranty Information (HKLM\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0004.00 - Lenovo)
Lenovo Welcome (HKLM\...\Lenovo Welcome_is1) (Version: 2.0.020.0 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mediencenter 3.8.9799.6 (HKCU\...\Mediencenter) (Version: 3.8.9799.6 - Deutsche Telekom AG)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Metric Collection SDK (Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Reader (HKLM\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version: - )
Microsoft Research AutoCollage Touch 2009 (HKLM\...\{1F8DA253-3C27-4B01-A63A-BA3533120833}) (Version: 2.00.2009 - Microsoft Research)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MP3-Cutter (HKLM\...\MP3-Cutter) (Version: - )
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Nero 9 Essentials (HKLM\...\{fa2dd0a9-2170-4b78-b577-f2f4d9375055}) (Version: - Nero AG)
Nero BurnRights (Version: 3.4.13.100 - Nero AG) Hidden
Nero BurnRights Help (Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (Version: 4.4.4.100 - Nero AG) Hidden
Nero InfoTool (Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (Version: 9.4.38.100 - Nero AG) Hidden
Nero StartSmart Help (Version: 9.4.38.100 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
OLYMPUS Digital Camera Updater (HKLM\...\{A68C62E8-B243-4777-89BB-12173DFA1D45}) (Version: 1.0.1 - OLYMPUS IMAGING CORP.)
Opera Stable 23.0.1522.77 (HKLM\...\Opera 23.0.1522.77) (Version: 23.0.1522.77 - Opera Software ASA)
Opera Stable 25.0.1614.50 (HKLM\...\Opera 25.0.1614.50) (Version: 25.0.1614.50 - Opera Software ASA)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
RICOH R5U230 Media Driver ver.2.06.02.02 (HKLM\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.02.02 - RICOH)
RUBICon (HKLM\...\{438134D3-0BD4-4C52-8575-5B2B63AD01C2}) (Version: 2.0.25 - RUB)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
ScanWizard 5 (HKLM\...\{B08D262E-D902-11D5-9C28-0080C85A0C2D}) (Version: - )
Secunia PSI (3.0.0.7011) (HKLM\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (HKLM\...\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}) (Version: 1.6.5.17120 - Synaptics Inc.)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3200 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage Access Connections (HKLM\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.85 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 1.42 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.5 - Lenovo)
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.275 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 10.0.4600.4 - TuneUp Software) Hidden
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.3 - Intel)
Update for Zip Opener (HKCU\...\DSite) (Version: - ) <==== ATTENTION
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\B7541EC5F72AA713F557569278EB6273725F5607) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (HKLM\...\755087041320E005CB1E8A67C5C55A260EB81B90) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Phone app for desktop (HKLM\...\{19773614-FC22-4ACC-AAA3-E6BDA81ACF92}) (Version: 1.1.2726.0 - Microsoft Corporation)
Windows-Treiberpaket - Intel (e1kexpress) Net (12/10/2009 11.5.10.0) (HKLM\...\5C7A2989588CD51E7DBF313D9E4B7DB4F66AE192) (Version: 12/10/2009 11.5.10.0 - Intel)
Windows-Treiberpaket - Intel (HECI) System (09/17/2009 6.0.0.1179) (HKLM\...\30A4777E896192B8D398199AE1AB235B69BAB26D) (Version: 09/17/2009 6.0.0.1179 - Intel)
Windows-Treiberpaket - Intel System (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows-Treiberpaket - Intel System (10/28/2009 9.1.1.1022) (HKLM\...\098EBB26BF07167AB12D1575EC24F883F9435E59) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows-Treiberpaket - Intel System (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows-Treiberpaket - Intel USB (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows-Treiberpaket - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\E77704EF5E71F4F18CADFBFA68595AFE036D5D97) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows-Treiberpaket - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07) (HKLM\...\FD5ED5E16405CDAA5385DE461B9E5379F91ACCCF) (Version: 10/26/2009 6.10.02.07 - Ricoh Company)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\XXX\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017319.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\XXX\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\XXX\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\XXX\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
01-10-2014 21:08:07 Windows Update
05-10-2014 18:52:57 Windows Update
09-10-2014 14:14:23 Windows Update
13-10-2014 14:10:09 Windows Update
16-10-2014 14:31:59 Windows Update
17-10-2014 05:29:10 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2013-06-14 08:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {11BFD002-5FCA-46D7-99CA-18A467A48F38} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {130E4D4F-0BD8-4E7D-8B04-800948F15256} - System32\Tasks\Opera scheduled Autoupdate 1402503819 => C:\Program Files\Opera\launcher.exe [2014-10-15] (Opera Software)
Task: {13C99129-D58F-49E1-99F9-1C0DCD48B19F} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {382BCE53-3859-4CA7-9118-7D0004974434} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-21] (Google Inc.)
Task: {4B3B6F17-67BC-449F-A02B-339C6E7CEEE2} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {6C26C17B-8034-430E-AC63-BB219FCC7542} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {6C830667-035D-4E6B-AE67-F0C5060B94F0} - System32\Tasks\Google Updater and Installer => C:\Users\XXX\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {6D687FBC-4CD2-44E3-A378-9EC04F756E46} - System32\Tasks\JavaUpdateSched => C:\Windows\System32\jusched.exe
Task: {7D4A2B13-39AC-4795-9979-EA52E300BFD1} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files\Common Files\lenovo\SUP\sup_wermonitor_shim.exe [2014-09-01] ()
Task: {83905B62-68C4-4219-ACFD-F8AA00DE5CE1} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {96212594-E16D-462A-B7E8-2AEE724C769B} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {A08B1692-2261-4B53-8C5F-6279124677FB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-17] (Adobe Systems Incorporated)
Task: {AE20DA03-B461-418F-B755-C2074ABC1CE8} - System32\Tasks\Express FilesUpdate => C:\Program Files\ExpressFiles\EFUpdater.exe <==== ATTENTION
Task: {B216C86A-81DA-43DB-B488-769BD1E0BAB0} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe
Task: {B9137AE2-F73D-4B6C-B931-8A2D9CD8FD9A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-21] (Google Inc.)
Task: {BB98A262-CF96-46EF-982D-77B6A6EA3D11} - System32\Tasks\{5242E32B-A714-49F4-AD46-3C3D63060455} => C:\Program Files\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {C5C370D0-07A6-45D4-A86D-A1E9A29A59F8} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {C6932140-D1C0-4FA2-8C6B-7CFCEE01EF21} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {CE82BD9A-B1C2-44CA-93AC-BD318095C569} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {D369F111-A4A5-4D2F-83B3-DB9D615F375D} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11] (Adobe Systems Incorporated)
Task: {EB252E21-311D-4A0E-A926-C4EADB1D0701} - System32\Tasks\Message Center plus => C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
Task: {F171393A-6636-42F6-B6CC-789543151769} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2014-03-20] (TuneUp Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
==================== Loaded Modules (whitelisted) =============
2003-05-15 03:15 - 2003-05-15 03:15 - 00753664 _____ () C:\Program Files\Adobe\Acrobat 6.0\Distillr\AdistRes.DEU
2006-12-09 04:54 - 2006-12-09 04:54 - 00022723 _____ () C:\Windows\System32\sugg1l3.dll
2011-10-20 11:12 - 2011-10-20 11:12 - 00086016 _____ () C:\Program Files\Lenovo\Access Connections\AcWrpc.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-11-17 13:08 - 2009-11-17 13:08 - 00197424 _____ () C:\Windows\system32\vpnapi.dll
2012-12-07 19:27 - 2012-12-07 19:27 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2014-03-20 14:44 - 2014-03-20 14:44 - 00568120 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2012-09-15 19:43 - 2012-09-15 19:43 - 00065024 _____ () C:\Windows\system32\vaultsvd.exe
2014-05-25 10:37 - 2010-08-10 15:37 - 00217088 ____R () C:\Program Files\ASUS\Printer Utilities\UsbService.exe
2010-11-19 04:18 - 2012-05-16 06:32 - 00094208 _____ () C:\Program Files\ThinkPad\Utilities\GR\PWMRT32V.DLL
2014-10-17 08:13 - 2014-10-17 08:13 - 00186368 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\53867c5c155da47b668e80eb4a84dc51\Kies.Common.DeviceServiceLib.Interface.ni.dll
2014-10-17 08:13 - 2014-10-17 08:13 - 14993920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\86c7c1b7ba431a48215c8d66dfc46df0\Kies.Theme.ni.dll
2014-10-17 08:12 - 2014-10-17 08:12 - 01865728 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\8b48969de0e0c596b6c888aa31171191\Kies.UI.ni.dll
2014-10-17 08:12 - 2014-10-17 08:12 - 00081920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\5fb0786b0ca407287c5872223009b608\Kies.MVVM.ni.dll
2014-10-17 08:13 - 2014-10-17 08:13 - 00236032 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\6815ff93472d008087880a6462931188\ASF_cSharpAPI.ni.dll
2014-10-20 14:46 - 2014-10-20 14:46 - 00043008 _____ () c:\users\XXX\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4hkskr.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\XXX\AppData\Roaming\Dropbox\bin\libcef.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2014-07-22 23:19 - 2014-10-17 12:07 - 00013312 _____ () C:\Program Files\Google\Chrome\Application\WTSAPI32.dll
2014-10-16 21:53 - 2014-10-10 04:03 - 01042760 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-16 21:53 - 2014-10-10 04:03 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.104\libegl.dll
2014-10-16 21:53 - 2014-10-10 04:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-16 21:53 - 2014-10-10 04:03 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2424265513-2494307364-3588977769-500 - Administrator - Disabled)
Gast (S-1-5-21-2424265513-2494307364-3588977769-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2424265513-2494307364-3588977769-1002 - Limited - Enabled)
XXX (S-1-5-21-2424265513-2494307364-3588977769-1000 - Administrator - Enabled) => C:\Users\XXX
==================== Faulty Device Manager Devices =============
Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: USB-Druckerunterstützung
Description: USB-Druckerunterstützung
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Microsoft
Service: usbprint
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/20/2014 02:53:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (10/19/2014 08:05:49 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (10/19/2014 08:04:53 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (10/19/2014 08:04:44 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (10/19/2014 06:12:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (10/19/2014 06:06:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vaultsvd.exe, Version: 1.0.0.1, Zeitstempel: 0x7a76d535
Name des fehlerhaften Moduls: netprofm.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4a5bda75
Ausnahmecode: 0xc0000005
Fehleroffset: 0x696b76ad
ID des fehlerhaften Prozesses: 0xe80
Startzeit der fehlerhaften Anwendung: 0xvaultsvd.exe0
Pfad der fehlerhaften Anwendung: vaultsvd.exe1
Pfad des fehlerhaften Moduls: vaultsvd.exe2
Berichtskennung: vaultsvd.exe3
Error: (10/18/2014 11:36:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (10/17/2014 00:36:54 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (10/17/2014 00:36:08 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (10/17/2014 00:36:01 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
System errors:
=============
Error: (10/20/2014 08:10:24 PM) (Source: LPDSVC) (EventID: 4009) (User: )
Description: \\192.168.1.127\RT-N65U192.168.1.1
Error: (10/20/2014 08:08:29 PM) (Source: LPDSVC) (EventID: 4009) (User: )
Description: \\192.168.1.127\RT-N65U192.168.1.1
Error: (10/20/2014 08:06:08 PM) (Source: LPDSVC) (EventID: 4009) (User: )
Description: \\192.168.1.127\RT-N65U192.168.1.1
Error: (10/20/2014 07:29:25 PM) (Source: LPDSVC) (EventID: 4009) (User: )
Description: \\192.168.1.127\RT-N65U192.168.1.1
Error: (10/20/2014 07:25:32 PM) (Source: LPDSVC) (EventID: 4009) (User: )
Description: \\192.168.1.127\RT-N65U192.168.1.1
Error: (10/20/2014 07:24:02 PM) (Source: LPDSVC) (EventID: 4009) (User: )
Description: \\192.168.1.127\RT-N65U192.168.1.1
Error: (10/20/2014 07:22:31 PM) (Source: LPDSVC) (EventID: 4009) (User: )
Description: \\192.168.1.127\RT-N65U192.168.1.1
Error: (10/20/2014 07:20:16 PM) (Source: LPDSVC) (EventID: 4009) (User: )
Description: \\192.168.1.127\RT-N65U192.168.1.1
Error: (10/20/2014 07:18:15 PM) (Source: LPDSVC) (EventID: 4009) (User: )
Description: \\192.168.1.127\RT-N65U192.168.1.1
Error: (10/20/2014 07:15:41 PM) (Source: LPDSVC) (EventID: 4009) (User: )
Description: \\192.168.1.127\RT-N65U192.168.1.1
Microsoft Office Sessions:
=========================
Error: (10/20/2014 02:53:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (10/19/2014 08:05:49 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion6.0.0.6u9b41C:\Program Files\IBM\SPSS\Smartreader\19\JRE\bin\unpack.dllC:\Program Files\IBM\SPSS\Smartreader\19\JRE\bin\unpack.dll19
Error: (10/19/2014 08:04:53 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dllC:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll0
Error: (10/19/2014 08:04:44 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion6.0.0.6u9b41C:\Program Files\IBM\SPSS\Smartreader\19\JRE\bin\unpack200.exeC:\Program Files\IBM\SPSS\Smartreader\19\JRE\bin\unpack200.exe19
Error: (10/19/2014 06:12:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (10/19/2014 06:06:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vaultsvd.exe1.0.0.17a76d535netprofm.dll_unloaded0.0.0.04a5bda75c0000005696b76ade8001cfebb674e89decC:\Windows\system32\vaultsvd.exenetprofm.dllf35bb64f-57a9-11e4-b1ad-f0def11aa2f5
Error: (10/18/2014 11:36:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (10/17/2014 00:36:54 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion6.0.0.6u9b41C:\Program Files\IBM\SPSS\Smartreader\19\JRE\bin\unpack.dllC:\Program Files\IBM\SPSS\Smartreader\19\JRE\bin\unpack.dll19
Error: (10/17/2014 00:36:08 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dllC:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll0
Error: (10/17/2014 00:36:01 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion6.0.0.6u9b41C:\Program Files\IBM\SPSS\Smartreader\19\JRE\bin\unpack200.exeC:\Program Files\IBM\SPSS\Smartreader\19\JRE\bin\unpack200.exe19
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 48%
Total physical RAM: 2995.67 MB
Available physical RAM: 1555.42 MB
Total Pagefile: 5989.63 MB
Available Pagefile: 4032.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1880.57 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:454.33 GB) (Free:70.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:3.67 GB) (Free:3.6 GB) FAT32
Drive q: (Lenovo_Recovery) (Fixed) (Total:10.25 GB) (Free:5.04 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: BD6B6839)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.3 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
gibt es schon erkenntnisse bzgl. meines problems? |
|
22.10.2014, 10:12
| #4 |
| /// the machine /// TB-Ausbilder | Ständiger Absturz aller Internet Browser Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.10.2014, 17:35
| #5 |
| | Ständiger Absturz aller Internet Browser Zitat: "Uninstall ist fehlgeschlagen. Vermutlich ungültiger deinstall Befehl." Soll ich trotzdem weiter machen? Combofix Logfile: Code:
ATTFilter ComboFix 14-10-21.01 - *** 22.10.2014 17:17:56.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2996.1729 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\system32\Settings
c:\windows\system32\Settings\Settings.ini
c:\windows\system32\uxtEE99.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-09-22 bis 2014-10-22 ))))))))))))))))))))))))))))))
.
.
2014-10-22 15:25 . 2014-10-22 15:26 -------- d-----w- c:\users\***\AppData\Local\temp
2014-10-22 15:25 . 2014-10-22 15:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-10-22 15:25 . 2014-10-22 15:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-22 14:39 . 2014-10-14 20:13 8901368 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0EBA55DB-8D57-4BFE-A019-AC8CE41E7D40}\mpengine.dll
2014-10-22 14:29 . 2014-10-22 14:29 -------- d-----w- c:\program files\{0C77035A-6E99-45BB-ABDF-5D0A399CAD4E}
2014-10-22 13:34 . 2014-10-22 13:34 -------- d-----w- c:\program files\VS Revo Group
2014-10-21 14:14 . 2014-10-14 20:13 8901368 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-20 18:09 . 2014-10-20 18:12 -------- d-----w- C:\FRST
2014-10-16 14:28 . 2014-07-17 01:40 157696 ----a-w- c:\windows\system32\winsta.dll
2014-10-16 14:28 . 2014-07-17 01:39 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-10-16 14:28 . 2014-07-17 01:39 523264 ----a-w- c:\windows\system32\termsrv.dll
2014-10-16 14:28 . 2014-07-17 01:39 130048 ----a-w- c:\windows\system32\rdpcorekmts.dll
2014-10-16 14:28 . 2014-07-17 01:39 304128 ----a-w- c:\windows\system32\winlogon.exe
2014-10-16 14:28 . 2014-07-17 01:03 184320 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-10-16 14:28 . 2014-07-17 01:39 17408 ----a-w- c:\windows\system32\credssp.dll
2014-10-16 14:28 . 2014-07-17 01:02 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-10-16 14:28 . 2014-10-10 01:44 230912 ----a-w- c:\windows\system32\generaltel.dll
2014-10-16 14:28 . 2014-10-10 01:44 396288 ----a-w- c:\windows\system32\aepdu.dll
2014-10-16 14:28 . 2014-10-10 01:39 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-10-16 14:28 . 2014-09-29 00:41 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-10-16 14:27 . 2014-09-04 05:04 372736 ----a-w- c:\windows\system32\rastls.dll
2014-10-16 14:27 . 2014-06-18 22:23 156824 ----a-w- c:\windows\system32\mscorier.dll
2014-10-16 14:27 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\system32\dfshim.dll
2014-10-16 14:27 . 2014-06-18 22:23 81560 ----a-w- c:\windows\system32\mscories.dll
2014-10-16 14:27 . 2014-08-29 01:44 2744320 ----a-w- c:\windows\system32\rdpcorets.dll
2014-10-16 14:27 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\system32\mstscax.dll
2014-10-16 14:27 . 2014-09-18 01:32 2363904 ----a-w- c:\windows\system32\msi.dll
2014-10-16 14:27 . 2014-09-13 01:40 67072 ----a-w- c:\windows\system32\packager.dll
2014-10-16 14:15 . 2014-10-16 14:15 -------- d-----w- c:\program files\{86A8B659-FA95-48E5-8E24-5E61DBDFCC45}
2014-10-12 17:35 . 2014-10-12 17:35 -------- d-----w- c:\program files\McAfee Security Scan
2014-10-12 09:54 . 2014-10-12 17:35 -------- d-----w- c:\programdata\McAfee Security Scan
2014-10-12 09:54 . 2014-10-17 06:50 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-10-12 09:54 . 2014-10-17 06:50 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-08 16:57 . 2014-10-08 16:57 -------- d-----w- c:\users\***\AppData\Local\FreeOCR
2014-10-08 16:02 . 2007-03-10 08:11 2680320 ----a-w- c:\windows\system32\ImageEnXLibrary.ocx
2014-10-08 16:02 . 2014-10-08 17:00 -------- d-----w- C:\FreeOCR
2014-10-08 16:00 . 2014-10-08 16:00 -------- d-----w- c:\program files\Temp
2014-10-02 12:24 . 2014-09-16 15:18 908840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44BE5385-8052-4C6E-AD40-58DDAD1F4A51}\gapaengine.dll
2014-10-01 16:37 . 2014-09-25 01:40 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-24 03:43 . 2014-09-09 21:47 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-22 06:41 . 2010-11-19 20:17 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-09-16 15:18 . 2013-06-21 05:27 908840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-03 05:27 . 2010-06-24 10:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 01:46 . 2014-08-27 19:59 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-01 11:35 . 2014-09-10 17:56 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}]
2014-10-22 14:29 324096 ----a-w- c:\program files\{0C77035A-6E99-45BB-ABDF-5D0A399CAD4E}\{D05297C5-2F5C-4AE2-A315-92E3DE479B1B}.bin
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Mediencenter_InSync]
@="{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}]
2013-02-12 14:30 540672 ----a-w- c:\users\***\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Mediencenter_ToSync]
@="{528EE335-5034-4EFC-834E-63E5F02D2BC2}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}]
2013-02-12 14:30 540672 ----a-w- c:\users\***\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Mediencenter_Failed]
@="{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}]
2013-02-12 14:30 540672 ----a-w- c:\users\***\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2014-04-23 1564992]
"GoogleChromeAutoLaunch_3DE93EBB1452A07E5EFE376DE1AED924"="c:\program files\Google\Chrome\Application\chrome.exe" [2014-10-10 854344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2011-06-10 3110200]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2014-04-23 311616]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2013-04-23 2379504]
"ACTray"="c:\program files\Lenovo\Access Connections\ACTray.exe" [2011-10-20 433216]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-13 36414624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 279456]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-7-3 563416]
VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico -user_logon [2011-1-12 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2013-03-05 19:49 101160 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Akamai NetSession Interface"="c:\users\***\AppData\Local\Akamai\netsession_win.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AcWin7Hlpr"=c:\program files\Lenovo\Access Connections\AcTBenabler.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"LENOVO.TPKNRRES"=c:\program files\Lenovo\Communications Utility\TPKNRRES.exe
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" -hide -runkey
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
"RotateImage"=c:\program files\Integrated Camera Driver\RCIMGDIR.exe
"SmartAudio"=c:\program files\CONEXANT\SAII\SAIICpl.exe /t
"ACTray"=c:\program files\Lenovo\Access Connections\ACTray.exe
"TpShocks"=TpShocks.exe
"PWMTRV"=rundll32 c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" silent
"SynTPEnh"=%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
"TPHOTKEY"=c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe
"Eraser"="c:\progra~1\Eraser\Eraser.exe" --atRestart
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
R2 UsbService;ASUS Virtual MFP Service;c:\program files\ASUS\Printer Utilities\UsbService.exe [2010-08-10 217088]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [2012-03-15 143360]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2012-01-15 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-01-23 29472]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-04-11 89856]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 235696]
R3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 95920]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2014-08-22 288120]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys [2010-09-07 28672]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2010-11-19 816792]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2012-05-16 1662560]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2013-07-03 16024]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2012-05-16 1665120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2010-01-06 57856]
R3 SPPD;SPPD;c:\windows\system32\drivers\SPPD.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2014-04-11 184192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-29 99768]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2012-05-16 25416]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2011-12-28 22344]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 MpKsl560126b6;MpKsl560126b6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{24BBD47C-224D-401B-81AE-171866219B3C}\MpKsl560126b6.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-03-15 509448]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-04-23 104208]
S2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2010-02-04 132456]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-07-27 50536]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-07-27 74088]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640]
S2 ScrybeUpdater;Scrybe-Updateprogramm;c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2013-07-03 1228504]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2013-07-03 660184]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 131432]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [2014-03-20 1773368]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-09-29 13752]
S2 ucsvc32;Intel(R) Management Ericsson;c:\windows\system32\vaultsvd.exe [2012-09-15 65024]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-03 2533400]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-06-25 2759984]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-05-23 132864]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-03-15 143360]
S3 e1kexpress;Intel(R) Network Connections Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2013-11-13 369416]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 270336]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\Netwsn00.sys [2012-06-03 10364416]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2012-07-05 23608]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [2014-02-10 12320]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 38336]
S3 vuhub;Virtual Usb Hub;c:\windows\system32\DRIVERS\vuhub.sys [2007-12-17 66432]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
LPDService REG_MULTI_SZ LPDSVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-16 19:50 1089352 ----a-w- c:\program files\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-12 06:50]
.
2014-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-07-21 15:45]
.
2014-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-07-21 15:45]
.
2014-10-17 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2014-10-22 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M104AA6EE-841E-437B-B6C6-5A9032838D99&SearchSource=55&CUI=&UM=6&UP=SP3FFE209F-A259-4A43-A803-98C1B7DA00C9&SSPV=SP21726TB_sp_ie
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Auswahl speichern - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Bild ausschneiden - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Diese Seite ausschneiden - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Free YouTube Download - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Neue Notiz - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: URL notieren - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\qwf7buxd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF - prefs.js: browser.search.selectedEngine - Trovi search
FF - prefs.js: browser.startup.homepage - hxxp://www.trovi.com/?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M104AA6EE-841E-437B-B6C6-5A9032838D99&SearchSource=55&CUI=&UM=6&UP=SP3FFE209F-A259-4A43-A803-98C1B7DA00C9&SSPV=SP21726TB_sp_ff
FF - prefs.js: keyword.URL - hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF - user.js: browser.search.defaultenginename - Google
FF - user.js: browser.search.defaulturl - hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF - user.js: keyword.URL - hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF - user.js: browser.urlbar.autoFill - false//;
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.search.defaultenginename - Google
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.startup.homepage - hxxp://www.google.de?hl=de&gl=de
FF - user.js: browser.search.defaulturl - hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF - user.js: keyword.URL - hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-MyFreeCodec - c:\program files\MyFree Codec\1.0b beta\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(680)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
Zeit der Fertigstellung: 2014-10-22 17:27:48
ComboFix-quarantined-files.txt 2014-10-22 15:27
.
Vor Suchlauf: 18 Verzeichnis(se), 75.433.230.336 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 75.377.385.472 Bytes frei
.
- - End Of File - - 843210A9848AE1007886258AEB136DEB
8C70B19A1C78F9CAE985E86A406833B1 [/HTML] |
|
23.10.2014, 11:10
| #6 |
| /// the machine /// TB-Ausbilder | Ständiger Absturz aller Internet Browser Ja dann einfach auf OK klicken, dann entfernt Revo die Reste. danach dann so weiter: Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Ständiger Absturz aller Internet Browser |
|
24.10.2014, 10:03
| #7 |
| | Ständiger Absturz aller Internet BrowserCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 24.10.2014 Suchlauf-Zeit: 10:10:37 Logdatei: mbam log.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.10.24.03 Rootkit Datenbank: v2014.10.22.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: *** Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 319460 Verstrichene Zeit: 14 Min, 9 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 16 PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, , [b2d1de3a17653cfa216c57f6eb15e917], PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{E7BF74EE-9106-4113-B216-2F980BA29141}, , [b2d1de3a17653cfa216c57f6eb15e917], PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}, , [b2d1de3a17653cfa216c57f6eb15e917], PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\DPBHO.DownloadProtect.1, , [b2d1de3a17653cfa216c57f6eb15e917], PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\DPBHO.DownloadProtect, , [b2d1de3a17653cfa216c57f6eb15e917], PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, , [b2d1de3a17653cfa216c57f6eb15e917], PUP.Optional.DownloadProtect.A, HKU\S-1-5-21-2424265513-2494307364-3588977769-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, , [b2d1de3a17653cfa216c57f6eb15e917], PUP.Optional.DownloadProtect.A, HKU\S-1-5-21-2424265513-2494307364-3588977769-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, , [b2d1de3a17653cfa216c57f6eb15e917], PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}\INPROCSERVER32, , [b2d1de3a17653cfa216c57f6eb15e917], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2424265513-2494307364-3588977769-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [0e756badd3a9d85e7fe9574d7989d32d], PUP.Optional.Astromenda.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, , [88fb9b7df28a71c56dc8a2f1887c7f81], PUP.Optional.InstallCore.A, HKLM\SOFTWARE\INSTALLCORE\WSE_Astromenda, , [bac9948416661a1c10bcdb449c67d927], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, , [9de6a96f1b611e18f6fda3eefe06946c], PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\SEARCHPROTECT, , [6023ee2a740884b243fa50e429dabb45], PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD, , [364d19ff8cf089ada5ed062733d04db3], PUP.Optional.Astromenda.A, HKU\S-1-5-21-2424265513-2494307364-3588977769-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, , [acd71cfc4a321e182b0b7e15bd471ce4], Registrierungswerte: 2 PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\SEARCHPROTECT|InstallDir, C:\PROGRA~1\SearchProtect, , [6023ee2a740884b243fa50e429dabb45] PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD|ImagePath, \??\C:\Windows\system32\drivers\SPPD.sys, , [364d19ff8cf089ada5ed062733d04db3] Registrierungsdaten: 1 PUP.Optional.Trovi.A, HKU\S-1-5-21-2424265513-2494307364-3588977769-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.trovi.com/?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M104AA6EE-841E-437B-B6C6-5A9032838D99&SearchSource=55&CUI=&UM=6&UP=SP3FFE209F-A259-4A43-A803-98C1B7DA00C9&SSPV=SP21726TB_sp_ie, Gut: (www.google.com), Schlecht: (hxxp://www.trovi.com/?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M104AA6EE-841E-437B-B6C6-5A9032838D99&SearchSource=55&CUI=&UM=6&UP=SP3FFE209F-A259-4A43-A803-98C1B7DA00C9&SSPV=SP21726TB_sp_ie),,[3152b662dd9f95a13731f62a52b39e62] Ordner: 64 PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\data, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\blackfriday, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\weather, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\weather\images, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\css, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\about, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\apps, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\clean, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\discovery, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\favorites, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\ftue, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons\pageAction, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\image-upload, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\loaders, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\notifications, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\review-gifs, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\review-gifs\cat, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\bubbles, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\buttons, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\city, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\clean, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\disco, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\fishing, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\forest, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\mountains, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\planets, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\sea, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\space, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\strips, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\sunset, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\user, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\js, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\locales, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\ar, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\de, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\en, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\es, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\fr, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\he, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\it, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\ja, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\nl, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\pl, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\pt_BR, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\ru, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\tr, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_metadata, , [dda678a017658fa7f729d53f4cb77c84], Dateien: 432 PUP.Optional.DownloadProtect.A, C:\Program Files\{60A90C5B-D00E-4C69-8ED7-B2E62C821219}\{52478B31-43BA-467B-8A07-1CC7EE2729D4}.bin, , [b2d1de3a17653cfa216c57f6eb15e917], PUP.Optional.DownloadProtect.A, C:\Program Files\{0C77035A-6E99-45BB-ABDF-5D0A399CAD4E}\{D05297C5-2F5C-4AE2-A315-92E3DE479B1B}.bin, , [c6bd839515672610d1bc4508a45c32ce], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\background.html, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\manifest.json, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\newtab.html, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\opentab.html, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\comp.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\phone-frame.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\phone.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\0-mobile.jpg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\0.jpg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\1-mobile.jpg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\1.jpg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\2-mobile.jpg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\2.jpg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\3-mobile.jpg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\3.jpg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\4-mobile.jpg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\4.jpg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\5-mobile.jpg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\5.jpg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\data\gallery.json, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\9gag.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\afterDownload.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\aim.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\aim_alt.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\amazon.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\apple.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\app_store.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\arto.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\aws.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\baidu.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\basecamp.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\bebo.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\behance.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\bing.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\blogger.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\bnter.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\brightkite.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\cinch.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\cloudapp.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\coroflot.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\creative_commons.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\dailybooth.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\delicious.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\designbump.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\designfloat.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\designmoo.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\deviantart.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\digg.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\digg_alt.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\diigo.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\dribbble.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\dropbox.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\drupal.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\dzone.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\ebay.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\ember.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\etsy.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\evernote.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\expedia.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\facebook.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\facebook_alt.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\facebook_places.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\facto.me.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\feedburner.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\flickr.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\folkd.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\formspring.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\forrst.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\foursquare.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\foxtab.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\friendfeed.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\friendster.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\funmoods.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\gdgt.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\github.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\github_alt.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\gmail.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\goodreads.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\google-drive.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\google.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\google_buzz.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\google_talk.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\gowalla.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\gowalla_alt.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\grooveshark.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\hacker_news.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\hi5.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\hype_machine.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\hyves.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\icq.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\identi.ca.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\installCore.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\instapaper.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\ironSource.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\iS-bizcards.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\iS-confluence.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\blip.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\gameo.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\last.fm.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\msn_messenger.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\picassa.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\retweet.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\squarespace.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\tumblr.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\iS-facebook.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\iS-googleplus.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\iS-jira.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\iS-linkedin.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\iS-news.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\iS-presence.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\iS-signature.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\iS-twitter.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\itunes.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\jira.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\kik.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\krop.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\linkedin.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\linkedin_alt.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\livejournal.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\lovedsgn.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\meetup.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\metacafe.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\ming.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\mister_wong.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\mixx.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\mixx_alt.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\mobileCore.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\mobileme.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\myspace.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\myspace_alt.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\netflix.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\newsvine.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\noaa.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\nytimes.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\official.fm.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\openid.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\orkut.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\pandora.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\path.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\paypal.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\photobucket.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\picasa.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\pinboard.in.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\ping.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\pingchat.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\playstation.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\plixi.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\plurk.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\podcast.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\posterous.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\qik.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\quik.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\quora.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\rdio.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\readernaut.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\reddit.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\robo.to.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\rss.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\salesforce.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\scribd.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\sharethis.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\simplenote.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\skype.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\slashdot.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\slideshare.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\smugmug.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\soundcloud.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\spotify.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\squidoo.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\steam.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\stumbleupon.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\technorati.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\theweatherchannel.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\threewords.me.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\trello.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\tribe.net.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\tripadvisor.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\tripit.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\tweaks-soft.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\twitter.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\twitter_alt.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\vcard.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\viddler.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\vimeo.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\virb.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\w3.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\weatherbug.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\whatsapp.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\wikipedia.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\windows.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\wists.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\wordpress.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\wordpress_alt.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\xing.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\yahoo!_buzz.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\yahoo!_messenger.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\yahoo.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\yelp.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\youtube.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\youtube_alt.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\zerply.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\zootool.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\zynga.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\blackfriday\amazon.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\blackfriday\bestbuy.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\blackfriday\kmart.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\blackfriday\newegg.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\blackfriday\overstock.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\blackfriday\samsung.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\blackfriday\target.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\blackfriday\wallmart.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\weather\images\clock-icon-small-black.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\weather\images\clock-icon-small.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\weather\images\cloud-icon-small-black.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\weather\images\cloud-icon-small.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\weather\images\icons-black.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\weather\images\icons.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\css\jquery-ui-1.10.3.custom.min.css, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\css\newtab.css, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\css\normalize.css, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\css\opentab.css, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\css\opentab_global.css, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\close-btn.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\close_80x80.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\default-image-grey.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\default-image.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\default-image.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\powered-by-google.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\about\spotsbeta.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\apps\android-white.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\apps\download.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\apps\star.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\apps\star_full.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\clean\add.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\clean\chrome_apps.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\clean\menu-icon.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\clean\profile.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\clean\recently.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\clean\search.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\clean\searchb.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\clean\sms.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\discovery\arrow-down-active.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\discovery\arrow-down.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\discovery\discovery_facebook.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\favorites\add-item-icon-black.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\favorites\add-item-icon.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\favorites\arrow-down.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\favorites\arrow-up.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\favorites\edit-item-icon.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\favorites\new-tab.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\favorites\plus-black.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\favorites\plus-white.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\favorites\remove-item-icon.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\ftue\arrow-up.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\ftue\ftue-finish-icon.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\ftue\ftue-phone.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\ftue\search-bar.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons\128.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons\16.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons\48.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons\arrow-down.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons\logo.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons\v-icon.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons\whitelogo.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons\x-icon.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons\pageAction\19x19.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons\pageAction\19x19b.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons\pageAction\38x38.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons\pageAction\38x38b.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\image-upload\computer.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\image-upload\screenshot1.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\image-upload\screenshot2.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\image-upload\screenshot3.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\image-upload\screenshot4.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\image-upload\warning.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\loaders\loader.swf, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\loaders\loader_white.swf, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\notifications\birthday-black.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\notifications\birthday.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\notifications\dismiss-icon-black.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\notifications\dismiss-icon.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\notifications\event-black.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\notifications\event.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\notifications\minimize.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\em-clean.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\!.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\android-clean.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\android.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\call-clean.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\call.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\close-chat-clean.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\close-chat.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\contact-default-clean.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\contact-default.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\contact-opacity.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\hangup-black.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\hangup-clean.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\hangup.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\phone-welcome-dismiss-icon-clean.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\phone-welcome-dismiss-icon.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\phone_icon-clean.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\phone_icon.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\phone_preview-clean.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\phone_preview.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\search-call-black.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\search-call-clean.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\search-call.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\search-clean.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\search.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\sms-black.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\sms-clean.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone\sms.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\review-gifs\plane.gif, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\review-gifs\rating-star.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\review-gifs\cat\cat_1.gif, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\review-gifs\cat\cat_2.gif, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\review-gifs\cat\cat_3.gif, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\review-gifs\cat\cat_4.gif, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\review-gifs\cat\cat_5.gif, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\bookmark-icon-black.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\bookmark-icon-white.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\calculator-icon-black.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\calculator-icon-white.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\hangup.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\navigation-icon-black.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\navigation-icon-white.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\phone_preview.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\plus-dark-sm.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\remove-dark-sm.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\search-black.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\search-icon-black.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\search-icon-white.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\search.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\sms.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\web-result-icon-black.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search\web-result-icon-white.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\bubbles\bg.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\bubbles\footer.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\bubbles\thumb.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\buttons\bg.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\buttons\footer.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\buttons\thumb.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\city\bg.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\city\footer.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\city\thumb.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\clean\thumb.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\disco\bg.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\disco\footer.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\disco\thumb.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\fishing\bg.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\fishing\footer.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\fishing\thumb.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\forest\bg.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\forest\footer.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\forest\thumb.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\mountains\bg.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\mountains\footer.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\mountains\thumb.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\planets\bg.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\planets\footer.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\planets\thumb.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\sea\bg.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\sea\footer.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\sea\thumb.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\space\bg.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\space\footer.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\space\thumb.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\strips\bg.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\strips\footer.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\strips\thumb.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\sunset\bg.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\sunset\footer.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\sunset\thumb.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\user\login.svg, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\user\menu-icon.png, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\js\background.js, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\js\bootstrap.js, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\js\newtab.js, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\js\opentab.js, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\jquery.inview.min.js, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\aes.js, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\angular-animate.min.js, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\angular-route.min.js, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\angular.min.js, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\async.min.js, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\aws-sdk-2.0.0-rc9.min.js, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\eventsource.min.js, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\idbstore.min.js, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\jquery-2.1.1.min.js, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\jquery-ui-1.10.3.custom.min.js, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\js-canvas-to-blob.js, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\lodash.underscore.min.js, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\md5.js, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\mixins.loadash.js, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\moment-with-langs.min.js, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\moment.min.js, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\phoneformat.js, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\sortable.js, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\TweenMax.min.js, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib\utils.js, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\locales\i18n_de.json, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\locales\i18n_en.json, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\locales\i18n_es.json, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\locales\i18n_fr.json, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\locales\i18n_he.json, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\locales\i18n_it.json, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\locales\i18n_ja.json, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\locales\i18n_nl.json, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\locales\i18n_pl.json, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\locales\i18n_pt.json, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\locales\i18n_ru.json, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\locales\i18n_tr.json, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\ar\messages.json, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\de\messages.json, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\en\messages.json, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\es\messages.json, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\fr\messages.json, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\he\messages.json, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\it\messages.json, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\ja\messages.json, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\nl\messages.json, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\pl\messages.json, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\pt_BR\messages.json, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\ru\messages.json, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\tr\messages.json, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Astromenda, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_metadata\verified_contents.json, , [dda678a017658fa7f729d53f4cb77c84], PUP.Optional.Trovi.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "new_tab_url": "https://www.trovi.com/?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M104AA6EE-841E-437B-B6C6-5A9032838D99&SearchSource=69&CUI=&SSPV=SP21726TB_sp_ch&lay=5&p=cnts&UM=6&UP=SP3FFE209F-A259-4A43-A803-98C1B7DA00C9&SAT=CNTS",), ,[b9ca88900f6dbc7a050cdd84a46153ad] PUP.Optional.Trovi, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\qwf7buxd.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.selectedEngine", "Trovi search");), ,[562def29f785f93d8aa1144b54b110f0] PUP.Optional.Trovi.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\qwf7buxd.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M104AA6EE-841E-437B-B6C6-5A9032838D99&SearchSource=55&CUI=&UM=6&UP=SP3FFE209F-A259-4A43-A803-98C1B7DA00C9&SSPV=SP21726TB_sp_ff");), ,[daa955c39ae28aac9f198cd3d72e926e] PUP.Optional.Trovi.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\qwf7buxd.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M104AA6EE-841E-437B-B6C6-5A9032838D99&SearchSource=69&CUI=&SSPV=SP21726TB_sp_ff&Lay=1&UM=6&UP=SP3FFE209F-A259-4A43-A803-98C1B7DA00C9");), ,[ea9934e4d0aca393a91095ca1ce95da3] Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Professional x86
Ran by *** on 24.10.2014 at 10:38:22,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}
~~~ Files
Successfully deleted: [File] C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files\shareaza applications\mediabar"
~~~ FireFox
Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\qwf7buxd.default\minidumps [5 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.10.2014 at 10:40:02,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
24.10.2014, 10:06
| #8 |
| | Ständiger Absturz aller Internet Browser AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.000 - Report created 21/08/2013 at 13:43:02
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : *** - ***-THINK
# Running from : C:\Users\***\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\FreeRIP
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRIP3
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\facemoods.com
Folder Deleted : C:\Program Files\FreeRIP3
Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB
File Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4j4b4ll7.default\user.js
File Deleted : C:\Windows\System32\Tasks\Browser Manager
File Deleted : C:\Windows\System32\Tasks\BrowserDefendert
File Deleted : C:\Windows\System32\Tasks\EPUpdater
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\e57d9d0b03dbe40
Key Deleted : HKLM\SOFTWARE\e57d9d0b03dbe40
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_freerip-mp3_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_freerip-mp3_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_frostwire_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_frostwire_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mp3directcut_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mp3directcut_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\Software\DataMngr
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16611
-\\ Mozilla Firefox v22.0 (de)
[ File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4j4b4ll7.default\prefs.js ]
Line Deleted : user_pref("browser.newtab.url", "hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=EA790027109593E9&affID=119357&tsp=4975");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=EA790027109593E9&affID=119357&tsp=4975");
-\\ Google Chrome v
[ File : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [4747 octets] - [21/08/2013 13:40:44]
AdwCleaner[S0].txt - [3794 octets] - [21/08/2013 13:43:02]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3854 octets] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.001 - Report created 26/08/2013 at 14:49:33
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : *** - ***-THINK
# Running from : C:\Users\***\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files\LyriXeeker
Folder Deleted : C:\Program Files\openit
Folder Deleted : C:\Users\***\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Folder Deleted : C:\Users\***\AppData\Roaming\DSite
File Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4j4b4ll7.default\bProtector_extensions.rdf
File Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4j4b4ll7.default\\invalidprefs.js
File Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4j4b4ll7.default\user.js
File Deleted : C:\Windows\Tasks\DSite.job
File Deleted : C:\Windows\System32\Tasks\DSite
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Manager
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62948E2D-4ABB-4728-BA5E-86CA80E42BFC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62948E2D-4ABB-4728-BA5E-86CA80E42BFC}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D218A0A-CAAE-46C7-AD3E-1BE519DDE87E}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D218A0A-CAAE-46C7-AD3E-1BE519DDE87E}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\e57d9d0b03dbe40
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\AppDataLow\Software\lyrixeeker
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lyrix@lyrixeeker.co
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16660
-\\ Mozilla Firefox v23.0.1 (de)
[ File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4j4b4ll7.default\prefs.js ]
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.bbDpng", "25");
Line Deleted : user_pref("extensions.delta.cntry", "DE");
Line Deleted : user_pref("extensions.delta.dfltLng", "de");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.hdrMd5", "1873826A98E426121E8B2D16DA6B222F");
Line Deleted : user_pref("extensions.delta.id", "ea7941b10000000000000027109593e9");
Line Deleted : user_pref("extensions.delta.instlDay", "15942");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.lastVrsnTs", "1.8.24.614:43:09");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.sg", "czb");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.614:43:09");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4985");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
-\\ Google Chrome v
[ File : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : homepage
Deleted : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [9818 octets] - [21/08/2013 13:40:44]
AdwCleaner[S0].txt - [8940 octets] - [21/08/2013 13:43:02]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9000 octets] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.001 - Bericht erstellt am 24/10/2014 um 10:31:06
# DB v2014-10-23.2
# Aktualisiert 20/10/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : *** - ***-THINK
# Gestartet von : C:\Users\***\Desktop\AdwCleaner_4.001.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : SPPD
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\***\AppData\Local\Astromenda
Ordner Gelöscht : C:\ProgramData\Uniblue
Ordner Gelöscht : C:\Program Files\{0C77035A-6E99-45BB-ABDF-5D0A399CAD4E}
Ordner Gelöscht : C:\Program Files\{24569821-EF21-4E12-AD45-2D367710474C}
Ordner Gelöscht : C:\Program Files\{60A90C5B-D00E-4C69-8ED7-B2E62C821219}
Ordner Gelöscht : C:\Windows\Installer\{DBA5AAB4-B514-4439-852E-4C5A473387A6}
Ordner Gelöscht : C:\Windows\Installer\{E67B9FAE-9C6F-4922-89D9-668F54994F5E}
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4j4b4ll7.default\user.js
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\qwf7buxd.default\user.js
***** [ Tasks ] *****
Task Gelöscht : Express FilesUpdate
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{E8CC15B4-5BC5-4B84-BD03-232485DE6391}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{528AF062-6C06-47EB-8F64-50EEBC9C5492}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{06E58E5E-F8CB-4049-991E-A41C03BD419E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DCC70A83-E184-40A3-906B-779AF5E941C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Schlüssel Gelöscht : HKCU\Software\Astromenda
Schlüssel Gelöscht : HKCU\Software\BRS
Schlüssel Gelöscht : HKCU\Software\MGShareware
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\MGShareware
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.17116
-\\ Mozilla Firefox v32.0.3 (x86 de)
-\\ Google Chrome v38.0.2125.104
*************************
AdwCleaner[R0].txt - [16183 octets] - [21/08/2013 13:40:44]
AdwCleaner[S0].txt - [15205 octets] - [21/08/2013 13:43:02]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15266 octets] ##########
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2014
Ran by *** (administrator) on ***-THINK on 24-10-2014 10:53:17
Running from C:\Users\***\Desktop
Loaded Profile: *** (Available profiles: ***)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
() C:\Windows\System32\vaultsvd.exe
() C:\Program Files\ASUS\Printer Utilities\UsbService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\ACTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
(Dropbox, Inc.) C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3110200 2011-06-10] (Lenovo Group Limited)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-04-23] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2379504 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [ACTray] => C:\Program Files\Lenovo\Access Connections\ACTray.exe [433216 2011-10-20] (Lenovo)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-04-23] (Samsung)
HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\...\Run: [GoogleChromeAutoLaunch_3DE93EBB1452A07E5EFE376DE1AED924] => C:\Program Files\Google\Chrome\Application\chrome.exe [854344 2014-10-10] (Google Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico ()
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\***\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\***\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\***\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKCU - {A8945019-18BA-4ECC-B55E-160FD84D07CE} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=386496&p={searchTerms}
SearchScopes: HKCU - {E668679A-8755-47E1-B2EE-49D9FA828DB8} URL =
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\qwf7buxd.default
FF DefaultSearchUrl: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017319.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Download Protect - C:\Program Files\Mozilla Firefox\extensions\{1100902D-4A07-442C-94E6-5EA504FA866B} [2014-09-26]
FF HKLM\...\Firefox\Extensions: [{43F0A0D9-E38D-4871-8E9E-1E994337AC4E}] - C:\Windows\Installer\{36D36377-426A-4F33-89AA-62A42788D4EF}\{43F0A0D9-E38D-4871-8E9E-1E994337AC4E}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{36D36377-426A-4F33-89AA-62A42788D4EF}\{43F0A0D9-E38D-4871-8E9E-1E994337AC4E}.xpi [2014-10-24]
FF HKCU\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension\2.0b12
FF Extension: ThinkVantage Password Manager - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension\2.0b12 [2012-09-11]
FF Extension: No Name - C:\Windows\Installer\{FB9D7926-AF11-4E2A-91CA-DD7B68F3421D}\{FAD80C28-509D-48E1-B3C1-5B7F0B376134}.xpi [Not Found]
Chrome:
=======
CHR Profile: C:\Users\***\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (Google Wallet) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-21]
CHR Extension: (Download Protect) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcdpgkioehladgbdgommafdmjpimbfeo [2014-10-24]
==================== Services (All) ========================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [134208 2011-10-20] (Lenovo)
R2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [269376 2011-10-20] (Lenovo)
R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640 2013-05-11] (Adobe Systems Incorporated)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [267440 2014-10-17] (Adobe Systems Incorporated)
R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [62464 2009-07-14] (Microsoft Corporation)
S3 ALG; C:\Windows\System32\alg.exe [59392 2009-07-14] (Microsoft Corporation)
R2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [509448 2012-03-15] (Intel Corporation)
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [27648 2009-07-14] (Microsoft Corporation)
R3 Appinfo; C:\Windows\System32\appinfo.dll [47104 2013-02-27] (Microsoft Corporation)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336 2014-06-12] (Apple Inc.)
S3 AppMgmt; C:\Windows\System32\appmgmts.dll [149504 2009-07-14] (Microsoft Corporation)
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [46688 2013-09-11] (Microsoft Corporation)
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [473600 2010-11-20] (Microsoft Corporation)
R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [473600 2010-11-20] (Microsoft Corporation)
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [88064 2010-11-20] (Microsoft Corporation)
S3 BDESVC; C:\Windows\System32\bdesvc.dll [76800 2009-07-14] (Microsoft Corporation)
R2 BFE; C:\Windows\System32\bfe.dll [494592 2010-11-20] (Microsoft Corporation)
S3 BITS; C:\Windows\system32\qmgr.dll [585728 2010-11-20] (Microsoft Corporation)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [390504 2011-08-31] (Apple Inc.)
R3 Browser; C:\Windows\System32\browser.dll [102912 2012-07-04] (Microsoft Corporation)
S3 bthserv; C:\Windows\system32\bthserv.dll [64512 2009-07-14] (Microsoft Corporation)
R2 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [104208 2012-04-23] (Intel(R) Corporation)
R2 btwdins; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [628000 2011-06-13] (Broadcom Corporation.)
R2 CertPropSvc; C:\Windows\System32\certprop.dll [67584 2010-11-20] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [67224 2014-03-21] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [105144 2013-09-11] (Microsoft Corporation)
S3 COMSysApp; C:\Windows\system32\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [140288 2013-07-09] (Microsoft Corporation)
R2 CscService; C:\Windows\System32\cscsvc.dll [546304 2010-11-20] (Microsoft Corporation)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528624 2009-11-17] (Cisco Systems, Inc.)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [376832 2010-11-20] (Microsoft Corporation)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [218624 2009-07-14] (Microsoft Corporation)
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [254464 2010-11-20] (Microsoft Corporation)
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [132608 2011-03-03] (Microsoft Corporation)
S3 dot3svc; C:\Windows\System32\dot3svc.dll [214016 2010-11-20] (Microsoft Corporation)
R2 DozeSvc; C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE [132456 2010-02-04] (Lenovo.)
R2 DPS; C:\Windows\system32\dps.dll [144384 2010-11-20] (Microsoft Corporation)
R3 EapHost; C:\Windows\System32\eapsvc.dll [98304 2009-07-14] (Microsoft Corporation)
R2 EFS; C:\Windows\System32\lsass.exe [22528 2014-04-12] (Microsoft Corporation)
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [556544 2010-11-20] (Microsoft Corporation)
S3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2009-07-14] (Microsoft Corporation)
R2 eventlog; C:\Windows\System32\wevtsvc.dll [1086976 2010-11-20] (Microsoft Corporation)
R2 EventSystem; C:\Windows\system32\es.dll [271360 2009-07-14] (Microsoft Corporation)
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [500016 2012-06-25] (Intel(R) Corporation)
R2 fdPHost; C:\Windows\system32\fdPHost.dll [12800 2009-07-14] (Microsoft Corporation)
R2 FDResPub; C:\Windows\system32\fdrespub.dll [28160 2009-07-14] (Microsoft Corporation)
R2 FontCache; C:\Windows\system32\FntCache.dll [906240 2013-01-13] (Microsoft Corporation)
U2 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [42856 2009-06-10] (Microsoft Corporation)
S3 fsssvc; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [1492840 2011-05-13] (Microsoft Corporation)
R2 gpsvc; C:\Windows\System32\gpsvc.dll [593408 2010-11-20] (Microsoft Corporation)
S2 gupdate; C:\Program Files\Google\Update\GoogleUpdate.exe [116648 2014-07-21] (Google Inc.)
S3 gupdatem; C:\Program Files\Google\Update\GoogleUpdate.exe [116648 2014-07-21] (Google Inc.)
S3 hidserv; C:\Windows\System32\hidserv.dll [49152 2009-07-14] (Microsoft Corporation)
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [71168 2010-11-20] (Microsoft Corporation)
R3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [194560 2010-11-20] (Microsoft Corporation)
R2 HomeGroupProvider; C:\Windows\system32\provsvc.dll [165376 2010-11-20] (Microsoft Corporation)
R2 HsfXAudioService; C:\Windows\system32\XAudio32.dll [410624 2009-04-29] (Conexant Systems, Inc.)
R2 IBMPMSVC; C:\Windows\system32\ibmpmsvc.exe [56664 2014-02-27] (Lenovo.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 idsvc; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [879248 2014-07-01] (Microsoft Corporation)
R2 IKEEXT; C:\Windows\System32\ikeext.dll [679424 2013-10-12] (Microsoft Corporation)
S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [78848 2009-07-14] (Microsoft Corporation)
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [499712 2012-10-03] (Microsoft Corporation)
R3 KeyIso; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation)
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [308736 2009-07-14] (Microsoft Corporation)
R2 LanmanServer; C:\Windows\System32\srvsvc.dll [168960 2010-11-20] (Microsoft Corporation)
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [84480 2010-11-20] (Microsoft Corporation)
R2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [50536 2010-07-27] (Lenovo Group Limited)
R2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45496 2010-04-07] (Lenovo Group Limited)
R2 LENOVO.TPKNRSVC; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [74088 2010-07-27] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [189952 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [18432 2009-07-14] (Microsoft Corporation)
R2 LMS; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656 2010-05-03] (Intel Corporation)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [38400 2009-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [68096 2010-11-20] (Microsoft Corporation)
S2 MMCSS; C:\Windows\system32\mmcss.dll [49664 2009-07-14] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [119408 2014-05-07] (Mozilla Foundation)
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [566272 2010-11-20] (Microsoft Corporation)
S3 MSDTC; C:\Windows\System32\msdtc.exe [134144 2009-07-14] (Microsoft Corporation)
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [114688 2009-07-14] (Microsoft Corporation)
R3 msiserver; C:\Windows\System32\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 napagent; C:\Windows\system32\qagentRT.dll [330240 2010-11-20] (Microsoft Corporation)
S4 Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208 2010-03-17] (Nero AG)
S3 Netlogon; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation)
R3 Netman; C:\Windows\System32\netman.dll [280576 2009-07-14] (Microsoft Corporation)
S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
R2 netprofm; C:\Windows\System32\netprofm.dll [360448 2009-07-14] (Microsoft Corporation)
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [242176 2012-10-03] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\nsisvc.dll [19456 2009-07-14] (Microsoft Corporation)
S3 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation)
S3 osppsvc; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4640000 2010-01-09] (Microsoft Corporation)
R2 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation)
R3 p2psvc; C:\Windows\system32\p2psvc.dll [327680 2009-07-14] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PcaSvc; C:\Windows\System32\pcasvc.dll [154624 2009-07-14] (Microsoft Corporation)
S3 PeerDistSvc; C:\Windows\system32\peerdistsvc.dll [1004544 2009-07-14] (Microsoft Corporation)
S3 pla; C:\Windows\system32\pla.dll [1508864 2010-11-20] (Microsoft Corporation)
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [293376 2011-05-24] (Microsoft Corporation)
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [20480 2009-07-14] (Microsoft Corporation)
R2 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation)
R3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [350208 2010-11-20] (Microsoft Corporation)
R2 Power; C:\Windows\system32\umpo.dll [119808 2010-11-20] (Microsoft Corporation)
S3 Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [1662560 2012-05-16] (Lenovo)
R2 ProfSvc; C:\Windows\system32\profsvc.dll [164352 2012-05-01] (Microsoft Corporation)
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation)
S3 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1665120 2012-05-16] (Lenovo Group Limited)
S3 QWAVE; C:\Windows\system32\qwave.dll [210944 2009-07-14] (Microsoft Corporation)
S3 RasAuto; C:\Windows\System32\rasauto.dll [90624 2009-07-14] (Microsoft Corporation)
R3 RasMan; C:\Windows\System32\rasmans.dll [286208 2010-11-20] (Microsoft Corporation)
S2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [108336 2012-06-25] (Intel(R) Corporation)
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [75264 2009-07-14] (Microsoft Corporation)
S4 RemoteRegistry; C:\Windows\system32\regsvc.dll [112640 2009-07-14] (Microsoft Corporation)
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [43520 2009-07-14] (Microsoft Corporation)
S3 RpcLocator; C:\Windows\system32\locator.exe [9216 2009-07-14] (Microsoft Corporation)
R2 RpcSs; C:\Windows\System32\rpcss.dll [376832 2010-11-20] (Microsoft Corporation)
R2 SamSs; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation)
R2 SCardSvr; C:\Windows\System32\SCardSvr.dll [132608 2009-07-14] (Microsoft Corporation)
R2 Schedule; C:\Windows\system32\schedsvc.dll [750592 2010-11-20] (Microsoft Corporation)
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [67584 2010-11-20] (Microsoft Corporation)
R2 ScrybeUpdater; C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.)
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [125952 2010-11-20] (Microsoft Corporation)
R2 SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [249136 2010-09-22] (Microsoft Corporation)
R2 seclogon; C:\Windows\system32\seclogon.dll [21504 2009-07-14] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 SENS; C:\Windows\system32\sens.dll [49664 2009-07-14] (Microsoft Corporation)
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [25088 2009-07-14] (Microsoft Corporation)
S3 SessionEnv; C:\Windows\system32\sessenv.dll [113664 2010-11-20] (Microsoft Corporation)
S2 SharedAccess; C:\Windows\System32\ipnathlp.dll [300544 2009-07-14] (Microsoft Corporation)
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation)
S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2009-07-14] (Microsoft Corporation)
R2 Spooler; C:\Windows\System32\spoolsv.exe [317440 2012-02-11] (Microsoft Corporation)
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3179520 2010-11-20] (Microsoft Corporation)
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [53760 2010-11-20] (Microsoft Corporation)
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [162816 2009-07-14] (Microsoft Corporation)
R3 SstpSvc; C:\Windows\system32\sstpsvc.dll [90112 2009-07-14] (Microsoft Corporation)
R2 StiSvc; C:\Windows\System32\wiaservc.dll [463360 2010-11-20] (Microsoft Corporation)
S3 StorSvc; C:\Windows\system32\storsvc.dll [16384 2009-07-14] (Microsoft Corporation)
S3 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
S3 swprv; C:\Windows\System32\swprv.dll [313856 2009-07-14] (Microsoft Corporation)
R2 SysMain; C:\Windows\system32\sysmain.dll [1159168 2010-11-20] (Microsoft Corporation)
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [73216 2010-11-20] (Microsoft Corporation)
R3 TapiSrv; C:\Windows\System32\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation)
R3 TBS; C:\Windows\System32\tbssvc.dll [55808 2009-07-14] (Microsoft Corporation)
S3 TermService; C:\Windows\System32\termsrv.dll [523264 2014-07-17] (Microsoft Corporation)
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-07-14] (Microsoft Corporation)
R2 ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1033528 2011-06-10] (Lenovo Group Limited)
S3 THREADORDER; C:\Windows\system32\mmcss.dll [49664 2009-07-14] (Microsoft Corporation)
S3 TPHDEXLGSVC; C:\Windows\System32\TPHDEXLG.exe [41800 2011-12-28] (Lenovo.)
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [131432 2011-07-12] (Lenovo Group Limited)
R2 TPHKSVC; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [63928 2010-04-07] (Lenovo Group Limited)
R2 TrkWks; C:\Windows\System32\trkwks.dll [77312 2009-07-14] (Microsoft Corporation)
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [204800 2010-11-20] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1773368 2014-03-20] (TuneUp Software)
S3 TurboBoost; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [99768 2009-09-29] (Intel(R) Corporation)
S3 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-06] (Lenovo Group Limited)
R2 ucsvc32; C:\Windows\system32\vaultsvd.exe [65024 2012-09-15] () [File not signed]
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [35840 2009-07-14] (Microsoft Corporation)
S3 UmRdpService; C:\Windows\System32\umrdp.dll [171008 2010-11-20] (Microsoft Corporation)
R2 UNS; C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2533400 2010-05-03] (Intel Corporation)
R3 upnphost; C:\Windows\System32\upnphost.dll [266752 2009-07-14] (Microsoft Corporation)
R2 UsbService; C:\Program Files\ASUS\Printer Utilities\UsbService.exe [217088 2010-08-10] () [File not signed]
R2 UxSms; C:\Windows\System32\uxsms.dll [29696 2009-07-14] (Microsoft Corporation)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [36152 2014-03-20] (TuneUp Software)
R3 VaultSvc; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation)
S3 vds; C:\Windows\System32\vds.exe [453632 2010-11-20] (Microsoft Corporation)
S3 VSS; C:\Windows\system32\vssvc.exe [1025536 2010-11-20] (Microsoft Corporation)
S3 W32Time; C:\Windows\system32\w32time.dll [288768 2009-07-14] (Microsoft Corporation)
S3 wbengine; C:\Windows\system32\wbengine.exe [1203200 2010-11-20] (Microsoft Corporation)
S2 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [151552 2009-07-14] (Microsoft Corporation)
R3 wcncsvc; C:\Windows\System32\wcncsvc.dll [276992 2010-11-20] (Microsoft Corporation)
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [32768 2009-07-14] (Microsoft Corporation)
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [76288 2009-07-14] (Microsoft Corporation)
R3 WdiSystemHost; C:\Windows\system32\wdi.dll [76288 2009-07-14] (Microsoft Corporation)
S3 WebClient; C:\Windows\System32\webclnt.dll [205824 2013-07-04] (Microsoft Corporation)
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [147968 2009-07-14] (Microsoft Corporation)
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [61440 2009-07-14] (Microsoft Corporation)
R3 WerSvc; C:\Windows\System32\WerSvc.dll [65024 2009-07-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [351232 2010-11-20] (Microsoft Corporation)
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [168960 2009-07-14] (Microsoft Corporation)
S3 WinRM; C:\Windows\system32\WsmSvc.dll [1175040 2010-11-20] (Microsoft Corporation)
R2 Wlansvc; C:\Windows\System32\wlansvc.dll [829440 2009-07-14] (Microsoft Corporation)
S4 wlcrasvc; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [51040 2010-09-22] (Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [1713536 2011-03-28] (Microsoft Corp.)
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [136192 2009-07-14] (Microsoft Corporation)
R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1121792 2010-11-20] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-14] (Microsoft Corporation)
R3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [85504 2010-11-20] (Microsoft Corporation)
R2 wscsvc; C:\Windows\system32\wscsvc.dll [73728 2009-07-14] (Microsoft Corporation)
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation)
R2 wuauserv; C:\Windows\system32\wuaueng.dll [1973728 2014-05-14] (Microsoft Corporation)
R3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [73216 2012-07-26] (Microsoft Corporation)
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [185344 2014-01-28] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2759984 2012-06-25] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [143360 2012-03-15] (Windows (R) Win 7 DDK provider)
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [143360 2012-03-15] (Windows (R) Win 7 DDK provider)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2009-11-17] (Cisco Systems, Inc.) [File not signed]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKsl9226f998; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A4515B26-AE96-44DE-B926-C45271DC0462}\MpKsl9226f998.sys [39464 2014-10-24] (Microsoft Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\Netwsn00.sys [10364416 2012-06-03] (Intel Corporation)
S3 PcaSp60; C:\Windows\System32\DRIVERS\PcaSp60.sys [28672 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [816792 2010-11-19] () [File not signed]
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
S3 s117bus; C:\Windows\System32\DRIVERS\s117bus.sys [82984 2007-06-25] (MCCI Corporation)
S3 s117mdfl; C:\Windows\System32\DRIVERS\s117mdfl.sys [14888 2007-06-25] (MCCI Corporation)
S3 s117mdm; C:\Windows\System32\DRIVERS\s117mdm.sys [108456 2007-06-25] (MCCI Corporation)
S3 s117mgmt; C:\Windows\System32\DRIVERS\s117mgmt.sys [100264 2007-06-25] (MCCI Corporation)
S3 s117nd5; C:\Windows\System32\DRIVERS\s117nd5.sys [22952 2007-06-25] (MCCI Corporation)
S3 s117obex; C:\Windows\System32\DRIVERS\s117obex.sys [98344 2007-06-25] (MCCI Corporation)
S3 s117unic; C:\Windows\System32\DRIVERS\s117unic.sys [98856 2007-06-25] (MCCI Corporation)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [57856 2010-01-07] (SCM Microsystems Inc.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [23608 2012-07-05] (Synaptics Incorporated)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-02-10] (TuneUp Software)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13752 2009-09-29] ()
R3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [66432 2007-12-17] ()
S2 ASPI32; No ImagePath
S3 catchme; \??\C:\Users\***\AppData\Local\Temp\catchme.sys [X]
S2 smihlp2; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-24 10:53 - 2014-10-24 10:54 - 00039207 _____ () C:\Users\***\Desktop\FRST.txt
2014-10-24 10:53 - 2014-10-24 10:53 - 00000000 ____D () C:\Users\***\Desktop\FRST-OlderVersion
2014-10-24 10:40 - 2014-10-24 10:40 - 00001278 _____ () C:\Users\***\Desktop\JRT.txt
2014-10-24 10:37 - 2014-10-24 10:37 - 01706144 _____ (Thisisu) C:\Users\***\Desktop\JRT.exe
2014-10-24 10:35 - 2014-10-24 10:35 - 00015347 _____ () C:\Users\***\Desktop\AdwCleaner[S0].txt
2014-10-24 10:34 - 2014-10-24 10:34 - 00000000 ____D () C:\Program Files\{7DECEFE7-CCA6-44C7-9381-C9E5F5508508}
2014-10-24 10:25 - 2014-10-24 10:25 - 00109979 _____ () C:\Users\***\Desktop\mbam.txt
2014-10-24 10:12 - 2014-10-24 10:13 - 01962496 _____ () C:\Users\***\Desktop\AdwCleaner_4.001.exe
2014-10-24 10:07 - 2014-10-24 10:07 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-24 09:19 - 2014-10-24 09:28 - 971019204 _____ () C:\Users\***\Downloads\DaddysWorkplacePart4_scene1_720p_3800.mp4
2014-10-24 08:48 - 2014-10-24 08:48 - 00001075 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-24 08:48 - 2014-10-24 08:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-24 08:48 - 2014-10-24 08:48 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-10-24 08:48 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-24 08:48 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-24 08:48 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-24 08:36 - 2014-10-24 08:37 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-22 17:27 - 2014-10-22 17:27 - 00026094 _____ () C:\ComboFix.txt
2014-10-22 17:15 - 2014-10-22 17:27 - 00000000 ____D () C:\Qoobox
2014-10-22 17:15 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-22 17:15 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-22 17:15 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-22 17:15 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-22 17:15 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-22 17:15 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-22 17:15 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-22 17:15 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-22 15:41 - 2014-10-22 15:42 - 05584933 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2014-10-22 15:34 - 2014-10-22 15:34 - 00001237 _____ () C:\Users\***\Desktop\Revo Uninstaller.lnk
2014-10-22 15:34 - 2014-10-22 15:34 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-10-22 14:27 - 2014-10-22 14:27 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\***\Downloads\revosetup95.exe
2014-10-20 20:11 - 2014-10-20 20:30 - 00043137 _____ () C:\Users\***\Downloads\Addition.txt
2014-10-20 20:09 - 2014-10-24 10:53 - 01103360 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2014-10-20 20:09 - 2014-10-24 10:53 - 00000000 ____D () C:\FRST
2014-10-20 20:09 - 2014-10-20 20:30 - 00041286 _____ () C:\Users\***\Downloads\FRST.txt
2014-10-19 18:31 - 2014-10-19 18:39 - 661097468 _____ () C:\Users\***\Downloads\ScoutsPart2_scene1_720p_3800.mp4
2014-10-16 16:28 - 2014-10-10 03:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 16:28 - 2014-10-10 03:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 16:28 - 2014-10-10 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 16:28 - 2014-09-29 02:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 16:28 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 16:28 - 2014-07-17 03:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 16:28 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 16:28 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 16:28 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 16:28 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 16:28 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 16:28 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 16:27 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 16:27 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 16:27 - 2014-09-05 03:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 16:27 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 16:27 - 2014-08-29 03:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 16:27 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 16:27 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 16:27 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 16:26 - 2014-09-20 05:58 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 16:26 - 2014-09-20 05:57 - 14368768 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 13757952 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 01762816 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 16:26 - 2014-09-20 05:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 16:26 - 2014-09-20 05:56 - 01440768 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 16:26 - 2014-09-20 05:56 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 16:26 - 2014-09-20 05:56 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 16:26 - 2014-09-20 05:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 16:26 - 2014-09-20 04:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-15 18:50 - 2014-10-15 18:59 - 783669891 _____ () C:\Users\***\Downloads\DaddysWorkplacePart3_scene1_720p_3800.mp4
2014-10-12 19:35 - 2014-10-12 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-10-12 19:35 - 2014-10-12 19:35 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-10-12 11:54 - 2014-10-24 10:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-12 11:54 - 2014-10-17 08:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-12 11:54 - 2014-10-17 08:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-12 11:54 - 2014-10-12 19:35 - 00002023 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-10-12 11:54 - 2014-10-12 19:35 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-10-09 18:44 - 2014-10-09 18:44 - 00000396 _____ () C:\MyUpdateLogs.log
2014-10-08 18:57 - 2014-10-08 18:57 - 00000000 ____D () C:\Users\***\AppData\Local\FreeOCR
2014-10-08 18:02 - 2014-10-08 19:00 - 00000000 ____D () C:\FreeOCR
2014-10-08 18:02 - 2014-10-08 18:02 - 00000601 _____ () C:\Users\***\Desktop\FreeOCR.lnk
2014-10-08 18:02 - 2014-10-08 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeOCR
2014-10-08 18:02 - 2007-03-10 10:11 - 02680320 _____ (HiComponents) C:\Windows\system32\ImageEnXLibrary.ocx
2014-10-08 18:00 - 2014-10-08 18:00 - 00000000 ____D () C:\Program Files\Temp
2014-10-08 17:59 - 2014-10-08 17:59 - 00414625 _____ ( ) C:\Users\***\Downloads\FreeOCR-5.02.exe
2014-10-08 15:41 - 2014-10-08 15:45 - 823568304 _____ () C:\Users\***\Downloads\DaddysWorkplacePart2_scene1_720p_3800.mp4
2014-10-07 15:07 - 2014-10-07 15:12 - 668087110 _____ () C:\Users\***\Downloads\Payback_scene1_720p_3800.mp4
2014-10-06 18:22 - 2014-10-06 18:22 - 00333824 _____ () C:\Users\***\Downloads\down70516862.ppt
2014-10-06 16:02 - 2014-10-06 16:02 - 02371584 _____ () C:\Users\***\Downloads\blicke_1204reha_ss_11 (1).ppt
2014-10-06 16:02 - 2014-10-06 16:02 - 00649216 _____ () C:\Users\***\Downloads\FR_09_Schmerzmanagement_Abeln.ppt
2014-10-06 15:52 - 2014-10-06 15:52 - 01895936 _____ () C:\Users\***\Downloads\Schmerz2.ppt
2014-10-06 15:52 - 2014-10-06 15:52 - 01570304 _____ () C:\Users\***\Downloads\Kapitel_XIV_Ruecken_u__Psyche_Stand_7-2013.ppt
2014-10-06 15:48 - 2014-10-06 15:48 - 00230400 _____ () C:\Users\***\Downloads\Texte_Vortraege_Schmerz_Humbel.ppt
2014-10-06 15:45 - 2014-10-06 15:45 - 02413056 _____ () C:\Users\***\Downloads\Multimodale_Schmerztherapie_2013.ppt
2014-10-05 19:32 - 2014-10-05 19:41 - 423655048 _____ () C:\Users\***\Downloads\HardRelation_scene1_480p_2000.mp4
2014-10-05 19:14 - 2014-10-05 19:27 - 746331267 _____ () C:\Users\***\Downloads\TheBusinessOfSexPart4_scene1_720p_3800.mp4
2014-10-01 23:00 - 2014-10-01 23:00 - 04753680 _____ () C:\Users\***\Desktop\Schmerzpsychotherapie.pptx
2014-10-01 18:37 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-26 21:06 - 2014-09-26 21:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-25 10:50 - 2014-09-25 10:59 - 178704112 _____ () C:\Users\***\Downloads\bs_14-2CD-2014.rar
2014-09-25 10:46 - 2014-09-25 11:44 - 178704110 _____ () C:\Users\***\Downloads\VA-Bundesvision_Songcontest_2014-2CD-DE-2014-VOiCE.rar
2014-09-25 10:45 - 2014-09-25 10:45 - 00000222 _____ () C:\Users\***\Downloads\124da0b5-03e2-4626-b070-91e9cbc3fe3b (3).htm
2014-09-25 10:43 - 2014-09-25 10:43 - 00000222 _____ () C:\Users\***\Downloads\124da0b5-03e2-4626-b070-91e9cbc3fe3b.htm
2014-09-25 10:43 - 2014-09-25 10:43 - 00000222 _____ () C:\Users\***\Downloads\124da0b5-03e2-4626-b070-91e9cbc3fe3b (2).htm
2014-09-25 10:43 - 2014-09-25 10:43 - 00000222 _____ () C:\Users\***\Downloads\124da0b5-03e2-4626-b070-91e9cbc3fe3b (1).htm
2014-09-25 10:31 - 2014-09-25 10:42 - 49324156 _____ () C:\Users\***\Downloads\V-BUVISOCO.rar.crdownload
2014-09-24 05:43 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-24 10:52 - 2011-06-05 15:43 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-10-24 10:50 - 2014-06-12 21:10 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-24 10:41 - 2009-07-14 06:34 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-24 10:41 - 2009-07-14 06:34 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-24 10:40 - 2009-07-21 07:30 - 00393244 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-24 10:39 - 2011-01-30 19:59 - 00000000 ____D () C:\Program Files\Shareaza Applications
2014-10-24 10:39 - 2010-11-19 04:22 - 01345029 _____ () C:\Windows\WindowsUpdate.log
2014-10-24 10:38 - 2013-06-15 10:24 - 00000000 ____D () C:\Windows\ERUNT
2014-10-24 10:35 - 2014-03-25 23:54 - 00000728 __RSH () C:\ProgramData\ntuser.pol
2014-10-24 10:35 - 2010-12-05 23:30 - 00000000 ___RD () C:\Users\***\Documents\My Dropbox
2014-10-24 10:35 - 2010-12-05 23:29 - 00000000 ____D () C:\Users\***\AppData\Roaming\Dropbox
2014-10-24 10:33 - 2014-06-12 21:10 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-24 10:32 - 2014-04-18 14:50 - 00473198 _____ () C:\Windows\PFRO.log
2014-10-24 10:32 - 2014-04-09 15:47 - 00017872 _____ () C:\Windows\setupact.log
2014-10-24 10:32 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-24 10:31 - 2013-08-21 13:40 - 00000000 ____D () C:\AdwCleaner
2014-10-24 10:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Web
2014-10-24 10:07 - 2010-12-06 10:29 - 00000000 ____D () C:\Users\***\AppData\Roaming\Skype
2014-10-22 17:26 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-10-17 12:18 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-17 12:00 - 2011-06-05 15:43 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-10-17 12:00 - 2009-07-14 06:33 - 00444248 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 11:57 - 2014-04-30 18:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 07:54 - 2010-11-19 23:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-17 07:51 - 2013-08-23 15:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 07:34 - 2010-11-20 09:07 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 15:27 - 2014-06-11 18:23 - 00000000 ____D () C:\Program Files\Opera
2014-10-15 15:19 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-12 11:48 - 2010-11-20 23:04 - 00000000 ____D () C:\Users\***\AppData\Local\Adobe
2014-09-29 15:10 - 2013-09-30 16:21 - 00000035 _____ () C:\Windows\Ulead32.INI
2014-09-25 12:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-25 08:35 - 2011-03-09 00:26 - 00000000 ____D () C:\Windows\Minidump
2014-09-24 23:05 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-24 23:03 - 2010-12-06 19:21 - 00000000 ___SD () C:\Users\***\Documents\Briefe
Some content of TEMP:
====================
C:\Users\***\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptanzio.dll
C:\Users\***\AppData\Local\temp\Quarantine.exe
C:\Users\***\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-16 17:12
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-10-2014
Ran by *** at 2014-10-24 10:54:33
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.01 - Lenovo)
Adobe Acrobat 6.0 Professional - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000001}) (Version: 006.000.000 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - )
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.61.00 - )
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS RT-N65U Wireless Router Utilities (HKLM\...\{279C8532-7E37-4C11-A98B-5EF492034CB6}) (Version: 4.2.5.9 - ASUS)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Burn.Now 4.5 (Version: 4.5.0 - Corel Corporation) Hidden
calibre (HKLM\...\{A66F2101-9BFC-4FB6-9277-7F59EF88BCC2}) (Version: 1.38.0 - Kovid Goyal)
Cisco Systems VPN Client 5.0.06.0160 (HKLM\...\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}) (Version: 5.0.6 - Cisco Systems, Inc.)
Client Security - Password Manager (HKLM\...\{18554B3F-46EA-40A9-B4EA-7EEE83C0559D}) (Version: 8.30.0049.00 - Lenovo Group Limited)
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.48.50 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Create Recovery Media (HKLM\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dienstprogramm "ThinkPad UltraNav" (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Disable AMT Profile Synchronization Pop-up for Windows Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
Energie-Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.32 - )
Eraser 6.0.10.2620 (HKLM\...\{A45C5EC7-F13E-4414-99BE-47373935C0FE}) (Version: 6.0.2620 - The Eraser Project)
Evernote v. 5.4 (HKLM\...\{59071464-DAEE-11E3-9080-00163E98E7D0}) (Version: 5.4.0.3698 - Evernote Corp.)
FreeOCR v5.0 (HKLM\...\freeocr_is1) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GPL Ghostscript 9.00 (HKLM\...\GPL Ghostscript 9.00) (Version: - )
IBM SPSS Smartreader 19 (HKLM\...\{EF0D5825-2FDE-4F02-9B92-A4DB1D7599C8}) (Version: 19.0.0 - IBM)
Integrated Camera Driver Installer Package Ver.1.1.0.48 (HKLM\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.1.0.48 - RICOH)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2622 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
JavaFX 2.1.0 (HKLM\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo Warranty Information (HKLM\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0004.00 - Lenovo)
Lenovo Welcome (HKLM\...\Lenovo Welcome_is1) (Version: 2.0.020.0 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mediencenter 3.8.9799.6 (HKCU\...\Mediencenter) (Version: 3.8.9799.6 - Deutsche Telekom AG)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Metric Collection SDK (Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Reader (HKLM\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version: - )
Microsoft Research AutoCollage Touch 2009 (HKLM\...\{1F8DA253-3C27-4B01-A63A-BA3533120833}) (Version: 2.00.2009 - Microsoft Research)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MP3-Cutter (HKLM\...\MP3-Cutter) (Version: - )
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Nero 9 Essentials (HKLM\...\{fa2dd0a9-2170-4b78-b577-f2f4d9375055}) (Version: - Nero AG)
Nero BurnRights (Version: 3.4.13.100 - Nero AG) Hidden
Nero BurnRights Help (Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (Version: 4.4.4.100 - Nero AG) Hidden
Nero InfoTool (Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (Version: 9.4.38.100 - Nero AG) Hidden
Nero StartSmart Help (Version: 9.4.38.100 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
OLYMPUS Digital Camera Updater (HKLM\...\{A68C62E8-B243-4777-89BB-12173DFA1D45}) (Version: 1.0.1 - OLYMPUS IMAGING CORP.)
Opera Stable 23.0.1522.77 (HKLM\...\Opera 23.0.1522.77) (Version: 23.0.1522.77 - Opera Software ASA)
Opera Stable 25.0.1614.50 (HKLM\...\Opera 25.0.1614.50) (Version: 25.0.1614.50 - Opera Software ASA)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RICOH R5U230 Media Driver ver.2.06.02.02 (HKLM\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.02.02 - RICOH)
RUBICon (HKLM\...\{438134D3-0BD4-4C52-8575-5B2B63AD01C2}) (Version: 2.0.25 - RUB)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
ScanWizard 5 (HKLM\...\{B08D262E-D902-11D5-9C28-0080C85A0C2D}) (Version: - )
Secunia PSI (3.0.0.7011) (HKLM\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (HKLM\...\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}) (Version: 1.6.5.17120 - Synaptics Inc.)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3200 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage Access Connections (HKLM\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.85 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 1.42 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.5 - Lenovo)
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.275 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 10.0.4600.4 - TuneUp Software) Hidden
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.3 - Intel)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\B7541EC5F72AA713F557569278EB6273725F5607) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (HKLM\...\755087041320E005CB1E8A67C5C55A260EB81B90) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Phone app for desktop (HKLM\...\{19773614-FC22-4ACC-AAA3-E6BDA81ACF92}) (Version: 1.1.2726.0 - Microsoft Corporation)
Windows-Treiberpaket - Intel (e1kexpress) Net (12/10/2009 11.5.10.0) (HKLM\...\5C7A2989588CD51E7DBF313D9E4B7DB4F66AE192) (Version: 12/10/2009 11.5.10.0 - Intel)
Windows-Treiberpaket - Intel (HECI) System (09/17/2009 6.0.0.1179) (HKLM\...\30A4777E896192B8D398199AE1AB235B69BAB26D) (Version: 09/17/2009 6.0.0.1179 - Intel)
Windows-Treiberpaket - Intel System (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows-Treiberpaket - Intel System (10/28/2009 9.1.1.1022) (HKLM\...\098EBB26BF07167AB12D1575EC24F883F9435E59) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows-Treiberpaket - Intel System (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows-Treiberpaket - Intel USB (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows-Treiberpaket - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\E77704EF5E71F4F18CADFBFA68595AFE036D5D97) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows-Treiberpaket - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07) (HKLM\...\FD5ED5E16405CDAA5385DE461B9E5379F91ACCCF) (Version: 10/26/2009 6.10.02.07 - Ricoh Company)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\***\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017319.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\***\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\***\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\***\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
05-10-2014 18:52:57 Windows Update
09-10-2014 14:14:23 Windows Update
13-10-2014 14:10:09 Windows Update
16-10-2014 14:31:59 Windows Update
17-10-2014 05:29:10 Windows Update
21-10-2014 14:12:22 Windows Update
22-10-2014 13:36:41 Revo Uninstaller's restore point - Update for Zip Opener
22-10-2014 13:38:59 Revo Uninstaller's restore point - Update for Zip Opener
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2014-10-22 17:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {11BFD002-5FCA-46D7-99CA-18A467A48F38} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {130E4D4F-0BD8-4E7D-8B04-800948F15256} - System32\Tasks\Opera scheduled Autoupdate 1402503819 => C:\Program Files\Opera\launcher.exe [2014-10-15] (Opera Software)
Task: {13C99129-D58F-49E1-99F9-1C0DCD48B19F} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {382BCE53-3859-4CA7-9118-7D0004974434} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-21] (Google Inc.)
Task: {4B3B6F17-67BC-449F-A02B-339C6E7CEEE2} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {6C26C17B-8034-430E-AC63-BB219FCC7542} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
Task: {6C830667-035D-4E6B-AE67-F0C5060B94F0} - System32\Tasks\Google Updater and Installer => C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {6D687FBC-4CD2-44E3-A378-9EC04F756E46} - System32\Tasks\JavaUpdateSched => C:\Windows\System32\jusched.exe
Task: {7D4A2B13-39AC-4795-9979-EA52E300BFD1} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files\Common Files\lenovo\SUP\sup_wermonitor_shim.exe [2014-09-01] ()
Task: {83905B62-68C4-4219-ACFD-F8AA00DE5CE1} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {96212594-E16D-462A-B7E8-2AEE724C769B} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {A08B1692-2261-4B53-8C5F-6279124677FB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-17] (Adobe Systems Incorporated)
Task: {B216C86A-81DA-43DB-B488-769BD1E0BAB0} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe
Task: {B9137AE2-F73D-4B6C-B931-8A2D9CD8FD9A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-21] (Google Inc.)
Task: {BB98A262-CF96-46EF-982D-77B6A6EA3D11} - System32\Tasks\{5242E32B-A714-49F4-AD46-3C3D63060455} => C:\Program Files\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {C5C370D0-07A6-45D4-A86D-A1E9A29A59F8} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {C6932140-D1C0-4FA2-8C6B-7CFCEE01EF21} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {CE82BD9A-B1C2-44CA-93AC-BD318095C569} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {D369F111-A4A5-4D2F-83B3-DB9D615F375D} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11] (Adobe Systems Incorporated)
Task: {EB252E21-311D-4A0E-A926-C4EADB1D0701} - System32\Tasks\Message Center plus => C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
Task: {F171393A-6636-42F6-B6CC-789543151769} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2014-03-20] (TuneUp Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
==================== Loaded Modules (whitelisted) =============
2003-05-15 03:15 - 2003-05-15 03:15 - 00753664 _____ () C:\Program Files\Adobe\Acrobat 6.0\Distillr\AdistRes.DEU
2006-12-09 04:54 - 2006-12-09 04:54 - 00022723 _____ () C:\Windows\System32\sugg1l3.dll
2011-10-20 11:12 - 2011-10-20 11:12 - 00086016 _____ () C:\Program Files\Lenovo\Access Connections\AcWrpc.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-11-17 13:08 - 2009-11-17 13:08 - 00197424 _____ () C:\Windows\system32\vpnapi.dll
2012-12-07 19:27 - 2012-12-07 19:27 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2014-03-20 14:44 - 2014-03-20 14:44 - 00568120 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2012-09-15 19:43 - 2012-09-15 19:43 - 00065024 _____ () C:\Windows\system32\vaultsvd.exe
2014-05-25 10:37 - 2010-08-10 15:37 - 00217088 ____R () C:\Program Files\ASUS\Printer Utilities\UsbService.exe
2014-10-17 08:13 - 2014-10-17 08:13 - 00186368 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\53867c5c155da47b668e80eb4a84dc51\Kies.Common.DeviceServiceLib.Interface.ni.dll
2014-10-17 08:13 - 2014-10-17 08:13 - 14993920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\86c7c1b7ba431a48215c8d66dfc46df0\Kies.Theme.ni.dll
2014-10-17 08:12 - 2014-10-17 08:12 - 01865728 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\8b48969de0e0c596b6c888aa31171191\Kies.UI.ni.dll
2014-10-17 08:12 - 2014-10-17 08:12 - 00081920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\5fb0786b0ca407287c5872223009b608\Kies.MVVM.ni.dll
2014-10-17 08:13 - 2014-10-17 08:13 - 00236032 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\6815ff93472d008087880a6462931188\ASF_cSharpAPI.ni.dll
2014-10-24 10:35 - 2014-10-24 10:35 - 00043008 _____ () c:\users\***\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptanzio.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\***\AppData\Roaming\Dropbox\bin\libcef.dll
2010-11-19 04:18 - 2012-05-16 06:32 - 00094208 _____ () C:\Program Files\ThinkPad\Utilities\GR\PWMRT32V.DLL
2014-07-22 23:19 - 2014-10-24 10:06 - 00013312 _____ () C:\Program Files\Google\Chrome\Application\WTSAPI32.dll
2014-10-16 21:53 - 2014-10-10 04:03 - 01042760 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-16 21:53 - 2014-10-10 04:03 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.104\libegl.dll
2014-10-16 21:53 - 2014-10-10 04:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-16 21:53 - 2014-10-10 04:03 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2424265513-2494307364-3588977769-500 - Administrator - Disabled)
Gast (S-1-5-21-2424265513-2494307364-3588977769-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2424265513-2494307364-3588977769-1002 - Limited - Enabled)
*** (S-1-5-21-2424265513-2494307364-3588977769-1000 - Administrator - Enabled) => C:\Users\***
==================== Faulty Device Manager Devices =============
Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/24/2014 10:40:12 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
System errors:
=============
Error: (10/24/2014 10:52:32 AM) (Source: LPDSVC) (EventID: 4009) (User: )
Description: \\192.168.1.127\RT-N65U192.168.1.1
Microsoft Office Sessions:
=========================
Error: (10/24/2014 10:40:12 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 49%
Total physical RAM: 2995.67 MB
Available physical RAM: 1515.22 MB
Total Pagefile: 5989.63 MB
Available Pagefile: 4241.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.6 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:454.33 GB) (Free:67.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:3.67 GB) (Free:3.6 GB) FAT32
Drive q: (Lenovo_Recovery) (Fixed) (Total:10.25 GB) (Free:5.04 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: BD6B6839)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.3 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
das müssten jetzt alle gewesen sein. hab ich es richtig gemacht? |
|
24.10.2014, 18:14
| #9 |
| /// the machine /// TB-Ausbilder | Ständiger Absturz aller Internet Browser Perfekt  ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.10.2014, 22:26
| #10 |
| | Ständiger Absturz aller Internet BrowserCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1f844ade75266b4e8d5c82c860ec7a7d
# engine=20786
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-26 07:27:09
# local_time=2014-10-26 08:27:09 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 3969471 55664944 0 0
# scanned=408084
# found=30
# cleaned=0
# scan_time=12135
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\***\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe.vir"
sh=84D231BD285FB6E1BC20F82BC6261C1507675C17 ft=1 fh=a053084764085b12 vn="Variante von Win32/DealPly.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\***\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe.vir"
sh=6927CAE232857693FBB7F7EB7CFEA9E48D636897 ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Dokumente und Einstellungen\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahpfdkjdonpbcpdfhagllddhpakbikpe\2.2.6_0\dp.js"
sh=B9276CCB99D02DF2AB5E3B289230782ACE0901CE ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Dokumente und Einstellungen\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahpfdkjdonpbcpdfhagllddhpakbikpe\2.2.6_0\g.js"
sh=7028F239FAC673EE7DC7772ACC75D759EA73837D ft=1 fh=e769f095fe49f653 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7HZ02FY\spstub[1].exe"
sh=0A12774E4D19A9867069C8D3CD3E380D7CB2F59C ft=1 fh=c950eacd9b1cc265 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7HZ02FY\WajamChecker[1].exe"
sh=A01CAE4A9C48BEB8A490C3E88CB03F9B95C31671 ft=1 fh=5c1219a5576ddaa1 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YSHS94LY\sp-downloader[1].exe"
sh=7ABA4DC9BC22D9605675C22CEC12A0DB7EAF0937 ft=1 fh=e11cb87d8b8a9b76 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YSHS94LY\SPSetup[1].exe"
sh=29531FF34ED520FDEF40B88D1C27B77D4064C1B7 ft=1 fh=6f280fcdcbb1a73e vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z87GZ5A5\OrbiterInstaller[1].exe"
sh=116A53020B0D35E2D1E013AC81E61D9BE94512E5 ft=1 fh=fa3fc3ad5764cb4c vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\***\Desktop\Schreibtisch\20111215 Qimonda\QIMONDA\Documents\Homepage AE\Sicherung 10.05.2011\bilder\SoftonicDownloader91424.exe"
sh=116A53020B0D35E2D1E013AC81E61D9BE94512E5 ft=1 fh=fa3fc3ad5764cb4c vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\***\Desktop\Schreibtisch\20111215 Qimonda\QIMONDA\Documents\Homepage AE\socpsy_Grundversion\bilder\SoftonicDownloader91424.exe"
sh=116A53020B0D35E2D1E013AC81E61D9BE94512E5 ft=1 fh=fa3fc3ad5764cb4c vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\***\Documents\RUB\Homepage\socpsy_Grundversion\bilder\SoftonicDownloader91424.exe"
sh=80E0B82286C4830778CF6D558781A6F7C1C93602 ft=1 fh=7dcb11e9da068c87 vn="Variante von Win32/InstallCore.QW evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\***\Downloads\Floola-win_CB-DL-Manager.exe"
sh=563E1B707747F87BD96829B81E92CA1EE04E83FD ft=1 fh=421b349ff9c9cc9b vn="Win32/InstallMonetizer.AF evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\***\Downloads\FreeOCR-5.02.exe"
sh=6927CAE232857693FBB7F7EB7CFEA9E48D636897 ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahpfdkjdonpbcpdfhagllddhpakbikpe\2.2.6_0\dp.js"
sh=B9276CCB99D02DF2AB5E3B289230782ACE0901CE ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahpfdkjdonpbcpdfhagllddhpakbikpe\2.2.6_0\g.js"
sh=7028F239FAC673EE7DC7772ACC75D759EA73837D ft=1 fh=e769f095fe49f653 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7HZ02FY\spstub[1].exe"
sh=0A12774E4D19A9867069C8D3CD3E380D7CB2F59C ft=1 fh=c950eacd9b1cc265 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7HZ02FY\WajamChecker[1].exe"
sh=A01CAE4A9C48BEB8A490C3E88CB03F9B95C31671 ft=1 fh=5c1219a5576ddaa1 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YSHS94LY\sp-downloader[1].exe"
sh=7ABA4DC9BC22D9605675C22CEC12A0DB7EAF0937 ft=1 fh=e11cb87d8b8a9b76 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YSHS94LY\SPSetup[1].exe"
sh=29531FF34ED520FDEF40B88D1C27B77D4064C1B7 ft=1 fh=6f280fcdcbb1a73e vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z87GZ5A5\OrbiterInstaller[1].exe"
sh=116A53020B0D35E2D1E013AC81E61D9BE94512E5 ft=1 fh=fa3fc3ad5764cb4c vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\***\Desktop\Schreibtisch\20111215 Qimonda\QIMONDA\Documents\Homepage AE\Sicherung 10.05.2011\bilder\SoftonicDownloader91424.exe"
sh=116A53020B0D35E2D1E013AC81E61D9BE94512E5 ft=1 fh=fa3fc3ad5764cb4c vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\***\Desktop\Schreibtisch\20111215 Qimonda\QIMONDA\Documents\Homepage AE\socpsy_Grundversion\bilder\SoftonicDownloader91424.exe"
sh=116A53020B0D35E2D1E013AC81E61D9BE94512E5 ft=1 fh=fa3fc3ad5764cb4c vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\***\Documents\RUB\Homepage\socpsy_Grundversion\bilder\SoftonicDownloader91424.exe"
sh=80E0B82286C4830778CF6D558781A6F7C1C93602 ft=1 fh=7dcb11e9da068c87 vn="Variante von Win32/InstallCore.QW evtl. unerwünschte Anwendung" ac=I fn="C:\Users\***\Downloads\Floola-win_CB-DL-Manager.exe"
sh=563E1B707747F87BD96829B81E92CA1EE04E83FD ft=1 fh=421b349ff9c9cc9b vn="Win32/InstallMonetizer.AF evtl. unerwünschte Anwendung" ac=I fn="C:\Users\***\Downloads\FreeOCR-5.02.exe"
sh=2E775BB303FA777AD3BA829DCCF24BCA3A48963F ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Windows\Installer\{9A4888AA-BA75-47C1-B2DF-750D6B9F0DEE}\clbhhioanefffdgfnceedfbmablpghfoerx"
sh=59A3045BF0EE0E213C223C82112072E34E68FE4D ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Windows\Installer\{CD49AE1E-FE17-4D94-BD1F-F422DFE7A65C}\cdligcpahihjjhdepikalejmnbfpfcjocrx"
sh=4C70DB40CBDE1F20F635C50DA2719CC9CC41AE2F ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Windows\Installer\{D874DE3F-6206-41F4-B52E-528BA043657F}\cahpfdkjdonpbcpdfhagllddhpakbikperx"
sh=AD2FAC56F73C779B37C2CF59621DD90B71A69334 ft=1 fh=64bc18eb7df64123 vn="Win32/BHO.OGC Trojaner" ac=I fn="C:\Windows\System32\vaultsvd.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.89
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
(On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (3.0.0.7011)
TuneUp Utilities 2014
TuneUp Utilities Language Pack (de-DE)
TuneUp Utilities 2014 (de-DE)
TuneUp Utilities 2014
JavaFX 2.1.0
Java 7 Update 51
Java version out of Date!
Adobe Flash Player 15.0.0.152
Adobe Reader XI
Mozilla Firefox 32.0.3 Firefox out of Date!
Google Chrome 37.0.2062.124
Google Chrome 38.0.2125.104
Google Chrome wtsapi32.dll..
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2014
Ran by *** (administrator) on ***-THINK on 26-10-2014 22:21:02
Running from C:\Users\***\Desktop
Loaded Profile: *** (Available profiles: ***)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
() C:\Windows\System32\vaultsvd.exe
() C:\Program Files\ASUS\Printer Utilities\UsbService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\ACTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Dropbox, Inc.) C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3110200 2011-06-10] (Lenovo Group Limited)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-04-23] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2379504 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [ACTray] => C:\Program Files\Lenovo\Access Connections\ACTray.exe [433216 2011-10-20] (Lenovo)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-04-23] (Samsung)
HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\...\Run: [GoogleChromeAutoLaunch_3DE93EBB1452A07E5EFE376DE1AED924] => C:\Program Files\Google\Chrome\Application\chrome.exe [854344 2014-10-10] (Google Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico ()
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\***\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\***\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\***\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKCU - {A8945019-18BA-4ECC-B55E-160FD84D07CE} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=386496&p={searchTerms}
SearchScopes: HKCU - {E668679A-8755-47E1-B2EE-49D9FA828DB8} URL =
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files\{DE479452-C0AD-412A-A46E-73FCFAD3E8DB}\{A63CB5F9-17B4-4EA9-9C54-964403152F93}.bin (Download Protect)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\qwf7buxd.default
FF DefaultSearchUrl: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017319.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Download Protect - C:\Program Files\Mozilla Firefox\extensions\{1100902D-4A07-442C-94E6-5EA504FA866B} [2014-09-26]
FF HKLM\...\Firefox\Extensions: [{477CB295-CF05-4270-98E7-8056E6665CE6}] - C:\Windows\Installer\{B76F5C3A-665C-40D3-81B2-383F2125BC9B}\{477CB295-CF05-4270-98E7-8056E6665CE6}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{B76F5C3A-665C-40D3-81B2-383F2125BC9B}\{477CB295-CF05-4270-98E7-8056E6665CE6}.xpi [2014-10-26]
FF HKCU\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension\2.0b12
FF Extension: ThinkVantage Password Manager - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension\2.0b12 [2012-09-11]
FF Extension: No Name - C:\Windows\Installer\{FB9D7926-AF11-4E2A-91CA-DD7B68F3421D}\{FAD80C28-509D-48E1-B3C1-5B7F0B376134}.xpi [Not Found]
Chrome:
=======
CHR Profile: C:\Users\***\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Download Protect) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahpfdkjdonpbcpdfhagllddhpakbikpe [2014-10-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (Google Wallet) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-21]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [134208 2011-10-20] (Lenovo)
R2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [269376 2011-10-20] (Lenovo)
R2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [509448 2012-03-15] (Intel Corporation)
R2 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [104208 2012-04-23] (Intel(R) Corporation)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528624 2009-11-17] (Cisco Systems, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [50536 2010-07-27] (Lenovo Group Limited)
R2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45496 2010-04-07] (Lenovo Group Limited)
R2 LENOVO.TPKNRSVC; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [74088 2010-07-27] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S3 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1665120 2012-05-16] (Lenovo Group Limited)
R2 ScrybeUpdater; C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [131432 2011-07-12] (Lenovo Group Limited)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1773368 2014-03-20] (TuneUp Software)
R2 ucsvc32; C:\Windows\system32\vaultsvd.exe [65024 2012-09-15] () [File not signed]
R2 UsbService; C:\Program Files\ASUS\Printer Utilities\UsbService.exe [217088 2010-08-10] () [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2759984 2012-06-25] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [143360 2012-03-15] (Windows (R) Win 7 DDK provider)
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [143360 2012-03-15] (Windows (R) Win 7 DDK provider)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2009-11-17] (Cisco Systems, Inc.) [File not signed]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKslca47d6a4; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{61418BEB-F8E7-48AB-8CB2-2DC81DE807B3}\MpKslca47d6a4.sys [39464 2014-10-26] (Microsoft Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\Netwsn00.sys [10364416 2012-06-03] (Intel Corporation)
S3 PcaSp60; C:\Windows\System32\DRIVERS\PcaSp60.sys [28672 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [816792 2010-11-19] () [File not signed]
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
S3 s117bus; C:\Windows\System32\DRIVERS\s117bus.sys [82984 2007-06-25] (MCCI Corporation)
S3 s117mdfl; C:\Windows\System32\DRIVERS\s117mdfl.sys [14888 2007-06-25] (MCCI Corporation)
S3 s117mdm; C:\Windows\System32\DRIVERS\s117mdm.sys [108456 2007-06-25] (MCCI Corporation)
S3 s117mgmt; C:\Windows\System32\DRIVERS\s117mgmt.sys [100264 2007-06-25] (MCCI Corporation)
S3 s117nd5; C:\Windows\System32\DRIVERS\s117nd5.sys [22952 2007-06-25] (MCCI Corporation)
S3 s117obex; C:\Windows\System32\DRIVERS\s117obex.sys [98344 2007-06-25] (MCCI Corporation)
S3 s117unic; C:\Windows\System32\DRIVERS\s117unic.sys [98856 2007-06-25] (MCCI Corporation)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [57856 2010-01-06] (SCM Microsystems Inc.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [23608 2012-07-05] (Synaptics Incorporated)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-02-10] (TuneUp Software)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13752 2009-09-29] ()
R3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [66432 2007-12-17] ()
S2 ASPI32; No ImagePath
S3 catchme; \??\C:\Users\***\AppData\Local\Temp\catchme.sys [X]
S2 smihlp2; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-26 16:56 - 2014-10-26 16:56 - 00000000 ____D () C:\Program Files\ESET
2014-10-26 16:55 - 2014-10-26 16:55 - 00854448 _____ () C:\Users\***\Desktop\SecurityCheck.exe
2014-10-26 16:54 - 2014-10-26 16:54 - 02347384 _____ (ESET) C:\Users\***\Desktop\esetsmartinstaller_deu.exe
2014-10-26 10:27 - 2014-10-26 10:27 - 00000000 ____D () C:\Program Files\{DE479452-C0AD-412A-A46E-73FCFAD3E8DB}
2014-10-24 09:54 - 2014-10-24 10:04 - 00035610 _____ () C:\Users\***\Desktop\Addition.txt
2014-10-24 09:53 - 2014-10-26 22:22 - 00022739 _____ () C:\Users\***\Desktop\FRST.txt
2014-10-24 09:53 - 2014-10-26 22:20 - 00000000 ____D () C:\Users\***\Desktop\FRST-OlderVersion
2014-10-24 09:40 - 2014-10-24 10:04 - 00001270 _____ () C:\Users\***\Desktop\JRT.txt
2014-10-24 09:37 - 2014-10-24 09:37 - 01706144 _____ (Thisisu) C:\Users\***\Desktop\JRT.exe
2014-10-24 09:35 - 2014-10-24 10:04 - 00015323 _____ () C:\Users\***\Desktop\AdwCleaner[S0].txt
2014-10-24 09:25 - 2014-10-24 09:56 - 00107999 _____ () C:\Users\***\Desktop\mbam.txt
2014-10-24 09:12 - 2014-10-24 09:13 - 01962496 _____ () C:\Users\***\Desktop\AdwCleaner_4.001.exe
2014-10-24 09:07 - 2014-10-24 09:07 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-24 08:19 - 2014-10-24 08:28 - 971019204 _____ () C:\Users\***\Downloads\DaddysWorkplacePart4_scene1_720p_3800.mp4
2014-10-24 07:48 - 2014-10-24 07:48 - 00001075 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-24 07:48 - 2014-10-24 07:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-24 07:48 - 2014-10-24 07:48 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-10-24 07:48 - 2014-10-01 10:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-24 07:48 - 2014-10-01 10:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-24 07:48 - 2014-10-01 10:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-24 07:36 - 2014-10-24 07:37 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-22 16:27 - 2014-10-22 16:27 - 00026094 _____ () C:\ComboFix.txt
2014-10-22 16:15 - 2014-10-22 16:27 - 00000000 ____D () C:\Qoobox
2014-10-22 16:15 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-22 16:15 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-22 16:15 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-22 16:15 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-22 16:15 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-22 16:15 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-22 16:15 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-22 16:15 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-22 14:41 - 2014-10-22 14:42 - 05584933 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2014-10-22 14:34 - 2014-10-22 14:34 - 00001237 _____ () C:\Users\***\Desktop\Revo Uninstaller.lnk
2014-10-22 14:34 - 2014-10-22 14:34 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-10-22 13:27 - 2014-10-22 13:27 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\***\Downloads\revosetup95.exe
2014-10-20 19:11 - 2014-10-20 19:30 - 00043137 _____ () C:\Users\***\Downloads\Addition.txt
2014-10-20 19:09 - 2014-10-26 22:21 - 00000000 ____D () C:\FRST
2014-10-20 19:09 - 2014-10-26 22:20 - 01104896 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2014-10-20 19:09 - 2014-10-20 19:30 - 00041286 _____ () C:\Users\***\Downloads\FRST.txt
2014-10-19 17:31 - 2014-10-19 17:39 - 661097468 _____ () C:\Users\***\Downloads\ScoutsPart2_scene1_720p_3800.mp4
2014-10-16 15:28 - 2014-10-10 02:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 15:28 - 2014-10-10 02:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 15:28 - 2014-10-10 02:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 15:28 - 2014-09-29 01:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 15:28 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 15:28 - 2014-07-17 02:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 15:28 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 15:28 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 15:28 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 15:28 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 15:28 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 15:28 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 15:27 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 15:27 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 15:27 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 15:27 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 15:27 - 2014-08-29 02:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 15:27 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 15:27 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 15:27 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 15:26 - 2014-09-20 04:58 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 15:26 - 2014-09-20 04:57 - 14368768 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 15:26 - 2014-09-20 04:57 - 13757952 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 15:26 - 2014-09-20 04:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 15:26 - 2014-09-20 04:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 15:26 - 2014-09-20 04:57 - 01762816 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 15:26 - 2014-09-20 04:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 15:26 - 2014-09-20 04:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-16 15:26 - 2014-09-20 04:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 15:26 - 2014-09-20 04:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 15:26 - 2014-09-20 04:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 15:26 - 2014-09-20 04:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 15:26 - 2014-09-20 04:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-16 15:26 - 2014-09-20 04:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 15:26 - 2014-09-20 04:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 15:26 - 2014-09-20 04:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 15:26 - 2014-09-20 04:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 15:26 - 2014-09-20 04:56 - 01440768 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 15:26 - 2014-09-20 04:56 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 15:26 - 2014-09-20 04:56 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 15:26 - 2014-09-20 04:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 15:26 - 2014-09-20 03:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-15 17:50 - 2014-10-15 17:59 - 783669891 _____ () C:\Users\***\Downloads\DaddysWorkplacePart3_scene1_720p_3800.mp4
2014-10-12 18:35 - 2014-10-12 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-10-12 18:35 - 2014-10-12 18:35 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-10-12 10:54 - 2014-10-26 22:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-12 10:54 - 2014-10-17 07:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-12 10:54 - 2014-10-17 07:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-12 10:54 - 2014-10-12 18:35 - 00002023 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-10-12 10:54 - 2014-10-12 18:35 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-10-09 17:44 - 2014-10-09 17:44 - 00000396 _____ () C:\MyUpdateLogs.log
2014-10-08 17:57 - 2014-10-08 17:57 - 00000000 ____D () C:\Users\***\AppData\Local\FreeOCR
2014-10-08 17:02 - 2014-10-08 18:00 - 00000000 ____D () C:\FreeOCR
2014-10-08 17:02 - 2014-10-08 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeOCR
2014-10-08 17:02 - 2007-03-10 09:11 - 02680320 _____ (HiComponents) C:\Windows\system32\ImageEnXLibrary.ocx
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 ____D () C:\Program Files\Temp
2014-10-08 16:59 - 2014-10-08 16:59 - 00414625 _____ ( ) C:\Users\***\Downloads\FreeOCR-5.02.exe
2014-10-08 14:41 - 2014-10-08 14:45 - 823568304 _____ () C:\Users\***\Downloads\DaddysWorkplacePart2_scene1_720p_3800.mp4
2014-10-07 14:07 - 2014-10-07 14:12 - 668087110 _____ () C:\Users\***\Downloads\Payback_scene1_720p_3800.mp4
2014-10-06 17:22 - 2014-10-06 17:22 - 00333824 _____ () C:\Users\***\Downloads\down70516862.ppt
2014-10-06 15:02 - 2014-10-06 15:02 - 02371584 _____ () C:\Users\***\Downloads\blicke_1204reha_ss_11 (1).ppt
2014-10-06 15:02 - 2014-10-06 15:02 - 00649216 _____ () C:\Users\***\Downloads\FR_09_Schmerzmanagement_Abeln.ppt
2014-10-06 14:52 - 2014-10-06 14:52 - 01895936 _____ () C:\Users\***\Downloads\Schmerz2.ppt
2014-10-06 14:52 - 2014-10-06 14:52 - 01570304 _____ () C:\Users\***\Downloads\Kapitel_XIV_Ruecken_u__Psyche_Stand_7-2013.ppt
2014-10-06 14:48 - 2014-10-06 14:48 - 00230400 _____ () C:\Users\***\Downloads\Texte_Vortraege_Schmerz_Humbel.ppt
2014-10-06 14:45 - 2014-10-06 14:45 - 02413056 _____ () C:\Users\***\Downloads\Multimodale_Schmerztherapie_2013.ppt
2014-10-05 18:32 - 2014-10-05 18:41 - 423655048 _____ () C:\Users\***\Downloads\HardRelation_scene1_480p_2000.mp4
2014-10-05 18:14 - 2014-10-05 18:27 - 746331267 _____ () C:\Users\***\Downloads\TheBusinessOfSexPart4_scene1_720p_3800.mp4
2014-10-01 22:00 - 2014-10-01 22:00 - 04753680 _____ () C:\Users\***\Desktop\Schmerzpsychotherapie.pptx
2014-10-01 17:37 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-26 20:06 - 2014-09-26 20:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-26 22:15 - 2010-11-19 03:22 - 01428148 _____ () C:\Windows\WindowsUpdate.log
2014-10-26 21:56 - 2014-06-12 20:10 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-26 16:55 - 2009-07-21 06:30 - 00393244 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-26 11:33 - 2014-03-25 22:54 - 00000728 __RSH () C:\ProgramData\ntuser.pol
2014-10-26 10:56 - 2014-06-12 20:10 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-26 10:40 - 2010-12-06 09:29 - 00000000 ____D () C:\Users\***\AppData\Roaming\Skype
2014-10-26 10:39 - 2011-06-05 14:43 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-10-26 10:33 - 2009-07-14 05:34 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-26 10:33 - 2009-07-14 05:34 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-26 10:26 - 2010-12-05 22:30 - 00000000 ___RD () C:\Users\***\Documents\My Dropbox
2014-10-26 10:26 - 2010-12-05 22:29 - 00000000 ____D () C:\Users\***\AppData\Roaming\Dropbox
2014-10-26 10:24 - 2014-04-09 14:47 - 00018040 _____ () C:\Windows\setupact.log
2014-10-26 10:24 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-24 11:10 - 2014-04-18 13:50 - 00473556 _____ () C:\Windows\PFRO.log
2014-10-24 09:39 - 2011-01-30 18:59 - 00000000 ____D () C:\Program Files\Shareaza Applications
2014-10-24 09:38 - 2013-06-15 09:24 - 00000000 ____D () C:\Windows\ERUNT
2014-10-24 09:31 - 2013-08-21 12:40 - 00000000 ____D () C:\AdwCleaner
2014-10-24 09:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Web
2014-10-22 16:26 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-10-17 11:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-17 11:00 - 2011-06-05 14:43 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-10-17 11:00 - 2009-07-14 05:33 - 00444248 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 10:57 - 2014-04-30 17:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 06:54 - 2010-11-19 22:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-17 06:51 - 2013-08-23 14:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 06:34 - 2010-11-20 08:07 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 14:27 - 2014-06-11 17:23 - 00000000 ____D () C:\Program Files\Opera
2014-10-15 14:19 - 2009-07-14 05:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-12 10:48 - 2010-11-20 22:04 - 00000000 ____D () C:\Users\***\AppData\Local\Adobe
2014-09-29 14:10 - 2013-09-30 15:21 - 00000035 _____ () C:\Windows\Ulead32.INI
Some content of TEMP:
====================
C:\Users\***\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphuh2os.dll
C:\Users\***\AppData\Local\temp\Quarantine.exe
C:\Users\***\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-26 11:06
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-10-2014
Ran by *** at 2014-10-26 22:22:26
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.01 - Lenovo)
Adobe Acrobat 6.0 Professional - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000001}) (Version: 006.000.000 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - )
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.61.00 - )
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS RT-N65U Wireless Router Utilities (HKLM\...\{279C8532-7E37-4C11-A98B-5EF492034CB6}) (Version: 4.2.5.9 - ASUS)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Burn.Now 4.5 (Version: 4.5.0 - Corel Corporation) Hidden
calibre (HKLM\...\{A66F2101-9BFC-4FB6-9277-7F59EF88BCC2}) (Version: 1.38.0 - Kovid Goyal)
Cisco Systems VPN Client 5.0.06.0160 (HKLM\...\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}) (Version: 5.0.6 - Cisco Systems, Inc.)
Client Security - Password Manager (HKLM\...\{18554B3F-46EA-40A9-B4EA-7EEE83C0559D}) (Version: 8.30.0049.00 - Lenovo Group Limited)
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.48.50 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Create Recovery Media (HKLM\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dienstprogramm "ThinkPad UltraNav" (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Disable AMT Profile Synchronization Pop-up for Windows Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
Energie-Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.32 - )
Eraser 6.0.10.2620 (HKLM\...\{A45C5EC7-F13E-4414-99BE-47373935C0FE}) (Version: 6.0.2620 - The Eraser Project)
Evernote v. 5.4 (HKLM\...\{59071464-DAEE-11E3-9080-00163E98E7D0}) (Version: 5.4.0.3698 - Evernote Corp.)
FreeOCR v5.0 (HKLM\...\freeocr_is1) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
GPL Ghostscript 9.00 (HKLM\...\GPL Ghostscript 9.00) (Version: - )
IBM SPSS Smartreader 19 (HKLM\...\{EF0D5825-2FDE-4F02-9B92-A4DB1D7599C8}) (Version: 19.0.0 - IBM)
Integrated Camera Driver Installer Package Ver.1.1.0.48 (HKLM\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.1.0.48 - RICOH)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2622 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
JavaFX 2.1.0 (HKLM\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo Warranty Information (HKLM\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0004.00 - Lenovo)
Lenovo Welcome (HKLM\...\Lenovo Welcome_is1) (Version: 2.0.020.0 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mediencenter 3.8.9799.6 (HKCU\...\Mediencenter) (Version: 3.8.9799.6 - Deutsche Telekom AG)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Metric Collection SDK (Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Reader (HKLM\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version: - )
Microsoft Research AutoCollage Touch 2009 (HKLM\...\{1F8DA253-3C27-4B01-A63A-BA3533120833}) (Version: 2.00.2009 - Microsoft Research)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MP3-Cutter (HKLM\...\MP3-Cutter) (Version: - )
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Nero 9 Essentials (HKLM\...\{fa2dd0a9-2170-4b78-b577-f2f4d9375055}) (Version: - Nero AG)
Nero BurnRights (Version: 3.4.13.100 - Nero AG) Hidden
Nero BurnRights Help (Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (Version: 4.4.4.100 - Nero AG) Hidden
Nero InfoTool (Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (Version: 9.4.38.100 - Nero AG) Hidden
Nero StartSmart Help (Version: 9.4.38.100 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
OLYMPUS Digital Camera Updater (HKLM\...\{A68C62E8-B243-4777-89BB-12173DFA1D45}) (Version: 1.0.1 - OLYMPUS IMAGING CORP.)
Opera Stable 23.0.1522.77 (HKLM\...\Opera 23.0.1522.77) (Version: 23.0.1522.77 - Opera Software ASA)
Opera Stable 25.0.1614.50 (HKLM\...\Opera 25.0.1614.50) (Version: 25.0.1614.50 - Opera Software ASA)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RICOH R5U230 Media Driver ver.2.06.02.02 (HKLM\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.02.02 - RICOH)
RUBICon (HKLM\...\{438134D3-0BD4-4C52-8575-5B2B63AD01C2}) (Version: 2.0.25 - RUB)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
ScanWizard 5 (HKLM\...\{B08D262E-D902-11D5-9C28-0080C85A0C2D}) (Version: - )
Secunia PSI (3.0.0.7011) (HKLM\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (HKLM\...\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}) (Version: 1.6.5.17120 - Synaptics Inc.)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3200 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage Access Connections (HKLM\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.85 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 1.42 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.5 - Lenovo)
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.275 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 10.0.4600.4 - TuneUp Software) Hidden
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.3 - Intel)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\B7541EC5F72AA713F557569278EB6273725F5607) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (HKLM\...\755087041320E005CB1E8A67C5C55A260EB81B90) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Phone app for desktop (HKLM\...\{19773614-FC22-4ACC-AAA3-E6BDA81ACF92}) (Version: 1.1.2726.0 - Microsoft Corporation)
Windows-Treiberpaket - Intel (e1kexpress) Net (12/10/2009 11.5.10.0) (HKLM\...\5C7A2989588CD51E7DBF313D9E4B7DB4F66AE192) (Version: 12/10/2009 11.5.10.0 - Intel)
Windows-Treiberpaket - Intel (HECI) System (09/17/2009 6.0.0.1179) (HKLM\...\30A4777E896192B8D398199AE1AB235B69BAB26D) (Version: 09/17/2009 6.0.0.1179 - Intel)
Windows-Treiberpaket - Intel System (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows-Treiberpaket - Intel System (10/28/2009 9.1.1.1022) (HKLM\...\098EBB26BF07167AB12D1575EC24F883F9435E59) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows-Treiberpaket - Intel System (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows-Treiberpaket - Intel USB (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows-Treiberpaket - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\E77704EF5E71F4F18CADFBFA68595AFE036D5D97) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows-Treiberpaket - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07) (HKLM\...\FD5ED5E16405CDAA5385DE461B9E5379F91ACCCF) (Version: 10/26/2009 6.10.02.07 - Ricoh Company)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\***\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017319.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\***\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\***\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\***\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2424265513-2494307364-3588977769-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
13-10-2014 14:10:09 Windows Update
16-10-2014 14:31:59 Windows Update
17-10-2014 05:29:10 Windows Update
21-10-2014 14:12:22 Windows Update
22-10-2014 13:36:41 Revo Uninstaller's restore point - Update for Zip Opener
22-10-2014 13:38:59 Revo Uninstaller's restore point - Update for Zip Opener
25-10-2014 17:16:08 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2014-10-22 16:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {11BFD002-5FCA-46D7-99CA-18A467A48F38} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {130E4D4F-0BD8-4E7D-8B04-800948F15256} - System32\Tasks\Opera scheduled Autoupdate 1402503819 => C:\Program Files\Opera\launcher.exe [2014-10-15] (Opera Software)
Task: {13C99129-D58F-49E1-99F9-1C0DCD48B19F} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {382BCE53-3859-4CA7-9118-7D0004974434} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-21] (Google Inc.)
Task: {4B3B6F17-67BC-449F-A02B-339C6E7CEEE2} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {6C26C17B-8034-430E-AC63-BB219FCC7542} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
Task: {6C830667-035D-4E6B-AE67-F0C5060B94F0} - System32\Tasks\Google Updater and Installer => C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {6D687FBC-4CD2-44E3-A378-9EC04F756E46} - System32\Tasks\JavaUpdateSched => C:\Windows\System32\jusched.exe
Task: {7D4A2B13-39AC-4795-9979-EA52E300BFD1} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files\Common Files\lenovo\SUP\sup_wermonitor_shim.exe [2014-09-01] ()
Task: {83905B62-68C4-4219-ACFD-F8AA00DE5CE1} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {96212594-E16D-462A-B7E8-2AEE724C769B} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {A08B1692-2261-4B53-8C5F-6279124677FB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-17] (Adobe Systems Incorporated)
Task: {B216C86A-81DA-43DB-B488-769BD1E0BAB0} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe
Task: {B9137AE2-F73D-4B6C-B931-8A2D9CD8FD9A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-21] (Google Inc.)
Task: {BB98A262-CF96-46EF-982D-77B6A6EA3D11} - System32\Tasks\{5242E32B-A714-49F4-AD46-3C3D63060455} => C:\Program Files\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {C5C370D0-07A6-45D4-A86D-A1E9A29A59F8} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {C6932140-D1C0-4FA2-8C6B-7CFCEE01EF21} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {CE82BD9A-B1C2-44CA-93AC-BD318095C569} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {D369F111-A4A5-4D2F-83B3-DB9D615F375D} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11] (Adobe Systems Incorporated)
Task: {EB252E21-311D-4A0E-A926-C4EADB1D0701} - System32\Tasks\Message Center plus => C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
Task: {F171393A-6636-42F6-B6CC-789543151769} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2014-03-20] (TuneUp Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
==================== Loaded Modules (whitelisted) =============
2003-05-15 02:15 - 2003-05-15 02:15 - 00753664 _____ () C:\Program Files\Adobe\Acrobat 6.0\Distillr\AdistRes.DEU
2006-12-09 03:54 - 2006-12-09 03:54 - 00022723 _____ () C:\Windows\System32\sugg1l3.dll
2011-10-20 10:12 - 2011-10-20 10:12 - 00086016 _____ () C:\Program Files\Lenovo\Access Connections\AcWrpc.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-11-17 12:08 - 2009-11-17 12:08 - 00197424 _____ () C:\Windows\system32\vpnapi.dll
2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2014-03-20 13:44 - 2014-03-20 13:44 - 00568120 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2012-09-15 18:43 - 2012-09-15 18:43 - 00065024 _____ () C:\Windows\system32\vaultsvd.exe
2014-05-25 09:37 - 2010-08-10 14:37 - 00217088 ____R () C:\Program Files\ASUS\Printer Utilities\UsbService.exe
2010-11-19 03:18 - 2012-05-16 05:32 - 00094208 _____ () C:\Program Files\ThinkPad\Utilities\GR\PWMRT32V.DLL
2014-10-17 07:13 - 2014-10-17 07:13 - 00186368 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\53867c5c155da47b668e80eb4a84dc51\Kies.Common.DeviceServiceLib.Interface.ni.dll
2014-10-17 07:13 - 2014-10-17 07:13 - 14993920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\86c7c1b7ba431a48215c8d66dfc46df0\Kies.Theme.ni.dll
2014-10-17 07:12 - 2014-10-17 07:12 - 01865728 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\8b48969de0e0c596b6c888aa31171191\Kies.UI.ni.dll
2014-10-17 07:12 - 2014-10-17 07:12 - 00081920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\5fb0786b0ca407287c5872223009b608\Kies.MVVM.ni.dll
2014-10-17 07:13 - 2014-10-17 07:13 - 00236032 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\6815ff93472d008087880a6462931188\ASF_cSharpAPI.ni.dll
2014-10-26 10:25 - 2014-10-26 10:25 - 00043008 _____ () c:\users\***\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphuh2os.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\***\AppData\Roaming\Dropbox\bin\libcef.dll
2014-07-22 22:19 - 2014-10-26 11:33 - 00013312 _____ () C:\Program Files\Google\Chrome\Application\WTSAPI32.dll
2014-10-16 20:53 - 2014-10-10 03:03 - 01042760 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-16 20:53 - 2014-10-10 03:03 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.104\libegl.dll
2014-10-16 20:53 - 2014-10-10 03:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-16 20:53 - 2014-10-10 03:03 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
2014-10-16 20:53 - 2014-10-10 03:04 - 14902600 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2424265513-2494307364-3588977769-500 - Administrator - Disabled)
Gast (S-1-5-21-2424265513-2494307364-3588977769-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2424265513-2494307364-3588977769-1002 - Limited - Enabled)
*** (S-1-5-21-2424265513-2494307364-3588977769-1000 - Administrator - Enabled) => C:\Users\***
==================== Faulty Device Manager Devices =============
Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/26/2014 04:55:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (10/26/2014 11:08:07 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (10/26/2014 11:07:24 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (10/26/2014 11:07:18 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (10/26/2014 10:30:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (10/25/2014 07:20:44 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (10/25/2014 07:19:58 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (10/25/2014 07:19:51 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (10/25/2014 06:10:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (10/24/2014 11:58:01 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
System errors:
=============
Error: (10/26/2014 10:22:58 PM) (Source: LPDSVC) (EventID: 4009) (User: )
Description: \\192.168.1.126\RT-N65U192.168.1.1
Error: (10/26/2014 10:21:19 PM) (Source: LPDSVC) (EventID: 4009) (User: )
Description: \\192.168.1.126\RT-N65U192.168.1.1
Error: (10/26/2014 10:19:21 PM) (Source: LPDSVC) (EventID: 4009) (User: )
Description: \\192.168.1.126\RT-N65U192.168.1.1
Error: (10/26/2014 10:18:33 PM) (Source: LPDSVC) (EventID: 4009) (User: )
Description: \\192.168.1.126\RT-N65U192.168.1.1
Error: (10/26/2014 10:16:06 PM) (Source: LPDSVC) (EventID: 4009) (User: )
Description: \\192.168.1.126\RT-N65U192.168.1.1
Error: (10/26/2014 10:14:23 PM) (Source: LPDSVC) (EventID: 4009) (User: )
Description: \\192.168.1.126\RT-N65U192.168.1.1
Error: (10/26/2014 10:12:49 PM) (Source: LPDSVC) (EventID: 4009) (User: )
Description: \\192.168.1.126\RT-N65U192.168.1.1
Error: (10/26/2014 10:11:50 PM) (Source: LPDSVC) (EventID: 4009) (User: )
Description: \\192.168.1.126\RT-N65U192.168.1.1
Error: (10/26/2014 10:10:48 PM) (Source: LPDSVC) (EventID: 4009) (User: )
Description: \\192.168.1.126\RT-N65U192.168.1.1
Error: (10/26/2014 10:09:03 PM) (Source: LPDSVC) (EventID: 4009) (User: )
Description: \\192.168.1.126\RT-N65U192.168.1.1
Microsoft Office Sessions:
=========================
Error: (10/26/2014 04:55:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (10/26/2014 11:08:07 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion6.0.0.6u9b41C:\Program Files\IBM\SPSS\Smartreader\19\JRE\bin\unpack.dllC:\Program Files\IBM\SPSS\Smartreader\19\JRE\bin\unpack.dll19
Error: (10/26/2014 11:07:24 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dllC:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll0
Error: (10/26/2014 11:07:18 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion6.0.0.6u9b41C:\Program Files\IBM\SPSS\Smartreader\19\JRE\bin\unpack200.exeC:\Program Files\IBM\SPSS\Smartreader\19\JRE\bin\unpack200.exe19
Error: (10/26/2014 10:30:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (10/25/2014 07:20:44 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion6.0.0.6u9b41C:\Program Files\IBM\SPSS\Smartreader\19\JRE\bin\unpack.dllC:\Program Files\IBM\SPSS\Smartreader\19\JRE\bin\unpack.dll19
Error: (10/25/2014 07:19:58 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dllC:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll0
Error: (10/25/2014 07:19:51 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion6.0.0.6u9b41C:\Program Files\IBM\SPSS\Smartreader\19\JRE\bin\unpack200.exeC:\Program Files\IBM\SPSS\Smartreader\19\JRE\bin\unpack200.exe19
Error: (10/25/2014 06:10:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (10/24/2014 11:58:01 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion6.0.0.6u9b41C:\Program Files\IBM\SPSS\Smartreader\19\JRE\bin\unpack.dllC:\Program Files\IBM\SPSS\Smartreader\19\JRE\bin\unpack.dll19
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 67%
Total physical RAM: 2995.67 MB
Available physical RAM: 970.61 MB
Total Pagefile: 5989.63 MB
Available Pagefile: 3217.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.61 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:454.33 GB) (Free:70.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:3.67 GB) (Free:3.6 GB) FAT32
Drive q: (Lenovo_Recovery) (Fixed) (Total:10.25 GB) (Free:5.04 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: BD6B6839)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.3 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Nutze momentan den Chrome Browser. Ist stabil. Stürzt nicht mehr ab! Super ;-) |
|
27.10.2014, 18:24
| #11 |
| /// the machine /// TB-Ausbilder | Ständiger Absturz aller Internet Browser Ja updaten. ESET kannste nochmal laufen lassen und alle Funde löschen lassen. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.10.2014, 20:53
| #12 |
| | Ständiger Absturz aller Internet BrowserCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-10-2014
Ran by *** at 2014-10-28 19:24:03 Run:1
Running from C:\Users\***\Desktop
Loaded Profile: *** (Available profiles: ***)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
The system needed a reboot.
==== End of Fixlog ====
Ansonsten alles tutti! Vielen Dank! |
|
29.10.2014, 19:27
| #13 |
| /// the machine /// TB-Ausbilder | Ständiger Absturz aller Internet Browser Wenn es die Portable Version ist einfach den Ordner löschen, oder behalten. Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
