Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Pc nach Positive Finds Infektion

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.02.2015, 14:38   #1
Nymph
 
Pc nach Positive Finds Infektion - Standard

Pc nach Positive Finds Infektion



Hallo Allerseits

Ich hatte mir am 16.02 Positive Finds über den Free Youtube Downloader von DVDVideoSoft zugezogen. Der Pc ist inzwischen frei von Symptomen, doch bevor ich die Passwörter ändere und den Browser in normalen Betrieb nehme wäre es schön wenn Ihr einen Blick darauf werft ob tatsächlich alle Spuren beseitigt sind.

Es existieren Logfiles, wobei ich einige positive Avira, Adwcleaner und JRT aus den ersten Tagen verloren habe.

Folgendes kann ich anbieten:

FRST - 18-02-2015 23:56:56 - 19-02-2015 00:33:50 - 19-02-2015 05:13:38 - 19-02-2015 19:22:55 - 20-02-2015 21:56:30

GMER - 2015-02-19 00:18:33

Malwarebytes - Positive 2015-02-18 (14-02-37) - Positive mbam-log-2015-02-19 (00-47-51) - seither negativ. Mbam Schutzprotokolle 18.02,19.02,20.02,21.02 alle mit Funden

Malwarebytes Anti Rootkit - lief diverse Male, alles negativ

AdwCleaner - 19/02/2015 at 17:31:39 - seither negativ

JRT - positiv am 18.02 (verloren) - seither negativ

ESET - Positive, alles AdwQuarantäne 19.02.15 11:23:17 - Positive 2015-02-19 03:28:19 - seither negativ.

herdProtect - Positive 18-02-15 22-37 - Positive 18.02.15 23-46 - Positive 19-02-15 20-37

Avira - positiv am 17.02 (verloren) - seither negativ.


Um den Thread nicht unnötig zu überladen warte ich um zu sehen, was davon mein Helfer als tatsächlich relevant empfindet und poste es dann unverzüglich nach.

Auf alle Fälle tausend Dank im Voraus,

Nymph

Alt 21.02.2015, 14:59   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Pc nach Positive Finds Infektion - Standard

Pc nach Positive Finds Infektion



hi,

frische FRST Logs bitte.


Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 21.02.2015, 15:19   #3
Nymph
 
Pc nach Positive Finds Infektion - Standard

Pc nach Positive Finds Infektion



FRST
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-02-2015 01
Ran by Laura (administrator) on TYSIA on 21-02-2015 15:15:34
Running from C:\Users\Laura\Contacts\Desktop
Loaded Profiles: Laura &  (Available profiles: Laura & Catsitter & Administrator)
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll",DllRegisterServer
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll",DllRegisterServer
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer
HKU\S-1-5-21-3161636880-329456100-441217609-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3161636880-329456100-441217609-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3161636880-329456100-441217609-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3161636880-329456100-441217609-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-3161636880-329456100-441217609-1001\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-1001\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [] 
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\Explorer: [] 
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Policies\Explorer: [] 
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe
IFEO\appvlp.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\cvh.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\divxcontrolpanellauncher.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\hpwucli.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\icloud.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\iclouddrive.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\icloudweb.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\lync.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\msoev.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\msotd.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\msouc.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\ocpubmgr.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\onenotem.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\setlang.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\sftdde.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\shellstreamsshortcut.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-3161636880-329456100-441217609-1005\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
URLSearchHook: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} -  No File
URLSearchHook: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - (No Name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} -  No File
URLSearchHook: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 - (No Name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} -  No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1001 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4B2C0209-C85F-4093-B5F2-112754D6F35A} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_cmi_14_28_ch&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DzytD0FyD0DtCyB0C0AyDtN0D0Tzu0SzytBtDtN1L2XzutBtFtBtCtFtCtCtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtByDzztCtA0D0EtGyDtC0DyDtGyByDtDtBtGtD0FyD0AtGtA0B0Fzy0FyCzzyE0C0EyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzzzzz0FtBtGtA0A0AzztG0C0EtDtCtG0CtC0E0BtGtDyDtB0D0D0E0CzytDyCtBtB2Q&cr=2143589514&ir=
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111123130204745&tb_oid=23-11-2011&tb_mrud=23-11-2011
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {4B2C0209-C85F-4093-B5F2-112754D6F35A} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_cmi_14_28_ch&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DzytD0FyD0DtCyB0C0AyDtN0D0Tzu0SzytBtDtN1L2XzutBtFtBtCtFtCtCtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtByDzztCtA0D0EtGyDtC0DyDtGyByDtDtBtGtD0FyD0AtGtA0B0Fzy0FyCzzyE0C0EyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzzzzz0FtBtGtA0A0AzztG0C0EtDtCtG0CtC0E0BtGtDyDtB0D0D0E0CzytDyCtBtB2Q&cr=2143589514&ir=
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111123130204745&tb_oid=23-11-2011&tb_mrud=23-11-2011
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {4B2C0209-C85F-4093-B5F2-112754D6F35A} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_cmi_14_28_ch&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DzytD0FyD0DtCyB0C0AyDtN0D0Tzu0SzytBtDtN1L2XzutBtFtBtCtFtCtCtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtByDzztCtA0D0EtGyDtC0DyDtGyByDtDtBtGtD0FyD0AtGtA0B0Fzy0FyCzzyE0C0EyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzzzzz0FtBtGtA0A0AzztG0C0EtDtCtG0CtC0E0BtGtDyDtB0D0D0E0CzytDyCtBtB2Q&cr=2143589514&ir=
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111123130204745&tb_oid=23-11-2011&tb_mrud=23-11-2011
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4B2C0209-C85F-4093-B5F2-112754D6F35A} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_cmi_14_28_ch&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DzytD0FyD0DtCyB0C0AyDtN0D0Tzu0SzytBtDtN1L2XzutBtFtBtCtFtCtCtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtByDzztCtA0D0EtGyDtC0DyDtGyByDtDtBtGtD0FyD0AtGtA0B0Fzy0FyCzzyE0C0EyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzzzzz0FtBtGtA0A0AzztG0C0EtDtCtG0CtC0E0BtGtDyDtB0D0D0E0CzytDyCtBtB2Q&cr=2143589514&ir=
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111123130204745&tb_oid=23-11-2011&tb_mrud=23-11-2011
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {4B2C0209-C85F-4093-B5F2-112754D6F35A} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_cmi_14_28_ch&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DzytD0FyD0DtCyB0C0AyDtN0D0Tzu0SzytBtDtN1L2XzutBtFtBtCtFtCtCtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtByDzztCtA0D0EtGyDtC0DyDtGyByDtDtBtGtD0FyD0AtGtA0B0Fzy0FyCzzyE0C0EyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzzzzz0FtBtGtA0A0AzztG0C0EtDtCtG0CtC0E0BtGtDyDtB0D0D0E0CzytDyCtBtB2Q&cr=2143589514&ir=
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111123130204745&tb_oid=23-11-2011&tb_mrud=23-11-2011
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {4B2C0209-C85F-4093-B5F2-112754D6F35A} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_cmi_14_28_ch&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DzytD0FyD0DtCyB0C0AyDtN0D0Tzu0SzytBtDtN1L2XzutBtFtBtCtFtCtCtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtByDzztCtA0D0EtGyDtC0DyDtGyByDtDtBtGtD0FyD0AtGtA0B0Fzy0FyCzzyE0C0EyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzzzzz0FtBtGtA0A0AzztG0C0EtDtCtG0CtC0E0BtGtDyDtB0D0D0E0CzytDyCtBtB2Q&cr=2143589514&ir=
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111123130204745&tb_oid=23-11-2011&tb_mrud=23-11-2011
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart Print Helper -> {FD6C6509-FE36-44B0-A917-6C2A0DDBDF88} -> C:\Program Files\Hewlett-Packard\Smart Print 2.7\Espresso.dll (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\biV8Jwpq.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=11.11.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.11.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\biV8Jwpq.default\Extensions\abs@avira.com [2015-02-20]

Chrome: 
=======
CHR HomePage: Default -> hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (Star Stable Online) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbhalcddeebgbegbfkgngofgldddanae\1.0.0.5_0\npstudioruntime.dll (World of Horsecraft AB)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 8.0.110.12) - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 8 U11) - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (A Quotation) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\aafpohheobbibbehfjogminpinjhlpmg [2015-02-20]
CHR Extension: (StudyMode.com) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\afhaomgjckjnioommpjdnanglalimoon [2015-02-20]
CHR Extension: (oTranscribe) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcepnaeajjgbbagpgaihnljdadhhibb [2015-02-20]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2015-02-20]
CHR Extension: (Newsela) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfpeiapdhnegnfcfkdfihabadngjagfj [2015-02-20]
CHR Extension: (Todoist for Chromebook) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjohebimpjdhhocbknplfelpmdhifhd [2015-02-20]
CHR Extension: (Quizlet) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgofflgeghkhocbociocnckocbjmomjh [2015-02-20]
CHR Extension: (Gliffy Diagrams) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmicilclplefnflapjmnngmkkkkpfad [2015-02-20]
CHR Extension: (WOT) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-02-19]
CHR Extension: (YouTube) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-20]
CHR Extension: (CurriculumLoft) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnmoibmekgcegldojdjnhjfhcjkhoihd [2015-02-20]
CHR Extension: (FastFig) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\bogefeobnkbodnohkifkjfdipjmdljkd [2015-02-20]
CHR Extension: (EasyBib) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbpiiblghhnlalifiaddecedaeaijdpe [2015-02-20]
CHR Extension: (Flashcard Stash) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgopclnilgekngdlkfkegddejocmmmim [2015-02-20]
CHR Extension: (Bookalize) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\coibmloalinjcpcboimmeibmdhonfhad [2015-02-20]
CHR Extension: (Wörterbuch Latein) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpmklgjkhbekncoffnedmenihggbcbpd [2015-02-20]
CHR Extension: (iVocab: GRE, TOEFL and SAT) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddbfkngjokojcmmadaaipmjiacnnmgbl [2015-02-20]
CHR Extension: (Davitily Math Academy) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdgkencbhniekejnjmlkpfmcambmikj [2015-02-20]
CHR Extension: (Brilliant) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\eommhbliilafdkodaijeejngbjiiaccl [2015-02-20]
CHR Extension: (Type Scout) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\fedokkaolmkkoeedicihicdeppjjeamj [2015-02-20]
CHR Extension: (Avira Browser Safety) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-06]
CHR Extension: (Science Penguin) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\gimenpegjajnbdolclaoenakboibojfd [2015-02-20]
CHR Extension: (Days Until) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjoncaelhmjienakbbocmlceofcjpdlg [2015-02-20]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2015-02-20]
CHR Extension: (Typo Express) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\haijhjgfgmgemgjeoomhobpcfgekifcj [2015-02-20]
CHR Extension: (Pomodoro Timer) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgjlgjnpkpmnpojkkpfkogapiclopop [2015-02-20]
CHR Extension: (KanbanFlow) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhlbmjihokflibmbfmldajolmkaemhi [2015-02-20]
CHR Extension: (Send Anywhere (File Transfer)) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihbikoooaenkpdooehgemieligjejcb [2015-02-20]
CHR Extension: (Popular Math) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\hldopnmmmjmhibkkhjihpejkbpnnnmkm [2015-02-20]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-02-20]
CHR Extension: (Cram.com Flashcards) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibnbbdmpeahiaeeiadlfamiomkomeijh [2015-02-20]
CHR Extension: (wikiHow Survival Kit) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ickaeddjnhfofihhibhnjemlphjmnchl [2015-02-20]
CHR Extension: (Memrise) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipanemchpnjhopmgcmmjhjcniogmoooc [2015-02-20]
CHR Extension: (Anatomy Games) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbplkkegndhkgnendpdhcffamoplajga [2015-02-20]
CHR Extension: (RechnungXXL) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfpokejaigabbkedehdmkdoblcamilok [2015-02-20]
CHR Extension: (ProProfs Flashcards Software) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmgkcoagcbljcbdnapoioiifghiioaba [2015-02-20]
CHR Extension: (Star Stable Online starstable.sat1spiele.de) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbhalcddeebgbegbfkgngofgldddanae [2015-02-18]
CHR Extension: (iDoneThis) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\lokihmieoechcdpifjfhokeamedacaed [2015-02-20]
CHR Extension: (Word Counter Notepad - Counts what you write.) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbmbpobpcglgjninpmpmdocbjdjimid [2015-02-20]
CHR Extension: (Ghostery) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-02-20]
CHR Extension: (Math Science Engineering Calculators) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnaaclhkigagfmmmejenjpgjmemgkipa [2015-02-20]
CHR Extension: (DropTask) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbjipcefkmoefanpmoknoeagoaokhifa [2015-02-20]
CHR Extension: (TeacherTube) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbnaepfkikcjdhaciekglfcjnfbgpmdn [2015-02-20]
CHR Extension: (BrainShare) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nokdnmolecgbjheobnnnloifgilgimof [2015-02-20]
CHR Extension: (TypingClub) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah [2015-02-20]
CHR Extension: (Artezio Chronometers) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfanegcbhiaecibiehjcgobhbaibepg [2015-02-20]
CHR Extension: (Wunderlist for Chrome) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojcflmmmcfpacggndoaaflkmcoblhnbh [2015-02-20]
CHR Extension: (Freelancy Time Tracker) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkajbcicgbkoefeclmjjbdhidnnmgkh [2015-02-20]
CHR Extension: (Reference.com) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooffafbjcjgjinobbfdgkefebeiodngk [2015-02-20]
CHR Extension: (k-12 Mathematical Simulations) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\phibhpccfjfcchdcmkjlfflancpppomn [2015-02-20]
CHR Extension: (Evernote Web Clipper) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2015-02-08]
CHR Extension: (Gmail) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-11-10] (Adobe Systems) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
S4 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1679536 2014-11-11] (Microsoft Corporation)
S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [1087792 2014-11-10] (Flexera Software LLC)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1729336 2013-12-10] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11944 2013-03-08] (Advanced Micro Devices Inc.)
R0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [15528 2012-09-23] (Advanced Micro Devices, Inc.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [62592 2010-05-14] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [24192 2010-05-14] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-11-24] (Avira Operations GmbH & Co. KG)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [23136 2012-07-16] (JMicron Technology Corp.)
R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [28464 2011-12-29] (COMPAL ELECTRONIC INC.)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF32.sys [108544 2011-08-15] (Matrox Graphics Inc.) [File not signed]
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [104744 2009-03-25] (MCCI Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-11-24] (Avira GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-11-16] (TuneUp Software)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U3 ugtdipod; \??\C:\Users\Laura\AppData\Local\Temp\ugtdipod.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-21 15:14 - 2015-02-21 15:14 - 00000000 _____ () C:\Users\Laura\defogger_reenable
2015-02-21 03:02 - 2015-02-21 03:02 - 00000000 ____D () C:\Windows\system32\SPReview
2015-02-20 19:08 - 2015-02-20 19:08 - 00132100 _____ () C:\Windows\PFRO.log
2015-02-20 16:45 - 2015-02-20 16:45 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Avira
2015-02-20 16:44 - 2015-02-20 16:41 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-02-20 16:40 - 2015-02-20 16:40 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Mozilla
2015-02-20 16:35 - 2014-11-24 10:23 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-02-20 16:35 - 2014-11-24 10:23 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-02-20 16:35 - 2014-11-24 10:23 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-02-20 16:35 - 2014-11-24 10:23 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2015-02-20 16:29 - 2015-02-20 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-20 16:03 - 2015-02-20 19:08 - 00000112 _____ () C:\Windows\setupact.log
2015-02-20 16:03 - 2015-02-20 16:03 - 00459320 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-20 16:03 - 2015-02-20 16:03 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-20 00:17 - 2015-02-20 00:17 - 00001717 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-20 00:17 - 2015-02-20 00:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-20 00:06 - 2015-02-20 00:06 - 00117776 _____ () C:\Users\Laura\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-20 00:05 - 2015-02-20 00:13 - 00000000 ____D () C:\Users\Laura\Downloads\chrome-youtube-downloader-2.6.20
2015-02-20 00:02 - 2015-02-20 00:02 - 00099158 _____ () C:\Users\Laura\Downloads\chrome-youtube-downloader-2.6.20.zip
2015-02-19 17:26 - 2015-02-21 13:31 - 00000000 ____D () C:\AdwCleaner
2015-02-19 11:29 - 2015-02-19 11:29 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-02-19 11:28 - 2015-02-20 21:24 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-19 05:16 - 2015-02-19 11:45 - 00000000 ____D () C:\Program Files\ESET
2015-02-18 21:42 - 2015-02-21 15:15 - 00000000 ____D () C:\FRST
2015-02-18 21:32 - 2015-02-18 21:32 - 00001230 _____ () C:\Users\Public\Desktop\herdProtect.lnk
2015-02-18 21:32 - 2015-02-18 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herdProtect
2015-02-18 21:32 - 2015-02-18 21:32 - 00000000 ____D () C:\Program Files\Reason
2015-02-18 19:28 - 2015-02-18 19:28 - 00000000 ____D () C:\Users\Laura\Tracing
2015-02-18 19:27 - 2015-02-18 19:27 - 00000000 ___RD () C:\Program Files\Skype
2015-02-18 19:27 - 2015-02-18 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-02-18 19:27 - 2015-02-18 19:27 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-02-18 16:16 - 2015-02-18 16:17 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-02-18 14:00 - 2015-02-21 13:19 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-18 13:59 - 2015-02-18 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-18 13:59 - 2015-02-18 13:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-18 13:59 - 2015-02-18 13:59 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-02-18 13:59 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-18 13:59 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-18 13:59 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-17 14:24 - 2015-02-18 13:05 - 00000000 ____D () C:\Users\Laura\AppData\Local\EvernoteNW
2015-02-17 00:16 - 2013-12-10 18:43 - 00030520 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2015-02-17 00:16 - 2013-12-10 18:43 - 00022328 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2015-02-17 00:10 - 2015-02-17 00:10 - 00002111 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
2015-02-17 00:10 - 2015-02-17 00:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
2015-02-17 00:10 - 2013-12-10 18:43 - 00032568 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2015-02-16 23:59 - 2015-02-16 23:59 - 00000000 ____D () C:\Users\Catsitter\AppData\Local\Apple Computer
2015-02-16 16:09 - 2015-02-19 04:49 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-15 22:54 - 2015-02-15 22:54 - 00002211 _____ () C:\Users\Laura\AppData\Local\recently-used.xbel
2015-02-15 22:50 - 2015-02-15 22:54 - 00000000 ____D () C:\Users\Laura\AppData\Local\gtk-2.0
2015-02-11 00:31 - 2015-02-11 00:31 - 00001353 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDMaker - Shortcut.lnk
2015-02-11 00:26 - 2015-02-11 00:26 - 00000000 ____D () C:\Users\Laura\Documents\My Weblog Posts
2015-02-10 23:33 - 2015-02-10 23:33 - 00000000 ____D () C:\Users\Laura\Documents\The Lord of the Rings Online
2015-02-10 23:30 - 2015-02-18 16:17 - 00000000 ___RD () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Player
2015-02-10 22:17 - 2015-02-11 00:35 - 00000000 ___RD () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Creatives
2015-02-10 20:37 - 2015-02-10 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-02-09 05:48 - 2015-02-20 16:34 - 00000000 ____D () C:\Program Files\Avira
2015-02-09 02:50 - 2015-02-09 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-02-09 02:49 - 2015-02-09 02:49 - 00000000 ____D () C:\Program Files\Evernote
2015-02-09 00:57 - 2015-02-19 17:44 - 00000000 ___RD () C:\Users\Laura\.thumbnails
2015-02-09 00:47 - 2015-02-15 22:54 - 00000000 ____D () C:\Users\Laura\.gimp-2.8
2015-02-09 00:47 - 2015-02-09 00:47 - 00000000 ____D () C:\Users\Laura\AppData\Local\gegl-0.2
2015-02-09 00:47 - 2015-02-09 00:47 - 00000000 ____D () C:\Users\Laura\AppData\Local\fontconfig
2015-02-09 00:39 - 2009-07-14 02:14 - 01971200 _____ (Microsoft Corporation) C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDMaker.exe
2015-02-09 00:31 - 2015-02-09 00:31 - 00000000 ____D () C:\Users\Public\CyberLink
2015-02-09 00:31 - 2010-01-06 22:37 - 00415016 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerDVDCopy.exe
2015-02-09 00:30 - 2009-12-03 00:37 - 02684200 _____ (CyberLink Corp.) C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power2GoExpress.exe
2015-02-09 00:29 - 2009-12-03 00:32 - 02508072 _____ (CyberLink Corp.) C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power2Go.exe
2015-02-09 00:28 - 2010-01-15 22:47 - 00664872 _____ (CyberLink Corp.) C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LabelPrint.exe
2015-02-09 00:18 - 2011-06-01 16:57 - 00561984 _____ (Apple Inc.) C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoftwareUpdate.exe
2015-02-09 00:08 - 2015-02-10 22:19 - 00000000 ___RD () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2015-02-09 00:07 - 2015-02-08 00:11 - 00001012 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shareaza.lnk
2015-02-09 00:07 - 2014-07-07 20:18 - 00002505 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Skype.lnk
2015-02-09 00:07 - 2011-11-25 20:23 - 00001124 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2015-02-09 00:07 - 2011-10-28 15:34 - 00001121 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger.lnk
2015-02-09 00:06 - 2015-02-08 16:22 - 00001717 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iTunes.lnk
2015-02-09 00:06 - 2015-02-08 01:23 - 00001181 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wp7EasyBackup.lnk
2015-02-09 00:02 - 2014-07-21 14:22 - 00001971 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetBeans IDE 8.0.lnk
2015-02-09 00:02 - 2014-07-21 13:59 - 00001992 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Java Mission Control.lnk
2015-02-09 00:02 - 2012-11-29 01:26 - 00002114 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lotro.lnk
2015-02-08 23:57 - 2015-02-08 02:28 - 00001322 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wordpad.lnk
2015-02-08 23:57 - 2015-01-15 06:52 - 00000896 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evernote.lnk
2015-02-08 23:57 - 2014-07-11 02:38 - 00002458 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business 2013.lnk
2015-02-08 23:57 - 2013-10-03 17:30 - 00002516 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InfoPath Designer 2013.lnk
2015-02-08 23:57 - 2013-10-03 17:30 - 00002496 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InfoPath Filler 2013.lnk
2015-02-08 23:57 - 2013-10-03 17:30 - 00002455 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word 2013.lnk
2015-02-08 23:57 - 2013-10-03 17:30 - 00002451 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel 2013.lnk
2015-02-08 23:57 - 2013-10-03 17:30 - 00002441 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\An OneNote 2013 senden.lnk
2015-02-08 23:57 - 2013-10-03 17:30 - 00002430 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint 2013.lnk
2015-02-08 23:57 - 2013-10-03 17:30 - 00002406 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lync 2013.lnk
2015-02-08 23:57 - 2013-10-03 17:30 - 00002405 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Publisher 2013.lnk
2015-02-08 23:57 - 2013-10-03 17:30 - 00002372 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Access 2013.lnk
2015-02-08 23:57 - 2013-10-03 17:30 - 00002369 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneNote 2013.lnk
2015-02-08 23:57 - 2013-10-03 17:30 - 00002341 _____ () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook 2013.lnk
2015-02-08 21:09 - 2013-10-03 17:28 - 01804512 _____ () C:\WindowsGABRIOLA.tt2
2015-02-08 20:27 - 2015-02-08 20:27 - 00000000 ____D () C:\Users\Laura\.jmc
2015-02-08 20:27 - 2015-02-08 20:27 - 00000000 ____D () C:\Users\Laura\.eclipse
2015-02-08 16:45 - 2015-02-17 15:15 - 00000000 ____D () C:\Users\Laura\Downloads\Icons and Vectors
2015-02-08 02:08 - 2015-02-10 22:19 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-08 00:53 - 2015-02-08 00:53 - 00000000 ____D () C:\Wp7EasyBackup
2015-02-08 00:12 - 2015-02-08 00:12 - 00000000 ____D () C:\Users\Laura\AppData\Local\Shareaza
2015-02-08 00:11 - 2015-02-08 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shareaza
2015-02-08 00:11 - 2015-02-08 00:12 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Shareaza
2015-02-08 00:09 - 2015-02-08 02:35 - 00000000 ____D () C:\Program Files\Shareaza
2015-02-08 00:07 - 2015-02-08 00:24 - 00000000 ____D () C:\Shareaza_2.7.8.0
2015-02-07 23:23 - 2015-02-08 00:42 - 00000000 ____D () C:\Program Files\GIMP 2

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-21 15:15 - 2013-02-25 05:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-21 15:15 - 2011-10-28 13:31 - 01103776 _____ () C:\Windows\WindowsUpdate.log
2015-02-21 15:14 - 2011-10-28 13:32 - 00000000 ____D () C:\Users\Laura
2015-02-20 19:17 - 2014-07-09 16:01 - 00000000 ___RD () C:\Users\Laura\Downloads\Programme Setups
2015-02-20 19:16 - 2009-07-14 05:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-20 19:16 - 2009-07-14 05:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-20 19:08 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-20 16:34 - 2013-08-06 23:04 - 00000000 ____D () C:\ProgramData\Avira
2015-02-20 16:25 - 2014-08-05 11:45 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-20 00:17 - 2014-10-17 12:38 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-02-20 00:17 - 2014-09-17 09:48 - 00000000 ____D () C:\Program Files\iTunes
2015-02-20 00:16 - 2014-09-17 09:48 - 00000000 ____D () C:\Program Files\iPod
2015-02-20 00:16 - 2012-10-11 16:33 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-20 00:06 - 2013-12-25 02:36 - 00105903 _____ () C:\Users\Laura\Downloads\chrome-youtube-downloader-2.6.20.crx
2015-02-19 04:53 - 2012-10-14 17:18 - 00000000 __SHD () C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2015-02-19 02:10 - 2011-11-03 14:24 - 00000000 ____D () C:\Users\Laura\AppData\Local\Windows Live
2015-02-19 00:42 - 2011-10-28 13:29 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-19 00:42 - 2011-10-28 13:29 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-18 21:13 - 2013-05-01 13:01 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Skype
2015-02-18 19:27 - 2013-05-01 13:00 - 00000000 ____D () C:\ProgramData\Skype
2015-02-18 17:45 - 2012-10-14 17:37 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\TuneUp Software
2015-02-18 17:30 - 2012-10-14 17:35 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-18 16:18 - 2013-10-03 17:24 - 00000000 ____D () C:\Program Files\Microsoft Office 2013
2015-02-18 13:11 - 2014-10-08 06:50 - 00000000 ___RD () C:\Users\Laura\iCloudDrive
2015-02-18 13:07 - 2009-07-14 05:53 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-18 10:38 - 2014-11-10 11:58 - 00000000 ____D () C:\Users\Laura\AppData\Local\Akamai
2015-02-17 00:15 - 2012-10-14 17:37 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2013
2015-02-17 00:00 - 2013-01-17 10:58 - 00000000 ____D () C:\Users\Catsitter\AppData\Roaming\Apple Computer
2015-02-16 06:34 - 2009-07-14 03:04 - 00000497 _____ () C:\Windows\win.ini
2015-02-15 22:00 - 2011-10-28 13:36 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Adobe
2015-02-14 16:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-12 15:12 - 2014-10-08 06:55 - 00000000 ____D () C:\Users\Laura\AppData\Local\20FF9895-9903-4559-85FC-E4E697E8854B.aplzod
2015-02-12 07:11 - 2012-10-11 16:41 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Apple Computer
2015-02-12 07:11 - 2012-10-11 16:41 - 00000000 ____D () C:\Users\Laura\AppData\Local\Apple Computer
2015-02-11 00:52 - 2011-11-02 15:41 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\TS3Client
2015-02-11 00:40 - 2010-11-12 00:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-02-11 00:26 - 2012-04-13 15:03 - 00000000 ____D () C:\Users\Laura\AppData\Local\Windows Live Writer
2015-02-10 23:45 - 2012-03-10 12:45 - 00000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2015-02-10 23:38 - 2011-11-02 15:10 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2015-02-10 23:37 - 2010-09-15 14:00 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-10 21:59 - 2012-10-11 16:35 - 00000000 ____D () C:\Users\Laura\AppData\Local\Apple
2015-02-10 11:52 - 2012-05-29 01:37 - 00117776 _____ () C:\Users\Catsitter\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-10 11:50 - 2012-05-29 01:36 - 00000000 ____D () C:\Users\Catsitter
2015-02-09 05:27 - 2014-11-10 11:57 - 00000000 ____D () C:\Autodesk
2015-02-09 03:03 - 2010-09-15 14:43 - 00000000 ____D () C:\Program Files\CyberLink
2015-02-09 02:52 - 2014-07-11 14:50 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-02-09 00:54 - 2012-10-11 16:35 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-02-09 00:34 - 2011-10-28 15:55 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\DivX
2015-02-09 00:31 - 2011-10-30 02:23 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\CyberLink
2015-02-09 00:31 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-02-09 00:14 - 2012-01-31 21:03 - 00000000 ____D () C:\Users\Laura\AppData\Local\Adobe
2015-02-08 22:18 - 2012-05-07 21:43 - 00000000 ___RD () C:\Users\Laura\Documents\Hauswirtschaft
2015-02-08 21:16 - 2009-07-14 08:48 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-08 21:09 - 2013-10-03 17:23 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-08 16:09 - 2014-09-01 01:19 - 00000000 ____D () C:\Users\Laura\Documents\Magazine
2015-02-08 14:32 - 2014-07-11 14:38 - 00000000 ____D () C:\Users\Laura\AppData\Local\HP
2015-02-08 14:32 - 2013-02-21 08:42 - 00000000 ____D () C:\Users\Laura\AppData\Local\PluginCompendium
2015-02-08 14:32 - 2012-11-28 21:33 - 00000000 ____D () C:\Users\Laura\.swt
2015-02-08 14:32 - 2012-02-01 22:02 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\dvdcss
2015-02-08 14:32 - 2011-11-08 17:12 - 00000000 ____D () C:\Users\Laura\AppData\Local\Turbine
2015-02-08 14:32 - 2011-10-28 13:32 - 00000000 ___RD () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-08 14:32 - 2011-10-28 13:32 - 00000000 ___RD () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-08 14:31 - 2014-11-10 13:30 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Java Development Kit
2015-02-08 14:31 - 2014-02-24 13:03 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Java
2015-02-08 14:31 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-02-08 14:31 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-02-08 01:10 - 2014-10-13 14:08 - 00000000 ____D () C:\Users\Laura\Documents\Life Management
2015-02-07 23:40 - 2010-07-06 21:23 - 00809232 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-07 23:38 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-05 20:15 - 2013-02-25 05:59 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 20:15 - 2013-02-25 05:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2011-11-08 17:12 - 2011-11-08 17:12 - 0000093 _____ () C:\Users\Laura\AppData\Local\fusioncache.dat
2015-02-15 22:54 - 2015-02-15 22:54 - 0002211 _____ () C:\Users\Laura\AppData\Local\recently-used.xbel
2013-09-02 15:34 - 2013-09-02 15:34 - 0000017 _____ () C:\Users\Laura\AppData\Local\resmon.resmoncfg
2014-07-11 14:49 - 2014-07-11 14:49 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-10-05 13:51 - 2014-10-05 13:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-03-10 12:45 - 2015-02-10 23:45 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2014-11-10 12:48 - 2014-11-10 12:48 - 0000147 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some content of TEMP:
====================
C:\Users\Catsitter\AppData\Local\Temp\avgnt.exe
C:\Users\Laura\AppData\Local\Temp\avgnt.exe
C:\Users\Laura\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Laura\AppData\Local\Temp\HPPSdr.exe
C:\Users\Laura\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Laura\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Laura\AppData\Local\Temp\Setup.x86.de-DE_ProPlusRetail_XFYDJ-8N7VQ-6YCWB-2VXRP-3YF3D_act_1_.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-20 20:28

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-02-2015 01
Ran by Laura at 2015-02-21 15:16:31
Running from C:\Users\Laura\Contacts\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Der Herr der Ringe Online™“ v03.08.00.8025 (HKLM\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 03.08.00.8025 - Turbine, Inc.)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.0.16600 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-3161636880-329456100-441217609-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (32-Bit) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{586647DB-C4AC-6691-FD95-9A1B3B603502}) (Version: 3.0.795.0 - ATI Technologies, Inc.)
Avira (HKLM\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Blender (HKLM\...\Blender) (Version: 2.71 - Blender Foundation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (Version: 2010.0930.2237.38732 - ATI) Hidden
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
CorelDRAW Essentials 4 - Content (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 (Version: 4.0 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2515 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
Evernote v. 5.8.3 (HKLM\...\{404B3FB8-A820-11E4-83FC-00163E98E7D6}) (Version: 5.8.3.6507 - Evernote Corp.)
Fotogalerija Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
herdProtect Anti-Malware Scanner (HKLM\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
HP Deskjet 1510 series Basic Device Software (HKLM\...\{61268BF7-3EC8-4CDC-922B-C8F718A0D46F}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 1510 series Help (HKLM\...\{2E25FCEB-EFCB-4696-AA01-D3CBAC721831}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Smart Print 2.7 (HKLM\...\{06B3D8C2-AAF2-4154-A4BD-71806AC41172}) (Version: 2.7.0.238 - Hewlett-Packard)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
iTunes (HKLM\...\{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}) (Version: 12.1.1.4 - Apple Inc.)
Java SE Development Kit 8 Update 11 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180110}) (Version: 8.0.110 - Oracle Corporation)
JavaFX 2.1.0 (HKLM\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LOTRO Plugin Compendium (HKLM\...\{3BF7818D-2482-4676-A237-915A11A97847}) (Version: 1.0.3 - Lunarwater)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Español (HKLM\...\{90150000-001F-0C0A-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Română (HKLM\...\{90150000-001F-0418-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetBeans IDE 8.0 (HKLM\...\nbi-nb-base-8.0.0.0.201403101706) (Version: 8.0 - NetBeans.org)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
PDF Split And Merge Basic (HKLM\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.3 - Andrea Vacondio)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shareaza 2.7.8.0 (HKLM\...\Shareaza_is1) (Version: 2.7.8.0 - Shareaza Development Team)
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TuneUp Utilities 2013 (HKLM\...\TuneUp Utilities 2013) (Version: 13.0.4000.179 - TuneUp Software)
TuneUp Utilities 2013 (Version: 13.0.4000.179 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 13.0.4000.179 - TuneUp Software) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Συλλογή φωτογραφιών του Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{04CC76C7-1ED7-4CAE-9762-B8664ED008ED}\localserver32 -> C:\Program Files\Shareaza\MediaImageServices.exe (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{0EEA2A0F-AD1F-4555-9827-0DD9335611A4}\localserver32 -> C:\Program Files\Shareaza\WindowsThumbnail.exe (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}\InprocServer32 -> C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{0F74BA53-C842-4CB5-B388-DD5663F62479}\InprocServer32 -> C:\Program Files\Shareaza\Preview.dll (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{18D11ED9-1264-48A1-9E14-20F2C633242B}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{2EE9D739-7726-41cf-8F18-4B1B8763BC63}\InprocServer32 -> C:\Program Files\Shareaza\ImageViewer.dll (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{2F74AA28-2498-4805-911A-04C39858D529}\InprocServer32 -> C:\Program Files\Shareaza\ZIPBuilder.dll (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{30FC662A-D72A-4F79-B63A-ACD4FBFE68A3}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{34791E02-51DC-4CF4-9E34-018166D91D0E}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{3DC28AA6-A597-4E03-96DF-ADA19155B0BE}\localserver32 -> C:\Program Files\Shareaza\MediaPlayer.exe (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{570C197C-FE9C-4D1F-B6E0-EFA44D36399F}\localserver32 -> C:\Program Files\Shareaza\MediaLibraryBuilder.exe (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{61700EEC-D5D3-4793-BD1F-514896D67F44}\InprocServer32 -> C:\Program Files\Shareaza\RatDVDReader.dll (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{6C9E61BE-E58F-4AE1-A304-6FF1D183804C}\InprocServer32 -> C:\Program Files\Shareaza\GFLLibraryBuilder.dll (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{76F13243-9F62-4241-AC07-3B359BBE4EC5}\InprocServer32 -> C:\Program Files\Shareaza\VirusTotal.dll (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{76F13243-9F62-4241-AC07-3B359BBE4EC6}\InprocServer32 -> C:\Program Files\Shareaza\ShortURL.dll (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{A4F1E383-B493-4580-8DB6-5CC89CBAAC53}\InprocServer32 -> C:\Program Files\Shareaza\SkinScanSKS.dll (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{B69F80CD-FB15-45E8-B359-92A41CC571A7}\InprocServer32 -> C:\Program Files\Shareaza\7ZipBuilder.dll (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{B978F591-5137-4612-873A-DC2081BAD6CD}\InprocServer32 -> C:\Program Files\Shareaza\SWFPlugin.dll (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{D73ABD28-3A2A-4E36-AD6F-2AA8F011FBE3}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{E1A67AE5-7041-4AE1-94F7-DE03EF759E27}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{E9B2EF9B-4A0C-451E-801F-257861B87FAD}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{E9F51B1E-DB0F-4EEE-9B36-46151994C715}\InprocServer32 -> C:\Program Files\Shareaza\DocumentReader.dll (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{F801DAD7-F08D-48EF-B0DF-6B120377E835}\InprocServer32 -> C:\Program Files\Shareaza\RARBuilder.dll (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{FC4D8F69-0B18-49BB-8AB7-87EB77AA1A9D}\InprocServer32 -> C:\Program Files\Shareaza\SWFPlugin.dll (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-3161636880-329456100-441217609-1001_Classes\CLSID\{FF5FCD00-2C20-49D8-84F6-888D2E2C95DA}\InprocServer32 -> C:\Program Files\Shareaza\GFLImageServices.dll (Shareaza Development Team)

==================== Restore Points  =========================

20-02-2015 00:30:16 Windows 7 Service Pack 1
21-02-2015 03:00:26 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08251061-8C9E-4F9E-9C93-33ACFCAB6736} - System32\Tasks\{F9576C69-BA64-42CE-8842-189EA62ABA9F} => pcalua.exe -a I:\Setup.exe -d I:\
Task: {08F76391-B9CF-4BE0-B7BA-0CD75FDAAD58} - \Driver Booster SkipUAC (Laura) No Task File <==== ATTENTION
Task: {1891B555-4C37-4979-988A-1B7260EF256E} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2014-01-10] ()
Task: {2E5C040A-1A02-4598-843B-681EC1735B25} - System32\Tasks\{8F158000-C2CC-4C5D-9591-A23BE9C60112} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\setup.exe" -d "C:\Program Files\InstallShield Installation Information\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}"
Task: {36A20614-A150-4C2E-ADDD-4A20FB4B7F5C} - System32\Tasks\{3A5DCAC7-B53A-49CC-AD8C-5D2E00DB4856} => pcalua.exe -a "C:\Program Files\Common Files\Motorola Shared\Mobile Drivers\Motorola Driver Installer.exe" -d "C:\Program Files\Common Files\Motorola Shared\Mobile Drivers\"
Task: {38DB3B4A-13A9-48BD-9636-33C4EC9992CB} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {5EA5C6AB-10A0-42C6-B42E-7AA61E0B899D} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {759C3EE7-4C81-4F91-88DE-CE7F7E2449E1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {835095BE-A1DE-43DB-B2E8-0779607076F3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {86EEFBBD-E8F7-4608-A4AE-10BD2107B920} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {A2413964-91BC-4C84-A816-508DEC800870} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {A45B1DE8-888F-4DF6-BC88-2093CC0939FF} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {ACDDA307-9ADC-44E5-8B90-8EC1F23C591C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {D7D16B22-A9A0-47BF-89A1-DFF45EBD5BA3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {D9ABCF42-8789-49E6-9ADC-5CA81C62EE63} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2013\OneClick.exe [2013-12-10] (TuneUp Software)
Task: {E7F313B0-9544-45D7-83E3-F033CC5261CD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {EB2B8194-AFF3-4106-9C51-91E164F0A046} - System32\Tasks\{EF75C393-DCA7-4157-A2E6-D11990B0763B} => pcalua.exe -a "C:\Program Files\Avira\AntiVir Desktop\setup.exe" -d "C:\Program Files\TuneUp Utilities 2013" -c /REMOVE
Task: {F05B3057-F143-4215-AA01-9FDDEB4CE809} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-10 18:45 - 2013-12-10 18:45 - 00500024 _____ () C:\Program Files\TuneUp Utilities 2013\avgreplibx.dll
2015-02-06 17:16 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-06 17:16 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-06 17:16 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Shareaza_2.7.8.0:Shareaza.GUID
AlternateDataStreams: C:\Users\Laura\Downloads:Shareaza.GUID
AlternateDataStreams: C:\Users\Laura\Downloads\Programme Setups:Shareaza.GUID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3161636880-329456100-441217609-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Catsitter\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\Catsitter\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> C:\Users\Catsitter\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3161636880-329456100-441217609-500 - Administrator - Disabled) => C:\Users\Administrator
ASPNET (S-1-5-21-3161636880-329456100-441217609-1004 - Limited - Enabled)
Catsitter (S-1-5-21-3161636880-329456100-441217609-1005 - Limited - Enabled) => C:\Users\Catsitter
Guest (S-1-5-21-3161636880-329456100-441217609-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3161636880-329456100-441217609-1007 - Limited - Enabled)
Laura (S-1-5-21-3161636880-329456100-441217609-1001 - Administrator - Enabled) => C:\Users\Laura

==================== Faulty Device Manager Devices =============

Name: G:\
Description: SD MS Reader    
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic 
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

Name: H:\
Description: SMC xD Reader   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic 
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

Name: F:\
Description: CF Card Reader  
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic 
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 


==================== Event log errors: =========================

Application errors:
==================
Error: (02/21/2015 03:16:57 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/21/2015 03:05:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/20/2015 09:15:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/20/2015 09:11:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/20/2015 08:29:39 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (02/21/2015 03:09:39 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Windows 7 Service Pack 1 (KB976932).

Error: (02/20/2015 09:26:52 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (02/21/2015 03:16:57 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 1510 series\DriverStore\Yeti\V3\amd64\hpinkinsc111.exe

Error: (02/21/2015 03:05:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 1510 series\DriverStore\Yeti\V3\amd64\hpinkinsc111.exe

Error: (02/20/2015 09:15:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 1510 series\DriverStore\Yeti\V3\amd64\hpinkinsc111.exe

Error: (02/20/2015 09:11:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 1510 series\DriverStore\Yeti\V3\amd64\hpinkinsc111.exe

Error: (02/20/2015 08:29:39 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 1510 series\DriverStore\Yeti\V3\amd64\hpinkinsc111.exe


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X3 440 Processor
Percentage of memory in use: 68%
Total physical RAM: 3327.29 MB
Available physical RAM: 1043.18 MB
Total Pagefile: 6652.86 MB
Available Pagefile: 3685.98 MB
Total Virtual: 3071.88 MB
Available Virtual: 2932.32 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:900.41 GB) (Free:728.81 GB) NTFS
Drive d: (Drive) (Fixed) (Total:30 GB) (Free:29.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=900.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================
         
__________________

Alt 22.02.2015, 08:26   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Pc nach Positive Finds Infektion - Standard

Pc nach Positive Finds Infektion



Bis auf TuneUp, ne Milliarde Addons in den Browsern und 40% unnötiger Einträge auf dem Gerät ist alles gut, also ich seh kein Positive Finds.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.02.2015, 15:03   #5
Nymph
 
Pc nach Positive Finds Infektion - Standard

Pc nach Positive Finds Infektion



Hey Schrauber,

danke für die Mühe.

Freu mich dass meine Vorarbeit wohl nicht so übel war.
Der Addons bin ich mir bewusst, einiges will ich ausprobieren, dann fliegen die auch wieder.

TuneUp, nun fand ich nie ganz schlecht. das geht mit der Meinung hier im Forum auseinander wie ich gesehen habe. Ich bin nicht vom Fach und habe Phasen in denen ich mich einarbeite, aber das Wissen ist auch schnell verflogen, wenn ich wieder zum Alltag übergehe. Da kam mir die simple Bereinigung recht gut entgegen. Gibt es da Alternativen zur regelmässigen leichten Bereinigung, oder ausführlichen Lesestoff darüber? Wenn du da was kennst, nehme ich Tipps gerne an.

Die 40% unnötiger Einträge
Ich fänd es toll sie loszuwerden. Was wären da die Schritte?

Was mich noch besorgt:
Ich bin den Pc auch noch etwas weiter durchgegangen, nach meinen Möglichkeiten, und habe gestern das hier gefunden:

C:/Users/Laura/AppData/Local/DDMSettings/settings.ddi

Die Google Recherche war ziemlich erschreckend, der Eintrag kam nur in Frst oder HijackThis logfiles auf Foren vor von infizierten Rechnern.

Sagt die das was?

Nymph


Alt 22.02.2015, 18:58   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Pc nach Positive Finds Infektion - Standard

Pc nach Positive Finds Infektion



Zitat:
TuneUp, nun fand ich nie ganz schlecht. das geht mit der Meinung hier im Forum auseinander wie ich gesehen habe. Ich bin nicht vom Fach und habe Phasen in denen ich mich einarbeite, aber das Wissen ist auch schnell verflogen, wenn ich wieder zum Alltag übergehe. Da kam mir die simple Bereinigung recht gut entgegen. Gibt es da Alternativen zur regelmässigen leichten Bereinigung, oder ausführlichen Lesestoff darüber? Wenn du da was kennst, nehme ich Tipps gerne an.
Es gibt WIndows On-Boardmittel, für all das. Jegliche 3rd Party Software dafür ist Schwachsinn und ne 1000%ige Steigerung der Chance, den Rechner zu toasten. Allen voran Tune Up. Einfach mal "Tune Up rechner schrott" bei Google eingeben .


Zitat:
Task: {08F76391-B9CF-4BE0-B7BA-0CD75FDAAD58} - \Driver Booster SkipUAC (Laura) No Task File <==== ATTENTION
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll",DllRegisterServer
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll",DllRegisterServer
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer
HKLM\...\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer
HKU\S-1-5-21-3161636880-329456100-441217609-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3161636880-329456100-441217609-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3161636880-329456100-441217609-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3161636880-329456100-441217609-1001\...\Policies\Explorer: []
HKU\S-1-5-21-3161636880-329456100-441217609-1001\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-1001\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: []
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\Explorer: []
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Policies\Explorer: []
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: {7f1d8254-13fa-11e2-b7af-6c626d90f5d1} - I:\Setup.exe
IFEO\appvlp.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\cvh.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\divxcontrolpanellauncher.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\hpwucli.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\icloud.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\iclouddrive.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\icloudweb.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\lync.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\msoev.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\msotd.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\msouc.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\ocpubmgr.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\onenotem.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\setlang.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\sftdde.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\shellstreamsshortcut.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
GroupPolicyUsers\S-1-5-21-3161636880-329456100-441217609-1005\User: Group Policy restriction detected <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No File
URLSearchHook: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - (No Name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No File
URLSearchHook: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 - (No Name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1001 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4B2C0209-C85F-4093-B5F2-112754D6F35A} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_cmi_14_28_ch&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DzytD0FyD0DtCyB0C0AyDtN0D0Tzu0SzytBtDtN1L2XzutBtFtBtCtFtCtCtFtBtN1L1 CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtByDzztCtA0D0EtGyDtC0DyDtGyByDtDtBtGtD0FyD0AtGtA0B0Fzy0FyCzzyE0C0EyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzzzz z0FtBtGtA0A0AzztG0C0EtDtCtG0CtC0E0BtGtDyDtB0D0D0E0CzytDyCtBtB2Q&cr=2143589514&ir=
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111123130204745&tb_oid=23-11-2011&tb_mrud=23-11-2011
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {4B2C0209-C85F-4093-B5F2-112754D6F35A} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_cmi_14_28_ch&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DzytD0FyD0DtCyB0C0AyDtN0D0Tzu0SzytBtDtN1L2XzutBtFtBtCtFtCtCtFtBtN1L1 CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtByDzztCtA0D0EtGyDtC0DyDtGyByDtDtBtGtD0FyD0AtGtA0B0Fzy0FyCzzyE0C0EyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzzzz z0FtBtGtA0A0AzztG0C0EtDtCtG0CtC0E0BtGtDyDtB0D0D0E0CzytDyCtBtB2Q&cr=2143589514&ir=
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111123130204745&tb_oid=23-11-2011&tb_mrud=23-11-2011
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {4B2C0209-C85F-4093-B5F2-112754D6F35A} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_cmi_14_28_ch&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DzytD0FyD0DtCyB0C0AyDtN0D0Tzu0SzytBtDtN1L2XzutBtFtBtCtFtCtCtFtBtN1L1 CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtByDzztCtA0D0EtGyDtC0DyDtGyByDtDtBtGtD0FyD0AtGtA0B0Fzy0FyCzzyE0C0EyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzzzz z0FtBtGtA0A0AzztG0C0EtDtCtG0CtC0E0BtGtDyDtB0D0D0E0CzytDyCtBtB2Q&cr=2143589514&ir=
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111123130204745&tb_oid=23-11-2011&tb_mrud=23-11-2011
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4B2C0209-C85F-4093-B5F2-112754D6F35A} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_cmi_14_28_ch&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DzytD0FyD0DtCyB0C0AyDtN0D0Tzu0SzytBtDtN1L2XzutBtFtBtCtFtCtCtFtBtN1L1 CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtByDzztCtA0D0EtGyDtC0DyDtGyByDtDtBtGtD0FyD0AtGtA0B0Fzy0FyCzzyE0C0EyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzzzz z0FtBtGtA0A0AzztG0C0EtDtCtG0CtC0E0BtGtDyDtB0D0D0E0CzytDyCtBtB2Q&cr=2143589514&ir=
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111123130204745&tb_oid=23-11-2011&tb_mrud=23-11-2011
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {4B2C0209-C85F-4093-B5F2-112754D6F35A} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_cmi_14_28_ch&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DzytD0FyD0DtCyB0C0AyDtN0D0Tzu0SzytBtDtN1L2XzutBtFtBtCtFtCtCtFtBtN1L1 CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtByDzztCtA0D0EtGyDtC0DyDtGyByDtDtBtGtD0FyD0AtGtA0B0Fzy0FyCzzyE0C0EyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzzzz z0FtBtGtA0A0AzztG0C0EtDtCtG0CtC0E0BtGtDyDtB0D0D0E0CzytDyCtBtB2Q&cr=2143589514&ir=
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111123130204745&tb_oid=23-11-2011&tb_mrud=23-11-2011
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {4B2C0209-C85F-4093-B5F2-112754D6F35A} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_cmi_14_28_ch&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DzytD0FyD0DtCyB0C0AyDtN0D0Tzu0SzytBtDtN1L2XzutBtFtBtCtFtCtCtFtBtN1L1 CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtByDzztCtA0D0EtGyDtC0DyDtGyByDtDtBtGtD0FyD0AtGtA0B0Fzy0FyCzzyE0C0EyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzzzz z0FtBtGtA0A0AzztG0C0EtDtCtG0CtC0E0BtGtDyDtB0D0D0E0CzytDyCtBtB2Q&cr=2143589514&ir=
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {63F40060-DE7B-4061-A99E-D270C610D41B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111123130204745&tb_oid=23-11-2011&tb_mrud=23-11-2011
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart Print Helper -> {FD6C6509-FE36-44B0-A917-6C2A0DDBDF88} -> C:\Program Files\Hewlett-Packard\Smart Print 2.7\Espresso.dll (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3161636880-329456100-441217609-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
So aus dem Stehgreif sind das die, die nicht sein müssen, ist vielleicht jetzt die ein oder andere legitime dazwischen, einfach nur mal so als Überblick.

Mich wundert dass deine Browser überhaupt noch starten.
__________________
--> Pc nach Positive Finds Infektion

Alt 22.02.2015, 22:59   #7
Nymph
 
Pc nach Positive Finds Infektion - Standard

Pc nach Positive Finds Infektion



Und die C:/Users/Laura/AppData/Local/DDMSettings/settings.ddi irritiert nicht?

ok, dann hau ich sie raus.

Alt 23.02.2015, 16:47   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Pc nach Positive Finds Infektion - Standard

Pc nach Positive Finds Infektion



Ich hab ja gesagt, bei 3/4 des Logs besteht keine Garantie auf Vollständigkeit
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Pc nach Positive Finds Infektion
anti, avira, beseitigt, betrieb, biete, blick, browser, diverse, downloader, dvdvideosoft free studio, free, free youtube downloader, funde, helfer, infektion, logfiles, malware / spyware, nötig, passwörter, positive finds, poste, rootkit, schön, spuren, thread, unnötig, verloren, youtube, zwischen



Ähnliche Themen: Pc nach Positive Finds Infektion


  1. Positive Finds ads
    Plagegeister aller Art und deren Bekämpfung - 26.02.2015 (10)
  2. Positive Finds infizierter PC nach Installation von Youtube to MP3 Converter
    Plagegeister aller Art und deren Bekämpfung - 25.02.2015 (19)
  3. Ad by positive finds entfernen
    Plagegeister aller Art und deren Bekämpfung - 24.02.2015 (14)
  4. Problem mit Positive Finds Ads
    Plagegeister aller Art und deren Bekämpfung - 24.02.2015 (13)
  5. Positive Finds Ads Virus
    Log-Analyse und Auswertung - 21.02.2015 (23)
  6. Positive Finds ads, ABP
    Log-Analyse und Auswertung - 19.02.2015 (8)
  7. Positive finds
    Plagegeister aller Art und deren Bekämpfung - 15.02.2015 (13)
  8. Positive Finds Ads entfernen
    Plagegeister aller Art und deren Bekämpfung - 15.02.2015 (19)
  9. Positive Finds addware...
    Plagegeister aller Art und deren Bekämpfung - 13.02.2015 (5)
  10. Positive Finds entfernen
    Anleitungen, FAQs & Links - 12.02.2015 (2)
  11. Positive finds
    Plagegeister aller Art und deren Bekämpfung - 12.02.2015 (52)
  12. ads by positive finds
    Plagegeister aller Art und deren Bekämpfung - 08.02.2015 (11)
  13. Positive finds wie löschen?
    Plagegeister aller Art und deren Bekämpfung - 07.02.2015 (20)
  14. Positive Finds
    Plagegeister aller Art und deren Bekämpfung - 04.02.2015 (13)
  15. Positive Finds Ads
    Plagegeister aller Art und deren Bekämpfung - 04.02.2015 (13)
  16. Probleme mit Positive Finds
    Plagegeister aller Art und deren Bekämpfung - 03.02.2015 (23)
  17. Google Chrome funktioniert nicht mehr (nach "Positive finds"-Malwarebekämpfung)
    Plagegeister aller Art und deren Bekämpfung - 01.02.2015 (11)

Zum Thema Pc nach Positive Finds Infektion - Hallo Allerseits Ich hatte mir am 16.02 Positive Finds über den Free Youtube Downloader von DVDVideoSoft zugezogen. Der Pc ist inzwischen frei von Symptomen, doch bevor ich die Passwörter ändere - Pc nach Positive Finds Infektion...
Archiv
Du betrachtest: Pc nach Positive Finds Infektion auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.