Windows 7: Webseiten werden auf Werbung umgeleitet.

franssou · 31.12.2014, 10:07

Liebes Team!

Ich habe seit ca. 3 Wochen folgendes Problem: Beim klicken auf einem Feld in einer Webseite (z.B. um meinen Benutzername einzugeben) öffnet sich sehr oft eine andere Webseite, die meistens mit Partnersuche oder mit Gewinnspielen zu tun hat. Oft öffnet sich auch kein anderes Fenster, dafür erscheinen blinkende Werbungen von Gewinnspielen, die das Arbeiten auf der Webseite unmöglich machen. Ich kenne mich mit Computern nicht gut aus, deshalb habe ich noch nichts unternommen außer einen Schutz (adblock plus) zu installieren, damit keine blöde Werbungen erscheinen. Ich wäre sehr dankbar für eine Hilfe, denn ich kann so nicht arbeiten. Vielen Dank schon jetzt und beste Grüße!

schrauber · 31.12.2014, 11:35

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

franssou · 31.12.2014, 14:50

Hallo,
Anbei die Datei (Addition), ich weiß nicht, was mit der ersten gemeint war, da ich den Scan sofort gemacht habe.
1000 Dank!!

schrauber · 31.12.2014, 18:18

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

franssou · 01.01.2015, 11:28

Alles klar, danke für die Erklärung!

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by france at 2014-12-31 11:45:56
Running from C:\Users\france\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.0.0.19 - Absolute Software)
Adblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: 1.0.0.1152 - Adblocker) <==== ATTENTION
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-2401799719-1369086358-1547908604-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.71.03 - )
Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version:  - ) <==== ATTENTION
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.32.50 - Conexant)
Configuration DivX (HKLM-x32\...\DivX Setup) (Version: 2.6.1.22 - DivX, LLC)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.334 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
DisplayLink Core Software (HKLM\...\{B57D4097-F2FE-4222-BA02-46C6EC8B7944}) (Version: 6.1.35392.0 - DisplayLink Corp.)
Dropbox (HKU\S-1-5-21-2401799719-1369086358-1547908604-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
DVDVideoSoftTB DE Toolbar (HKLM-x32\...\DVDVideoSoftTB_DE Toolbar) (Version: 6.9.0.16 - DVDVideoSoftTB DE)
DVDVideoSoftTB Toolbar (HKLM-x32\...\DVDVideoSoftTB Toolbar) (Version: 6.9.0.16 - DVDVideoSoftTB)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.16 - )
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
FilesFrog Update Checker (HKLM-x32\...\FilesFrog Update Checker) (Version:  - ) <==== ATTENTION
Fingerprint Reader (HKLM\...\{7DD99174-299B-4450-A179-7F27F4C2D042}) (Version: 6.0.200.105 - AuthenTec, Inc.)
Free YouTube Download version 3.1.35.903 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.35.903 - DVDVideoSoft Ltd.)
Free YouTube Downloader 4.0.283 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Integrated Camera Driver Installer Package Ver.1.2.1.16 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.16 - RICOH)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2639 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{520C4DD4-2BC7-409B-BA48-E1A4F832662D}) (Version: 2.1.0.0140 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.0.0.34813 - Intel Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{93F34C5C-ACAA-48F3-9B26-70359A117F12}) (Version: 3.0.12.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{E97F409F-9E1C-42A0-B72D-765A78DF3696}) (Version: 15.01.0000.0830 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Graphics Software (HKLM\...\{A8CAC260-092D-41DA-A38F-73AF4226B021}) (Version: 6.1.35401.0 - Lenovo)
Lenovo Patch Utility (HKLM-x32\...\{A7BB9BBD-DFE4-4276-820A-7CD141FC09E6}) (Version: 1.3.0.007 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{13BD494D-9ACD-420B-A291-E145DED92EF6}) (Version: 2.6.001.00 - Lenovo Group Limited)
Lenovo Solutions for Small Business (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version:  - Intel(R) Corporation)
Lenovo Solutions for Small Business Customizations (HKLM-x32\...\{5B5DEF99-85E9-423D-A1A3-B83202697B09}) (Version: 1.0.0006.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0012.00 - Lenovo Group Limited)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{7F8205DE-DDFA-4156-ADA2-766E9CB4FABC}) (Version: 3.0.0012.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PC Beschleunigen - Vollständige Deinstallation (HKLM\...\PCSU-SL_is1) (Version: 3.1.2 - Speedchecker Limited) <==== ATTENTION
PC Tools Registry Mechanic 11.1 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.1 - PC Tools)
PDF Reader (HKU\S-1-5-21-2401799719-1369086358-1547908604-1000\...\PDF Reader) (Version:  - )
PDF Reader Packages (HKU\S-1-5-21-2401799719-1369086358-1547908604-1000\...\PDF Reader Packages) (Version:  - ) <==== ATTENTION
PhotoFiltre 7 (HKU\S-1-5-21-2401799719-1369086358-1547908604-1000\...\PhotoFiltre 7) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.)
Prezi (HKLM-x32\...\{BD44409B-A691-4B97-B33D-F07E1DE791F3}) (Version: 5.0.8 - Prezi.com)
pricecHop (HKLM-x32\...\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}) (Version: 2.3.0.1931 - ppriicechhop) <==== ATTENTION
PricePeep (HKLM-x32\...\PricePeep) (Version: 2.2.0.3 - betwikx LLC) <==== ATTENTION
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.20 - Lenovo)
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.00.0802 - Lenovo)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29005 - Realtek Semiconductor Corp.)
RemoteComms External Disk Access (HKLM-x32\...\{04FCD5DE-1662-4F99-BDA9-C57212113EF2}) (Version: 1.25.0003 - PLX Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.51.86909 - SugarSync, Inc.)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.65.05.20 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.5.2 - )
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.7.0 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.76 - Lenovo)
TuneUp Utilities 2012 (HKLM-x32\...\TuneUp Utilities 2012) (Version: 12.0.3600.73 - TuneUp Software)
TuneUp Utilities 2012 (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden
Update for PDF Reader (HKU\S-1-5-21-2401799719-1369086358-1547908604-1000\...\DSite) (Version:  - ) <==== ATTENTION
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.11 - VeriSign)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Intel (iaStor) hdc  (11/29/2011 11.0.0.1032) (HKLM\...\64A62163FE43328D13305746CB8BCC93F2DF6545) (Version: 11/29/2011 11.0.0.1032 - Intel)
Windows-Treiberpaket - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (04/02/2012 16.0.5.2) (HKLM\...\76052A6680822C2132A1EB4E64568F3C9591560E) (Version: 04/02/2012 16.0.5.2 - Synaptics)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2401799719-1369086358-1547908604-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\france\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2401799719-1369086358-1547908604-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\france\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2401799719-1369086358-1547908604-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\france\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2401799719-1369086358-1547908604-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\france\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2401799719-1369086358-1547908604-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\france\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2401799719-1369086358-1547908604-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\france\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2401799719-1369086358-1547908604-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\france\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2401799719-1369086358-1547908604-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\france\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2401799719-1369086358-1547908604-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\france\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

26-11-2014 21:02:07 Windows Update
02-12-2014 18:17:29 Windows Update
09-12-2014 14:39:35 Windows Update
11-12-2014 23:12:04 Windows Update
16-12-2014 12:01:57 Windows Update
19-12-2014 20:37:45 Windows Update
20-12-2014 12:13:00 Windows Update
23-12-2014 22:32:40 Windows Update
30-12-2014 12:14:47 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {027A2A22-4B08-456A-8CDB-99AC5236CB87} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-09-03] (Lenovo)
Task: {0A2028C3-616C-4F1F-A560-1BE4BE91E1CA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {10D84718-78DE-4673-BF2E-080F065014FE} - System32\Tasks\RMSchedule => C:\Program Files (x86)\PC Tools Registry Mechanic\RegMech.exe [2012-08-21] (PC Tools)
Task: {1520A64C-48E4-492B-BC77-6434F6B7787E} - System32\Tasks\Digital Sites => C:\Users\france\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {1FA8EF15-0CD6-46BD-A49F-AA7F624AB279} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-09-03] (Lenovo)
Task: {35BEFAB9-8EF4-4848-B0B0-D73BA9FA3718} - System32\Tasks\DSite => C:\Users\france\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe [2013-02-28] () <==== ATTENTION
Task: {362249BF-EC61-4899-8168-B818EBDA2009} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3B9DC40F-CB26-489F-A4D0-CA48621D3633} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {43C79B0D-D1CD-4583-A86A-C577E70FC366} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\PC Beschleunigen\PCSUSD.exe [2012-06-05] () <==== ATTENTION
Task: {5D8D3D74-3FF5-4FEF-9881-CB449505C470} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {716F8A0A-C95B-488F-B124-E12908FC6BED} - System32\Tasks\AllmyappsUpdateTask => c:\users\france\appdata\roaming\allmyapps\allmyappsupdater.exe
Task: {78D5A788-9AE0-4EBE-B82C-40494A6F9EB2} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-02-24] (Lenovo)
Task: {7E08F8FA-A3EF-4796-B8C5-76721C5338B0} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {81269165-7FA1-4963-B31E-2CC593CEECAB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {885FA582-FA5D-476F-A716-F94E21D2423B} - System32\Tasks\RMAutoUpdate => C:\Program Files (x86)\PC Tools Registry Mechanic\SULauncher.exe [2012-08-21] (PC Tools)
Task: {8B9715E1-10EF-4394-83A2-30C3BC1C5B51} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2012-04-11] (Lenovo Group Limited)
Task: {9A7AAAFD-C6D8-4572-91AA-4462B33AF962} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor_shim.exe [2014-09-01] ()
Task: {9C75160D-ACE8-4758-84AB-3A7718097D4B} - System32\Tasks\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-09-03] ()
Task: {9F0DAF29-F1CD-4233-A1FB-BD84B3B4960B} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for france-THINK.france => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {A769A4EE-C474-45CF-A1C4-A5B2D9D47C39} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-09-03] ()
Task: {BF689A01-7D3C-4141-9622-BC1FBFC25BAB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {C1E227A6-67B9-468E-AD61-178F23159107} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-09-25] (Lenovo)
Task: {C3492743-B0DF-4CC0-8926-39A7EA3F8600} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-09-03] ()
Task: {C50A4C1F-07DA-4D64-A671-0CDA8259569B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {D2460024-C2ED-400E-AC06-DE5B9ED6D062} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control
Task: {D3E9F0B1-FA97-4213-871B-4092FA8A1CB7} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2012-05-29] (TuneUp Software)
Task: {DC0945F6-EA28-44D7-92FF-09CA3B828B1A} - System32\Tasks\Browser Manager => Sc.exe start Browser Manager
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\france\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\PC Beschleunigen\PCSUSD.exe <==== ATTENTION
Task: C:\Windows\Tasks\RMAutoUpdate.job => C:\Program Files (x86)\PC Tools Registry Mechanic\SULauncher.exe
Task: C:\Windows\Tasks\RMSchedule.job => C:\Program Files (x86)\PC Tools Registry Mechanic\RegMech.exe

==================== Loaded Modules (whitelisted) =============

2012-09-15 18:42 - 2012-06-05 08:39 - 00289544 _____ () C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe
2012-05-30 06:40 - 2012-03-06 23:49 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2012-10-05 15:22 - 2012-10-05 15:22 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe
2012-10-05 15:22 - 2012-10-05 15:22 - 00151552 _____ () C:\Windows\KMService.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-05-30 06:51 - 2012-04-11 22:16 - 00103936 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2012-05-30 06:41 - 2012-02-01 20:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-05-30 06:47 - 2010-10-26 05:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2012-11-30 03:06 - 2012-11-30 03:06 - 01263512 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2011-12-23 09:24 - 2011-12-23 09:24 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
2013-08-07 03:03 - 2013-08-07 03:03 - 01130792 _____ () C:\Program Files\Lenovo Fingerprint Reader\DataManager.dll
2013-08-07 03:04 - 2013-08-07 03:04 - 00087848 _____ () C:\Program Files\Lenovo Fingerprint Reader\ssutil.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2012-09-15 18:42 - 2012-01-16 21:06 - 00577621 _____ () C:\Program Files (x86)\PC Beschleunigen\sqlite3.dll
2012-05-30 06:57 - 2012-01-17 07:29 - 00030512 ____N () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll
2012-05-30 06:51 - 2011-08-02 03:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2012-05-30 06:51 - 2011-08-02 03:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\france\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-30 12:10 - 2014-12-30 12:10 - 00043008 _____ () c:\users\france\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp00bnlp.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\france\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\france\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\france\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2011-04-05 13:06 - 2011-04-05 13:06 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2011-04-05 13:06 - 2011-04-05 13:06 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2012-11-30 03:07 - 2012-11-30 03:07 - 00100248 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2012-05-30 07:12 - 2012-02-27 12:02 - 00215264 _____ () C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\System.ComponentModel.Composition.dll
2012-05-30 07:12 - 2012-02-27 12:02 - 00051424 _____ () C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\Interop.TaskScheduler.dll
2012-05-30 07:12 - 2012-02-27 12:00 - 00030432 _____ () C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\ProcessPrivileges.dll
2012-05-30 07:12 - 2012-02-27 12:00 - 00215264 _____ () C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\System.ComponentModel.Composition.dll
2012-05-30 07:12 - 2012-02-27 12:00 - 00051424 _____ () C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Interop.TaskScheduler.dll
2012-05-30 07:12 - 2012-02-27 12:00 - 00076000 _____ () C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Interop.WUApiLib.dll
2012-05-30 06:40 - 2012-03-06 23:27 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2011-08-15 19:12 - 2011-08-15 19:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2011-08-15 19:15 - 2011-08-15 19:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 15:41 - 2011-08-17 15:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2011-08-17 15:48 - 2011-08-17 15:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2011-11-25 12:29 - 2011-11-25 12:29 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2011-08-15 19:12 - 2011-08-15 19:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2011-08-17 15:48 - 2011-08-17 15:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2011-08-15 18:23 - 2011-08-15 18:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2011-11-25 12:28 - 2011-11-25 12:28 - 00484352 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2011-11-25 12:42 - 2011-11-25 12:42 - 00499976 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2011-11-25 12:26 - 2011-11-25 12:26 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2011-07-19 15:05 - 2011-07-19 15:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll
2011-07-19 15:04 - 2011-07-19 15:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll
2011-08-15 19:17 - 2011-08-15 19:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-08-20 09:02 - 2014-08-07 04:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-20 09:02 - 2014-08-07 04:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-20 09:02 - 2014-08-07 04:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-20 09:02 - 2014-08-07 04:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-20 09:02 - 2014-08-07 04:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2014-08-20 09:02 - 2014-08-07 04:20 - 14669128 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2401799719-1369086358-1547908604-500 - Administrator - Disabled)
france (S-1-5-21-2401799719-1369086358-1547908604-1000 - Administrator - Enabled) => C:\Users\france
Gast (S-1-5-21-2401799719-1369086358-1547908604-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-2401799719-1369086358-1547908604-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/30/2014 00:19:08 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "E:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (12/30/2014 00:08:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/26/2014 09:07:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/25/2014 06:49:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 10:36:23 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "E:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (12/23/2014 10:26:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 10:23:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 00:09:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/19/2014 08:31:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/18/2014 09:11:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/31/2014 09:28:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst LENOVO.CAMMUTE erreicht.

Error: (12/30/2014 00:11:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (12/30/2014 00:08:36 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎28.‎12.‎2014 um 17:52:31 unerwartet heruntergefahren.

Error: (12/26/2014 09:31:35 PM) (Source: DCOM) (EventID: 10016) (User: france-THINK)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}france-THINKGastS-1-5-21-2401799719-1369086358-1547908604-501LocalHost (unter Verwendung von LRPC)

Error: (12/26/2014 09:31:35 PM) (Source: DCOM) (EventID: 10016) (User: france-THINK)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}france-THINKGastS-1-5-21-2401799719-1369086358-1547908604-501LocalHost (unter Verwendung von LRPC)

Error: (12/26/2014 09:31:35 PM) (Source: DCOM) (EventID: 10016) (User: france-THINK)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}france-THINKGastS-1-5-21-2401799719-1369086358-1547908604-501LocalHost (unter Verwendung von LRPC)

Error: (12/26/2014 09:31:35 PM) (Source: DCOM) (EventID: 10016) (User: france-THINK)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}france-THINKGastS-1-5-21-2401799719-1369086358-1547908604-501LocalHost (unter Verwendung von LRPC)

Error: (12/26/2014 09:31:35 PM) (Source: DCOM) (EventID: 10016) (User: france-THINK)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}france-THINKGastS-1-5-21-2401799719-1369086358-1547908604-501LocalHost (unter Verwendung von LRPC)

Error: (12/26/2014 09:31:35 PM) (Source: DCOM) (EventID: 10016) (User: france-THINK)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}france-THINKGastS-1-5-21-2401799719-1369086358-1547908604-501LocalHost (unter Verwendung von LRPC)

Error: (12/26/2014 09:31:35 PM) (Source: DCOM) (EventID: 10016) (User: france-THINK)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}france-THINKGastS-1-5-21-2401799719-1369086358-1547908604-501LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (12/30/2014 00:19:08 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (12/30/2014 00:08:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/26/2014 09:07:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/25/2014 06:49:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 10:36:23 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (12/23/2014 10:26:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 10:23:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 00:09:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/19/2014 08:31:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/18/2014 09:11:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 70%
Total physical RAM: 3685.47 MB
Available physical RAM: 1098.56 MB
Total Pagefile: 7369.12 MB
Available Pagefile: 3383.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:450.62 GB) (Free:347.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:13.67 GB) (Free:0.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: CE5F41E1)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Liebe Grüße und frohes neues Jahr!

schrauber · 01.01.2015, 11:48

und die FRST.txt?

franssou · 07.01.2015, 16:53

Es tut mir Leid, ich war jetzt eine Woche weg... ohne Computer! Ist die FRST-txt das:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by france (administrator) on FRANCE-THINK on 07-01-2015 15:49:42
Running from C:\Users\france\Downloads
Loaded Profile: france (Available profiles: france & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
() C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Akamai Technologies, Inc.) C:\Users\france\AppData\Local\Akamai\netsession_win.exe
(Somoto) C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\france\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Lenovo) C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe
(Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Akamai Technologies, Inc.) C:\Users\france\AppData\Local\Akamai\netsession_win.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2899216 2012-04-02] (Synaptics Incorporated)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [177936 2012-02-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2012-03-01] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382528 2012-02-24] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [283984 2012-04-10] (Lenovo Group Limited)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-03-06] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [IntelSBA] => C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [4243168 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-30] ()
HKLM-x32\...\Run: [WinampAgent] => "C:\Program Files (x86)\Winamp\winampa.exe"
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [105120 2012-08-21] (PC Tools)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2401799719-1369086358-1547908604-1000\...\Run: [PCSpeedUp] => C:\Program Files (x86)\PC Beschleunigen\PCSUNotifier.exe [188680 2012-06-05] ()
HKU\S-1-5-21-2401799719-1369086358-1547908604-1000\...\Run: [Akamai NetSession Interface] => C:\Users\france\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2401799719-1369086358-1547908604-1000\...\Run: [GoogleChromeAutoLaunch_F0EF0F65A2238D96E95C3460BB8719E4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-08-07] (Google Inc.)
HKU\S-1-5-21-2401799719-1369086358-1547908604-1000\...\Run: [SDP] => C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe [201808 2013-01-31] (Somoto)
HKU\S-1-5-21-2401799719-1369086358-1547908604-1000\...\Run: [Apps Hat] => C:\Users\france\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
HKU\S-1-5-21-2401799719-1369086358-1547908604-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911032 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-2401799719-1369086358-1547908604-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-2401799719-1369086358-1547908604-1000\...\MountPoints2: {d8e49e93-aa18-11e1-8e3c-806e6f6e6963} - Q:\LenovoQDrive.exe
AppInit_DLLs: C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll File Not Found
AppInit_DLLs-x32: c:\progra~2\movies~1\datamngr\mgrldr.dll => "c:\progra~2\movies~1\datamngr\mgrldr.dll" File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\france\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\france\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\france\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://start.mysearchdial.com/?f=1&a=irmsd54&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtB0E0DyDyC0C0FtA0DzytN0D0Tzu0SyDtCyDtN1L2XzutBtFtBtFtAtFyCzzzytN1L1Czu1L1C1H1B1QyDyE&cr=1982805441&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://start.mysearchdial.com/?f=1&a=irmsd54&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtB0E0DyDyC0C0FtA0DzytN0D0Tzu0SyDtCyDtN1L2XzutBtFtBtFtAtFyCzzzytN1L1Czu1L1C1H1B1QyDyE&cr=1982805441&ir=
HKU\S-1-5-21-2401799719-1369086358-1547908604-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-2401799719-1369086358-1547908604-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=AT&userid=cdcda9d2-8613-af65-6601-5a50413d73bd&searchtype=hp&installDate=01/08/2013
HKU\S-1-5-21-2401799719-1369086358-1547908604-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=AT&userid=cdcda9d2-8613-af65-6601-5a50413d73bd&searchtype=ds&q={searchTerms}&installDate=01/08/2013
HKU\S-1-5-21-2401799719-1369086358-1547908604-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-2401799719-1369086358-1547908604-1000\Software\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=113480&tt=120912_cpc_3712_6&babsrc=HP_ss&mntrId=a86cf3d9000000000000b888e32ed56c
HKU\S-1-5-21-2401799719-1369086358-1547908604-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=113480&tt=120912_cpc_3712_6&babsrc=HP_ss&mntrId=a86cf3d9000000000000b888e32ed56c
HKU\S-1-5-21-2401799719-1369086358-1547908604-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=AT&userid=cdcda9d2-8613-af65-6601-5a50413d73bd&searchtype=ds&q={searchTerms}&installDate=01/08/2013
HKU\S-1-5-21-2401799719-1369086358-1547908604-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKLM-x32 - (No Name) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No File
URLSearchHook: HKLM-x32 - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
SearchScopes: HKLM -> DefaultScope {1FCDD8D6-E3A7-4897-8838-A347586FE259} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {1D769115-D597-ED7D-40A5-725D59CA10F7} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=4225912363924870&q={searchTerms}
SearchScopes: HKLM -> {1FCDD8D6-E3A7-4897-8838-A347586FE259} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=394&systemid=406&v=a9396-121&apn_uid=4225912363924870&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=AT&userid=cdcda9d2-8613-af65-6601-5a50413d73bd&searchtype=ds&q={searchTerms}&installDate=01/08/2013
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=AT&userid=cdcda9d2-8613-af65-6601-5a50413d73bd&searchtype=ds&q={searchTerms}&installDate=01/08/2013
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=394&systemid=406&v=a9396-121&apn_uid=4225912363924870&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2401799719-1369086358-1547908604-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=AT&userid=cdcda9d2-8613-af65-6601-5a50413d73bd&searchtype=ds&q={searchTerms}&installDate=01/08/2013
SearchScopes: HKU\S-1-5-21-2401799719-1369086358-1547908604-1000 -> BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-2401799719-1369086358-1547908604-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-2401799719-1369086358-1547908604-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=AT&userid=cdcda9d2-8613-af65-6601-5a50413d73bd&searchtype=ds&q={searchTerms}&installDate=01/08/2013
SearchScopes: HKU\S-1-5-21-2401799719-1369086358-1547908604-1000 -> {1FCDD8D6-E3A7-4897-8838-A347586FE259} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2401799719-1369086358-1547908604-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2401799719-1369086358-1547908604-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=394&systemid=406&v=a9396-121&apn_uid=4225912363924870&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: No Name -> {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} ->  No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: No Name -> {2EECD738-5844-4a99-B4B6-146BF802613B} ->  No File
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Search-Results Toolbar -> {377e5d4d-77e5-476a-8716-7e70a9272da0} -> C:\PROGRA~2\SEARCH~2\Datamngr\SRTOOL~1\searchresultsDx.dll No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: No Name -> {872b5b88-9db5-4310-bdd0-ac189557e5f5} ->  No File
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Searchqu Toolbar -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: PricePeep -> {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} -> C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
Toolbar: HKLM - TrueSuite Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL (AuthenTec Inc.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - TrueSuite Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.)
Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
Toolbar: HKLM-x32 - Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~2\SEARCH~2\Datamngr\SRTOOL~1\searchresultsDx.dll No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKU\S-1-5-21-2401799719-1369086358-1547908604-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2401799719-1369086358-1547908604-1000 -> No Name - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} -  No File
Toolbar: HKU\S-1-5-21-2401799719-1369086358-1547908604-1000 -> No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 195.58.160.194 195.58.161.122

FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll (AuthenTec, Inc)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-12-22]
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2012-05-30]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\france\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-09]
CHR Extension: (Google Drive) - C:\Users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-09]
CHR Extension: (YouTube) - C:\Users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-09]
CHR Extension: (McAfee Security Scan+) - C:\Users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-22]
CHR Extension: (Adblock Plus) - C:\Users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-26]
CHR Extension: (Browser Extension) - C:\Users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd [2014-08-22]
CHR Extension: (Website Logon) - C:\Users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\clglhglbidpdbjffpfcldkifhdegdfle [2014-02-26]
CHR Extension: (Google-Suche) - C:\Users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-09]
CHR Extension: (AdBlock) - C:\Users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-26]
CHR Extension: (prriicechop) - C:\Users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh [2014-08-22]
CHR Extension: (Skype Click to Call) - C:\Users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-08-29]
CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2012-09-15]
CHR Extension: (Google Wallet) - C:\Users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-12-24]
CHR Extension: (Google Mail) - C:\Users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-09]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\france\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2013-05-30]
CHR HKU\S-1-5-21-2401799719-1369086358-1547908604-1000\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\france\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-09-15]
CHR HKU\S-1-5-21-2401799719-1369086358-1547908604-1000\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\france\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2013-05-30]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [clglhglbidpdbjffpfcldkifhdegdfle] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2013-04-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\france\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2013-05-30]
CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8447848 2011-11-09] (DisplayLink Corp.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2139944 2013-08-07] (AuthenTec, Inc)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-06] ()
R2 Intel(R) Small Business Advantage; C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [49376 2012-02-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation)
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2012-10-05] () [File not signed]
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [175440 2012-04-10] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-09-03] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 PCSUService; C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe [289544 2012-06-05] ()
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401704 2013-07-22] (AuthenTec, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-10] (Symantec Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
S3 OXSDIDRV_x64; C:\Windows\System32\DRIVERS\OXSDIDRV_x64.sys [51760 2009-09-28] ()
S3 OXUDIDRV; C:\Windows\system32\Drivers\OXUDIDRV_X64.sys [31280 2010-05-25] ()
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 15:48 - 2015-01-07 15:48 - 00000000 ____D () C:\Users\france\Downloads\FRST-OlderVersion
2015-01-01 11:20 - 2015-01-01 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fingerprint Reader
2014-12-31 11:53 - 2014-12-31 11:53 - 00040287 _____ () C:\Users\france\Desktop\FRST Editor Addition.txt
2014-12-31 11:43 - 2014-12-31 11:46 - 00040287 _____ () C:\Users\france\Downloads\Addition.txt
2014-12-31 11:42 - 2015-01-07 15:49 - 00036199 _____ () C:\Users\france\Downloads\FRST.txt
2014-12-31 11:42 - 2015-01-07 15:49 - 00000000 ____D () C:\FRST
2014-12-31 11:39 - 2015-01-07 15:48 - 02124288 _____ (Farbar) C:\Users\france\Downloads\FRST64.exe
2014-12-23 22:28 - 2014-12-23 22:28 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-19 20:40 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-19 20:40 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-12 09:18 - 2014-12-12 09:18 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 23:14 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 23:14 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 23:14 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-11 23:14 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-11 23:14 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-11 23:14 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-11 23:14 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-11 23:14 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-11 23:14 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-11 23:14 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-11 15:12 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 15:12 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 15:12 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 15:12 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 15:12 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 15:12 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 15:12 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 15:12 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 15:12 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 15:12 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 15:12 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 15:12 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 15:12 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 15:12 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 15:12 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 15:12 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 15:12 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 15:12 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 15:12 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 15:12 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 15:12 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 15:12 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 15:12 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 15:12 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 15:12 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 15:12 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 15:12 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 15:12 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 15:12 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 15:12 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 15:12 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 15:12 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 15:12 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 15:12 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 15:12 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 15:12 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 15:12 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 15:12 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 15:12 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 15:12 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 15:12 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 15:12 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 15:12 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 15:12 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 15:12 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 15:12 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 15:12 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 15:12 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 15:12 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 15:12 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 15:12 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 15:12 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 15:12 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 15:12 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 10:23 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 10:23 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 10:23 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 10:23 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 10:23 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 10:23 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 10:23 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 10:23 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 10:22 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 10:22 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 10:22 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 09:56 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 09:56 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-11 09:56 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 09:56 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-11 09:56 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 09:56 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 09:56 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 09:56 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 09:56 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 09:56 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-11 09:56 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 09:56 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-11 09:56 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-11 09:56 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 15:35 - 2014-02-16 12:35 - 00000296 _____ () C:\Windows\Tasks\Digital Sites.job
2015-01-07 15:33 - 2012-05-30 07:01 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-07 15:24 - 2012-05-30 06:35 - 01543650 _____ () C:\Windows\WindowsUpdate.log
2015-01-07 14:27 - 2009-07-14 05:51 - 00159912 _____ () C:\Windows\setupact.log
2015-01-07 14:17 - 2013-06-19 15:12 - 00000000 ___RD () C:\Users\france\Dropbox
2015-01-07 14:17 - 2013-06-19 15:08 - 00000000 ____D () C:\Users\france\AppData\Roaming\Dropbox
2015-01-07 14:17 - 2012-12-23 13:51 - 00000286 _____ () C:\Windows\Tasks\RMAutoUpdate.job
2015-01-07 14:17 - 2012-12-23 13:50 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-07 14:17 - 2012-12-23 13:50 - 00000000 ____D () C:\Program Files (x86)\PC Tools Registry Mechanic
2015-01-07 14:17 - 2012-05-30 07:01 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-07 14:17 - 2012-05-30 06:40 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-01-07 12:41 - 2009-07-14 05:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-07 12:41 - 2009-07-14 05:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-04 21:30 - 2014-04-27 08:47 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\vlc
2015-01-04 19:00 - 2012-12-23 13:51 - 00000286 _____ () C:\Windows\Tasks\RMSchedule.job
2015-01-04 18:58 - 2012-05-30 16:24 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2015-01-04 18:58 - 2012-05-30 16:24 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2015-01-04 18:58 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-04 18:55 - 2012-09-15 18:42 - 00000000 ____D () C:\Program Files (x86)\PC Beschleunigen
2015-01-04 18:52 - 2014-08-22 17:28 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-01-04 18:52 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-01 16:09 - 2012-05-30 06:40 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-01-01 11:20 - 2012-09-27 16:43 - 00000000 ____D () C:\Users\france\AppData\Local\CrashDumps
2014-12-31 22:17 - 2012-12-23 19:07 - 00000416 _____ () C:\Windows\SysWOW64\AppLog.log
2014-12-31 16:34 - 2012-09-15 18:42 - 00000362 _____ () C:\Windows\Tasks\PC SpeedUp Service Deactivator.job
2014-12-31 15:34 - 2014-08-22 17:30 - 00000000 ____D () C:\Program Files (x86)\Adblocker
2014-12-31 15:34 - 2014-08-22 17:29 - 00000000 ____D () C:\Program Files (x86)\pricecHop
2014-12-26 21:15 - 2014-04-27 13:32 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\dvdcss
2014-12-20 22:45 - 2013-07-31 11:35 - 00000240 _____ () C:\Users\france\AppData\Roaming\WB.CFG
2014-12-17 16:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 09:29 - 2013-04-04 15:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-12 09:18 - 2014-05-08 15:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-12 09:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-12 09:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 23:20 - 2013-07-15 21:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 23:16 - 2012-10-05 16:05 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 23:16 - 2012-10-05 14:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 10:13 - 2014-01-23 21:42 - 00001036 _____ () C:\Users\france\Desktop\Dropbox.lnk
2014-12-10 10:13 - 2014-01-23 21:39 - 00000000 ____D () C:\Users\france\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-09 21:36 - 2012-08-28 19:39 - 00000000 ____D () C:\Users\france\AppData\Roaming\Skype

Some content of TEMP:
====================
C:\Users\france\AppData\Local\Temp\67500uninstall.exe
C:\Users\france\AppData\Local\Temp\7z920.exe
C:\Users\france\AppData\Local\Temp\a2zLyrics_1060-8102_v122.exe
C:\Users\france\AppData\Local\Temp\appshat-distribution.exe
C:\Users\france\AppData\Local\Temp\BabylonTB.exe
C:\Users\france\AppData\Local\Temp\BI_RunOnce (1).exe
C:\Users\france\AppData\Local\Temp\BI_RunOnce.exe
C:\Users\france\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\france\AppData\Local\Temp\Delta.exe
C:\Users\france\AppData\Local\Temp\DeltaTB.exe
C:\Users\france\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwyzt52.dll
C:\Users\france\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\france\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
C:\Users\france\AppData\Local\Temp\ICReinstall_FreeYouTubeDownloaderInstallerIC.exe
C:\Users\france\AppData\Local\Temp\installhelper.dll
C:\Users\france\AppData\Local\Temp\MybabylonTB.exe
C:\Users\france\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\france\AppData\Local\Temp\propsys.dll
C:\Users\france\AppData\Local\Temp\QtraxNotification.exe
C:\Users\france\AppData\Local\Temp\sdpupdater.exe
C:\Users\france\AppData\Local\Temp\Setup.exe
C:\Users\france\AppData\Local\Temp\SkypeSetup.exe
C:\Users\france\AppData\Local\Temp\Sqlite3.dll
C:\Users\france\AppData\Local\Temp\sqlite3.exe
C:\Users\france\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\france\AppData\Local\Temp\TB_EAB4.exe
C:\Users\france\AppData\Local\Temp\TB_EBBD.exe
C:\Users\france\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\france\AppData\Local\Temp\WSSetup.exe
C:\Users\france\AppData\Local\Temp\YontooSetup-S.exe
C:\Users\france\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_1609.exe
C:\Users\france\AppData\Local\Temp\{5CD40E52-6825-40FA-827D-4D5A508F8228}-35.0.1916.114_chrome_installer.exe
C:\Users\france\AppData\Local\Temp\{66B451BB-81A7-49AF-AE70-73C99C598074}-35.0.1916.114_chrome_installer.exe
C:\Users\france\AppData\Local\Temp\{93E8F94D-8E2C-4A25-B43E-936C1C3D6C68}-35.0.1916.114_chrome_installer.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-26 21:37

==================== End Of Log ============================

--- --- ---

? Sorry, ich kenne mich wirklich nichts aus...
1000 Dank!

schrauber · 07.01.2015, 18:12

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

Adblocker

Bundled software uninstaller

FilesFrog Update Checker

PC Beschleunigen - Vollständige Deinstallation (HKLM\...\PCSU-SL_is1) (Version: 3.1.2 - Speedchecker Limited) <==== ATTENTION

PDF Reader Packages

pricecHop

PricePeep

Update for PDF Reader
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

franssou · 10.01.2015, 00:24

Hallo, hier die Combofix.txt, 1. Teil:

Code:

ATTFilter

ComboFix 15-01-08.01 - france 09/01/2015  12:10:11.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3685.1631 [GMT 1:00]
ausgeführt von:: c:\users\france\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Adblocker
c:\program files (x86)\Adblocker\DQg1.dat
c:\program files (x86)\Adblocker\DQg1.tlb
c:\program files (x86)\Search Results Toolbar\Datamngr
c:\program files (x86)\Search Results Toolbar\Datamngr\del_DM_DLL_nsx9FAF.dll
c:\program files (x86)\Search Results Toolbar\Datamngr\del_mg_nsx9FAF.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_amazon.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_games.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\manifest.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe
c:\program files\Lenovo\Lenovo Solution Center\Microsoft Fix it\FixitUi\_desktop.ini
c:\programdata\Amazon.ico
c:\programdata\ntuser.pol
c:\programdata\Roaming
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\cmWB5E4LK.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\fmYLCi.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\HkXiVw.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\DcvsXIXGo4.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\t.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\TvY.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\cmWB5E4LK.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\fmYLCi.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\HkXiVw.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\DcvsXIXGo4.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\t.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\TvY.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\cmWB5E4LK.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\fmYLCi.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\HkXiVw.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\DcvsXIXGo4.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\t.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\TvY.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\cmWB5E4LK.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\fmYLCi.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\HkXiVw.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\DcvsXIXGo4.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\t.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\TvY.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\cmWB5E4LK.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\fmYLCi.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\HkXiVw.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\DcvsXIXGo4.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\t.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\TvY.js
c:\users\france\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd
c:\users\france\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\background.html
c:\users\france\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\cmWB5E4LK.js
c:\users\france\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\content.js
c:\users\france\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\fmYLCi.js
c:\users\france\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\HkXiVw.js
c:\users\france\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\lsdb.js
c:\users\france\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\manifest.json
c:\users\france\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh
c:\users\france\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\background.html
c:\users\france\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\content.js
c:\users\france\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\DcvsXIXGo4.js
c:\users\france\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\lsdb.js
c:\users\france\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\manifest.json
c:\users\france\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\t.js
c:\users\france\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\TvY.js
c:\users\france\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd
c:\users\france\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\background.html
c:\users\france\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\cmWB5E4LK.js
c:\users\france\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\content.js
c:\users\france\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\fmYLCi.js
c:\users\france\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\HkXiVw.js
c:\users\france\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\lsdb.js
c:\users\france\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\manifest.json
c:\users\france\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh
c:\users\france\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\background.html
c:\users\france\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\content.js
c:\users\france\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\DcvsXIXGo4.js
c:\users\france\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\lsdb.js
c:\users\france\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\manifest.json
c:\users\france\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\t.js
c:\users\france\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\TvY.js
c:\users\france\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd
c:\users\france\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\background.html
c:\users\france\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\cmWB5E4LK.js
c:\users\france\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\content.js
c:\users\france\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\fmYLCi.js
c:\users\france\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\HkXiVw.js
c:\users\france\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\lsdb.js
c:\users\france\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\manifest.json
c:\users\france\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh
c:\users\france\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\background.html
c:\users\france\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\content.js
c:\users\france\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\DcvsXIXGo4.js
c:\users\france\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\lsdb.js
c:\users\france\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\manifest.json
c:\users\france\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\t.js
c:\users\france\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\TvY.js
c:\users\france\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
c:\users\france\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences
c:\users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd
c:\users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\background.html
c:\users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\cmWB5E4LK.js
c:\users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\content.js
c:\users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\fmYLCi.js
c:\users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\HkXiVw.js
c:\users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\lsdb.js
c:\users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\manifest.json
c:\users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh
c:\users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\background.html
c:\users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\content.js
c:\users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\DcvsXIXGo4.js
c:\users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\lsdb.js
c:\users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\manifest.json
c:\users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\t.js
c:\users\france\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\TvY.js
c:\users\france\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cgmnfnmlficgeijcalkgnnkigkefkbhd\CURRENT
c:\users\france\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cgmnfnmlficgeijcalkgnnkigkefkbhd\LOG.old
c:\users\france\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opbmllipcpmcmemjhoplfinhehfjaejp\CURRENT
c:\users\france\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opbmllipcpmcmemjhoplfinhehfjaejp\LOG.old
c:\users\france\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cgmnfnmlficgeijcalkgnnkigkefkbhd_0.localstorage-journal
c:\users\france\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cgmnfnmlficgeijcalkgnnkigkefkbhd_0.localstorage
c:\users\france\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_opbmllipcpmcmemjhoplfinhehfjaejp_0.localstorage-journal
c:\users\france\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_opbmllipcpmcmemjhoplfinhehfjaejp_0.localstorage
c:\users\france\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\france\AppData\Local\Temp\SimpleTap\assembly\dl3\0a8966d3\00beb143_af32cd01\Groupon.dll
c:\users\france\AppData\Local\Temp\SimpleTap\assembly\dl3\0e1ace38\00263b4d_af32cd01\MessageCenterPlus.dll
c:\users\france\AppData\Local\Temp\SimpleTap\assembly\dl3\1c166b58\0056283a_af32cd01\EvernoteLauncher.dll
c:\users\france\AppData\Local\Temp\SimpleTap\assembly\dl3\1f4d260f\00b08a3c_af32cd01\SimpleTapAppStoreAddon.dll
c:\users\france\AppData\Local\Temp\SimpleTap\assembly\dl3\2bef1732\00536c4e_af32cd01\MSOffice.dll
c:\users\france\AppData\Local\Temp\SimpleTap\assembly\dl3\2c6eb264\00e07729_af32cd01\DisplayBrightnessApi.dll
c:\users\france\AppData\Local\Temp\SimpleTap\assembly\dl3\52b10daa\0083593b_af32cd01\AccuWeatherTile.dll
c:\users\france\AppData\Local\Temp\SimpleTap\assembly\dl3\830fc486\00bc6f59_da08cd01\Flickr.dll
c:\users\france\AppData\Local\Temp\SimpleTap\assembly\dl3\8687fd92\00b5955e_d6d9cc01\AccuWeatherTile.resources.DLL
c:\users\france\AppData\Local\Temp\SimpleTap\assembly\dl3\8903095e\00ebe244_af32cd01\LenovoMusic.dll
c:\users\france\AppData\Local\Temp\SimpleTap\assembly\dl3\9559a255\0029f738_af32cd01\Chrome.dll
c:\users\france\AppData\Local\Temp\SimpleTap\assembly\dl3\a3c68256\00480133_af32cd01\ScreenRotate.dll
c:\users\france\AppData\Local\Temp\SimpleTap\assembly\dl3\a5a7ac6b\007fe0f8_d908cd01\KeyboardLightApi.dll
c:\users\france\AppData\Local\Temp\SimpleTap\assembly\dl3\a9c50827\00809d4f_af32cd01\Skype.dll
c:\users\france\AppData\Local\Temp\SimpleTap\assembly\dl3\aed308da\00e169d7_ea00cd01\SugarSync.SimpleTapAddons.FileManager.dll
c:\users\france\AppData\Local\Temp\SimpleTap\assembly\dl3\afa0e475\00b5955e_d6d9cc01\AccuWeatherTile.resources.DLL
c:\users\france\AppData\Local\Temp\SimpleTap\assembly\dl3\b754874b\00671b6a_cde0cc01\NewsTile.dll
c:\users\france\AppData\Local\Temp\SimpleTap\assembly\dl3\b8aee0ed\00beb143_af32cd01\Kayak.dll
c:\users\france\AppData\Local\Temp\SimpleTap\assembly\dl3\c2fac127\00ccd84a_af32cd01\LenovoTV.dll
c:\users\france\AppData\Local\Temp\SimpleTap\assembly\dl3\cc45e6a0\0056283a_af32cd01\InternetExplorer.dll
c:\users\france\AppData\Local\Temp\SimpleTap\assembly\dl3\ccc17ca3\00753234_af32cd01\Biztree.dll
c:\users\france\AppData\Local\Temp\SimpleTap\assembly\dl3\d5c1dc75\00727648_af32cd01\LenovoSolutionCenter.dll
c:\users\france\AppData\Local\Temp\SimpleTap\assembly\dl3\e5c27d32\0083593b_af32cd01\PriceGrabber.dll
c:\users\france\AppData\Local\Temp\SimpleTap\assembly\dl3\e82b7cc2\00b34628_af32cd01\CoreAudioApi.dll
c:\users\france\AppData\Local\Temp\SimpleTap\assembly\dl3\e83d7839\00a26335_af32cd01\BlankTheme.dll
c:\users\france\AppData\Local\Temp\SimpleTap\assembly\dl3\f092739e\003ada2b_af32cd01\WirelessApi.dll
c:\users\france\AppData\Local\Temp\SimpleTap\assembly\dl3\f94f13dd\00809d4f_af32cd01\Wikipedia.dll
c:\users\france\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd
c:\users\france\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\background.html
c:\users\france\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\cmWB5E4LK.js
c:\users\france\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\content.js
c:\users\france\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\fmYLCi.js
c:\users\france\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\HkXiVw.js
c:\users\france\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\lsdb.js
c:\users\france\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\manifest.json
c:\users\france\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh
c:\users\france\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\background.html
c:\users\france\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\content.js
c:\users\france\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\DcvsXIXGo4.js
c:\users\france\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\lsdb.js
c:\users\france\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\manifest.json
c:\users\france\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\t.js
c:\users\france\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\TvY.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\background.html
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\cmWB5E4LK.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\content.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\fmYLCi.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\HkXiVw.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\lsdb.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\manifest.json
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\background.html
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\content.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\DcvsXIXGo4.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\lsdb.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\manifest.json
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\t.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\TvY.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\background.html
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\cmWB5E4LK.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\content.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\fmYLCi.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\HkXiVw.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\lsdb.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\manifest.json
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\background.html
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\content.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\DcvsXIXGo4.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\lsdb.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\manifest.json
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\t.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\TvY.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\background.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\cmWB5E4LK.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\content.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\fmYLCi.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\HkXiVw.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\background.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\content.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\DcvsXIXGo4.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\t.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\TvY.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\background.html
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\cmWB5E4LK.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\content.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\fmYLCi.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\HkXiVw.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\background.html
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\content.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\DcvsXIXGo4.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\t.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\TvY.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_abfopgciigojcegkoldibademghcebfg_0.localstorage-journal
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_abfopgciigojcegkoldibademghcebfg_0.localstorage
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cgmnfnmlficgeijcalkgnnkigkefkbhd_0.localstorage-journal
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cgmnfnmlficgeijcalkgnnkigkefkbhd_0.localstorage
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\background.html
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\cmWB5E4LK.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\content.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\fmYLCi.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\HkXiVw.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\lsdb.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\manifest.json
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\background.html
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\content.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\DcvsXIXGo4.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\lsdb.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\manifest.json
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\t.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\TvY.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\background.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\cmWB5E4LK.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\content.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\fmYLCi.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\HkXiVw.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\background.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\content.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\DcvsXIXGo4.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\t.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\TvY.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\cmWB5E4LK.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\fmYLCi.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\HkXiVw.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\DcvsXIXGo4.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\t.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\TvY.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\cmWB5E4LK.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\fmYLCi.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\HkXiVw.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\DcvsXIXGo4.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\t.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\TvY.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\cmWB5E4LK.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\fmYLCi.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\HkXiVw.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\DcvsXIXGo4.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\t.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\TvY.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\cmWB5E4LK.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\fmYLCi.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\HkXiVw.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\155\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\DcvsXIXGo4.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\t.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kblkbodmodfgcmehlgbehmabelfnkjmh\3.9\TvY.js
Q:\AUTORUN.INF

franssou · 10.01.2015, 00:27

2. Teil:

Code:

ATTFilter

.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-12-09 bis 2015-01-09  ))))))))))))))))))))))))))))))
.
.
2015-01-09 17:50 . 2015-01-09 17:50	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD7481B0-EADC-4098-8DF8-73096D9168AA}\offreg.dll
2015-01-09 17:38 . 2015-01-09 17:38	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2015-01-09 11:00 . 2015-01-09 11:00	--------	d-sh--w-	c:\users\france\AppData\Local\EmieUserList
2015-01-09 11:00 . 2015-01-09 11:00	--------	d-sh--w-	c:\users\france\AppData\Local\EmieSiteList
2015-01-09 11:00 . 2015-01-09 11:00	--------	d-sh--w-	c:\users\france\AppData\Local\EmieBrowserModeList
2015-01-09 10:04 . 2015-01-09 10:21	--------	d-----w-	c:\programdata\Reimage Protector
2015-01-09 10:04 . 2015-01-09 10:21	--------	d-----w-	c:\program files\Reimage
2015-01-09 10:04 . 2015-01-09 10:22	--------	d-----w-	C:\rei
2014-12-31 10:42 . 2015-01-07 14:50	--------	d-----w-	C:\FRST
2014-12-19 19:40 . 2014-12-13 05:09	144384	----a-w-	c:\windows\system32\ieUnatt.exe
2014-12-19 19:40 . 2014-12-13 03:33	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-12-12 08:18 . 2014-12-12 08:18	--------	d-----w-	c:\windows\system32\appraiser
2014-12-11 22:14 . 2014-10-18 01:33	3209728	----a-w-	c:\windows\SysWow64\mf.dll
2014-12-11 22:14 . 2014-07-07 02:06	206848	----a-w-	c:\windows\system32\mfps.dll
2014-12-11 22:14 . 2014-07-07 02:06	55808	----a-w-	c:\windows\system32\rrinstaller.exe
2014-12-11 22:14 . 2014-07-07 02:06	24576	----a-w-	c:\windows\system32\mfpmp.exe
2014-12-11 22:14 . 2014-07-07 02:02	2048	----a-w-	c:\windows\system32\mferror.dll
2014-12-11 22:14 . 2014-07-07 01:40	103424	----a-w-	c:\windows\SysWow64\mfps.dll
2014-12-11 22:14 . 2014-07-07 01:39	50176	----a-w-	c:\windows\SysWow64\rrinstaller.exe
2014-12-11 22:14 . 2014-07-07 01:39	23040	----a-w-	c:\windows\SysWow64\mfpmp.exe
2014-12-11 22:14 . 2014-07-07 01:37	2048	----a-w-	c:\windows\SysWow64\mferror.dll
2014-12-11 22:14 . 2014-10-18 02:05	4121600	----a-w-	c:\windows\system32\mf.dll
2014-12-11 09:23 . 2014-12-04 02:50	192000	----a-w-	c:\windows\system32\aepic.dll
2014-12-11 09:23 . 2014-12-04 02:44	1083392	----a-w-	c:\windows\system32\aeinv.dll
2014-12-11 09:23 . 2014-12-01 23:28	1232040	----a-w-	c:\windows\system32\aitstatic.exe
2014-12-11 09:23 . 2014-12-04 02:50	413184	----a-w-	c:\windows\system32\generaltel.dll
2014-12-11 09:23 . 2014-12-04 02:50	741376	----a-w-	c:\windows\system32\invagent.dll
2014-12-11 09:23 . 2014-12-04 02:50	396800	----a-w-	c:\windows\system32\devinv.dll
2014-12-11 09:23 . 2014-12-04 02:50	227328	----a-w-	c:\windows\system32\aepdu.dll
2014-12-11 09:22 . 2014-11-11 03:09	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-12-11 09:22 . 2014-11-11 02:44	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-12-11 09:22 . 2014-11-11 01:46	119296	----a-w-	c:\windows\system32\drivers\tdx.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-06 03:36 . 2010-11-21 03:27	298120	------w-	c:\windows\system32\MpSigStub.exe
2014-12-11 22:16 . 2012-10-05 15:05	112710672	----a-w-	c:\windows\system32\MRT.exe
2014-11-19 03:26 . 2014-11-19 03:26	1614504	----a-w-	c:\windows\system32\FM20.DLL
2014-11-11 03:08 . 2014-11-18 23:28	241152	----a-w-	c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-18 23:28	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-18 23:28	186880	----a-w-	c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-18 23:28	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-10-25 01:57 . 2014-11-15 09:54	77824	----a-w-	c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-15 09:54	67584	----a-w-	c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-15 09:49	861696	----a-w-	c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-15 09:49	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16 . 2014-11-15 10:00	155064	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-15 10:00	683520	----a-w-	c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-15 09:49	3241984	----a-w-	c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-15 10:00	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-15 10:00	146432	----a-w-	c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-15 10:00	681984	----a-w-	c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-15 10:00	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-15 09:49	2363904	----a-w-	c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-15 10:00	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-15 10:00	146432	----a-w-	c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-15 10:00	681984	----a-w-	c:\windows\SysWow64\adtschema.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\france\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\france\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\france\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\france\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\france\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\france\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\france\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\france\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\france\AppData\Local\Akamai\netsession_win.exe" [2014-10-29 4673432]
"GoogleChromeAutoLaunch_F0EF0F65A2238D96E95C3460BB8719E4"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-08-07 860488]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2014-10-14 911032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-03-06 133400]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-12-20 507744]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-04-11 5939776]
"Fastboot"="c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" [2012-01-17 1091376]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-13 4351712]
"IntelSBA"="c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe" [2012-02-27 55520]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-08-21 105120]
.
c:\users\france\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\france\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-9 39207112]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2011-4-5 969216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 cpuz134;cpuz134;c:\users\france\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\france\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 Fastboot;Fastboot;c:\windows\system32\DRIVERS\Fastboot.sys;c:\windows\SYSNATIVE\DRIVERS\Fastboot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 LSCWinService;LSCWinService;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 OXSDIDRV_x64;Oxford Semi eSATA Filter (x64);c:\windows\system32\DRIVERS\OXSDIDRV_x64.sys;c:\windows\SYSNATIVE\DRIVERS\OXSDIDRV_x64.sys [x]
R3 OXUDIDRV;OXUDIDRV;c:\windows\system32\Drivers\OXUDIDRV_X64.sys;c:\windows\SYSNATIVE\Drivers\OXUDIDRV_X64.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]
S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [x]
S2 FPLService;TrueSuiteService;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 Intel(R) Small Business Advantage;Intel(R) Small Business Advantage;c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe;c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 ReimageRealTimeProtector;Reimage Real Time Protector;c:\program files\Reimage\Reimage Protector\ReiGuard.exe;c:\program files\Reimage\Reimage Protector\ReiGuard.exe [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
S3 tvtvcamd;ThinkVantage Virtual Camera;c:\windows\system32\DRIVERS\tvtvcamd.sys;c:\windows\SYSNATIVE\DRIVERS\tvtvcamd.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-20 07:35	1104200	----a-w-	c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-09 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
2015-01-09 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
2015-01-09 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files (x86)\PC Tools Registry Mechanic\SULauncher.exe [2012-12-23 13:44]
.
2015-01-09 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\PC Tools Registry Mechanic\RegMech.exe [2012-12-23 13:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\france\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\france\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\france\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\france\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\france\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\france\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\france\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\france\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-02-29 06:38	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-02-29 06:38	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-02-29 06:38	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-02-29 06:38	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-09 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-09 440600]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-02-17 177936]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-02-21 11406608]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-03-01 564352]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-02-21 1654400]
"TpShocks"="TpShocks.exe" [2012-02-24 382528]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-04-10 283984]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=AT&userid=cdcda9d2-8613-af65-6601-5a50413d73bd&searchtype=ds&q={searchTerms}&installDate=01/08/2013
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\france\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1 195.58.160.194 195.58.161.122
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - (no file)
BHO-{377e5d4d-77e5-476a-8716-7e70a9272da0} - c:\progra~2\SEARCH~2\Datamngr\SRTOOL~1\searchresultsDx.dll
BHO-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
Toolbar-Locked - (no file)
Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
Toolbar-10 - (no file)
Toolbar-{377e5d4d-77e5-476a-8716-7e70a9272da0} - c:\progra~2\SEARCH~2\Datamngr\SRTOOL~1\searchresultsDx.dll
Wow6432Node-HKCU-Run-Apps Hat - c:\users\france\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
Wow6432Node-HKLM-Run-WinampAgent - c:\program files (x86)\Winamp\winampa.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-DVDVideoSoftTB Toolbar - c:\program files (x86)\DVDVideoSoftTB\uninstall.exe
AddRemove-DVDVideoSoftTB_DE Toolbar - c:\program files (x86)\DVDVideoSoftTB_DE\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\srvany.exe
c:\windows\KMService.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\users\france\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
c:\windows\SysWOW64\rundll32.exe
c:\progra~2\ThinkPad\UTILIT~1\SCHTASK.exe
c:\program files\Lenovo\SimpleTap\SimpleTap.exe
c:\program files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe
c:\program files\Lenovo\Lenovo Solution Center\LSCNotify.exe
c:\program files (x86)\Lenovo\message center plus\mcplaunch.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-01-09  20:23:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-01-09 19:23
.
Vor Suchlauf: 14 Verzeichnis(se), 375*592*128*512 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 371*862*265*856 Bytes frei
.
- - End Of File - - E32792E2044141A1974673674EDC2E20

Ich habe keine Fehlermeldungen bekommen... Es scheint sich auch alles beruhigt zu haben, ich kann normal auf Webseiten klicken, ohne dass lästige Pop-ups erscheinen. Ich warte auf die nächsten Anweisungen, vielen Dank und liebe Grüße!

schrauber · 10.01.2015, 11:54

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

01.01.2015, 11:48	#6
schrauber /// the machine /// TB-Ausbilder	Windows 7: Webseiten werden auf Werbung umgeleitet. und die FRST.txt? __________________ --> Windows 7: Webseiten werden auf Werbung umgeleitet.

Windows 7: Webseiten werden auf Werbung umgeleitet.

Log-Analyse und Auswertung: Windows 7: Webseiten werden auf Werbung umgeleitet.