Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Searchpage/genesis offers/ thanksforthedownload etc.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.01.2015, 23:11   #1
Irissss
 
Searchpage/genesis offers/ thanksforthedownload etc. - Standard

Searchpage/genesis offers/ thanksforthedownload etc.



Hallo liebes Trojaner Board,

mein Laptop ist innerhalb von einigen Monaten immer langsamer geworden, anschließend habe ich versucht ihn zu "reinigen", Dateien zu defragmentieren (ich meine, dass es so hieß) und seitdem ist alles nur noch schlimmer.. Es öffnen sich verschiedenste Seiten und Fenster und mein Laptop ist noch langsamer als vorher.
Ich habe mal ein paar Seiten & Fenster zusammengetragen:

-Windows Version installer 2011-2014, end user licence agreement
-Updater24.plugin-update.com
-Genesis-offers.com
-thanksforthedownload.com
-stamplive.com
-tinf9k.com
-searchpage.com (diese Seite kommt zuerst, wenn ich den Browser öffne)

Da es so eine Vielzahl ist: Ist mein Laptop noch zu "retten" und wenn ja, wie?
Es wäre mir eine Riesenhilfe, wenn ich zumindest ein Urteil bzw. Eine erste Einschätzung erhalten könnte. Vielen lieben Dank im Voraus!!

Iris

Alt 28.01.2015, 23:19   #2
Bootsektor
/// TB-Ausbilder
 
Searchpage/genesis offers/ thanksforthedownload etc. - Standard

Searchpage/genesis offers/ thanksforthedownload etc.





Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
  • Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Poste die Logfiles direkt in deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Posten in Code Tags
Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke.
Dazu:
  • Klicke über dem Antwortfenster auf die Raute #, dann steht dort in eckigen Klammern [] CODE /CODE.
  • Zwischen den beiden code-Bausteinen fügst Du dann deine Logfiles ein. Also CODE Logfile /CODE
  • Wenn die Logs zu lang sein sollten, dann teile sie bitte auf und poste sie dann hier in Deinem Thread, notfalls in mehreren Antworten.

Lass mal sehen
Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 31.01.2015, 15:27   #3
Irissss
 
Searchpage/genesis offers/ thanksforthedownload etc. - Standard

Searchpage/genesis offers/ thanksforthedownload etc.



Liebe Sandra,

Vielen Dank schonmal!
Ich hab jetzt 3 mal versucht den Schritt 1 überhaupt durchzuführen, bin aber jedes mal gescheitert. Beim ersten Versuch habe ich es zumindest hinbekommen, FRST64 downzuloaden. Als ich es aber starten wollte stand da: "(...)FRST64.exe ist keine zulässige Win32-Anwendung. Dabei habe ich ein 64 Bit-Betriebssystem.. Aber gut, dann dachte ich, lädst du dann halt FRST 32 Bit herunter und versuchst es damit nochmal (obwohl der Download von FRST64 schon 30-40min gedauert hat, weil sich wie gesagt sämtliche Fenster, Ad Ons etc öffnen), aber so weit bin ich nicht mehr gekommen. Nun will mein Laptop keine Internetseite mehr öffnen..
Was mache ich nun? Soll ichs weiterhin immer mal probieren? Aber hätte sich FRST64 bei mir nicht öffnen müssen?

Viele Grüße,
Iris
__________________

Alt 31.01.2015, 15:30   #4
Bootsektor
/// TB-Ausbilder
 
Searchpage/genesis offers/ thanksforthedownload etc. - Standard

Searchpage/genesis offers/ thanksforthedownload etc.



Hallo Iris,

hast du die Möglichleit dir FRST via USB-Stick an einem anderen Rechner herunterzuladen und dann auf deinem Laptop zu speichern, einen Scan zu machen und dann die Logs hier posten. Ich brauch das Log um überhaupt sehen zu können, was bei dir los ist.

Ansonsten, versuch mal ob du in den abgesicherten Modus kommst um es dort zu herunterzuladen.

Alt 01.02.2015, 20:12   #5
Irissss
 
Searchpage/genesis offers/ thanksforthedownload etc. - Standard

Searchpage/genesis offers/ thanksforthedownload etc.



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015 01
Ran by Iris (administrator) on IRIS-PC on 31-01-2015 19:45:31
Running from C:\Users\Iris\Desktop
Loaded Profiles: Iris (Available profiles: Iris)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
() C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\FastPlayer\FastPlayerUpdaterService.exe
() C:\Program Files (x86)\WInterEnhance\WInterEnhance Internet Enhancer\InternetEnhancerService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\LPT\srpts.exe
(home) C:\Program Files (x86)\TheHDvid-Codec V10\84ac6b56-1a0e-44c6-a81c-7575aa44c736-6.exe
() C:\Program Files (x86)\SupTab\HpUI.exe
(globalUpdate) C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
() C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe
(HighQVPV28.09) C:\Program Files (x86)\HQVP1.9V28.09\a8fa3747-9df7-44eb-ba24-7b9b53596002.exe
() C:\Program Files (x86)\ver6NewPlayer\B5e.exe
() C:\Program Files (x86)\SupTab\Loader64.exe
() C:\Program Files (x86)\SupTab\Loader32.exe
() C:\Program Files (x86)\WInterEnhance\WInterEnhance Internet Enhancer\InternetEnhancer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\nethtsrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
() C:\Program Files (x86)\LPT\srptsl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
() C:\Program Files (x86)\ver6NewPlayer\t0NewPlayerW38.exe
() C:\monitor.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systeminfo.exe
() C:\Users\Iris\AppData\Local\ConvertAd\CASrv.exe
() C:\Users\Iris\AppData\Roaming\VOPackage\VOsrv.exe
() C:\Windows\SysWOW64\netupdsrv.exe
(ShopperPro) C:\Program Files\Common Files\ShopperPro\spbiu.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Time Lapse Solutions) C:\ProgramData\EiTVjiBBmwA\gsEyZbUfv.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\ver6NewPlayer\Q7dt179.exe
() C:\Users\Iris\AppData\Local\mbot_de_107\upmbot_de_107.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Spotify Ltd) C:\Users\Iris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Users\Iris\Qtrax\Player\Notification.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
() C:\Users\Iris\AppData\Local\Genesis_09281823\Genesis_09281823.exe
() C:\Users\Iris\AppData\Roaming\InetStat\inetstat.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
(Smartbar) C:\Users\Iris\AppData\Local\Smartbar\Application\Smartbar.exe
() C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1399\jsdrv.exe
(YTDownloader) C:\Program Files (x86)\YTDownloader\YTDownloader.exe
(Pay By Ads LTD) C:\Users\Iris\AppData\Local\playnowradio\playnowradio\1.3.19.3\playnowradio.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Iris\AppData\Roaming\Dropbox\bin\Dropbox.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(SoftBrain Technologies Ltd.) C:\Users\Iris\AppData\Local\SmartWeb\SmartWebHelper.exe
() C:\Users\Iris\AppData\Local\StormWatch\StormWatchApp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
(SoftBrain Technologies Ltd.) C:\Users\Iris\AppData\Local\SmartWeb\SmartWebApp.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Fujitsu Technology Solutions) C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe
(Fujitsu) C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(MyOSCompany) C:\Program Files (x86)\PCTRunner\MyOSProtect.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\mbot_de_107\mbot_de_107.exe
() C:\Program Files (x86)\gmsd_de_138\gmsd_de_138.exe
() C:\Users\Iris\AppData\Local\ConvertAd\ConvertAd.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Users\Iris\AppData\Roaming\InetStat\iexplore.exe
(Time Lapse Solutions) C:\ProgramData\EiTVjiBBmwA\dat\AJuJnEy.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Object Browser) C:\Program Files (x86)\Object Browser\Object Browser-buttonutil.exe
(home) C:\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-buttonutil.exe
(HighQVPV28.09) C:\Program Files (x86)\HQVP1.9V28.09\HQVP1.9V28.09-bg.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [PfNet] => C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6310912 2010-06-24] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [LoadFUJ02E3] => C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [162912 2009-07-08] (CyberLink Corp.)
HKLM-x32\...\Run: [DeskUpdateNotifier] => c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [97560 2010-10-13] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [AIS_MessageForYou] => C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe [1965056 2010-03-18] (Fujitsu)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-18] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [mbot_de_107] => C:\Program Files (x86)\mbot_de_107\mbot_de_107.exe [3971528 2014-09-25] ()
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1399\jsdrv.exe [3224576 2014-12-30] ()
HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988968 2014-08-25] (YTDownloader)
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Iris\AppData\Local\SmartWeb\SmartWebHelper.exe [270696 2014-05-27] (SoftBrain Technologies Ltd.)
HKLM-x32\...\Run: [gmsd_de_138] => C:\Program Files (x86)\gmsd_de_138\gmsd_de_138.exe [3979920 2015-01-24] ()
HKLM-x32\...\RunOnce: [upmbot_de_107.exe] => C:\Users\Iris\AppData\Local\mbot_de_107\upmbot_de_107.exe [3303928 2014-09-25] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Run: [SpeedUpMyPC] => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\launcher.exe [67960 2012-04-16] (Uniblue Systems Ltd)
HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Run: [Spotify Web Helper] => C:\Users\Iris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-24] (Spotify Ltd)
HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Run: [QtraxNotification] => C:\Users\Iris\Qtrax\Player\Notification.exe [118568 2013-07-29] ()
HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-25] (Google Inc.)
HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Run: [Spotify] => C:\Users\Iris\AppData\Roaming\Spotify\spotify.exe [6737976 2015-01-24] (Spotify Ltd)
HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Run: [genesis_09281823] => c:\users\iris\appdata\local\genesis_09281823\genesis_09281823.exe [2584576 2014-09-28] ()
HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [148048 2014-09-16] (PC Utilities Software Limited)
HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Run: [InetStat] => C:\Users\Iris\AppData\Roaming\InetStat\inetstat.exe [777230 2015-01-24] ()
HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Run: [Browser Infrastructure Helper] => C:\Users\Iris\AppData\Local\Smartbar\Application\Smartbar.exe [28192 2014-08-27] (Smartbar)
HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1399\jsdrv.exe [3224576 2014-12-30] ()
HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988968 2014-08-25] (YTDownloader)
HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Run: [Play Now Radio] => C:\Users\Iris\AppData\Local\playnowradio\playnowradio\1.3.19.3\playnowradio.exe [654184 2015-01-30] (Pay By Ads LTD)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [253200 2015-01-20] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [219408 2015-01-20] (Client Connect LTD)
AppInit_DLLs-x32:  C:\Users\Iris\AppData\Local\Smartbar\Application\Resources\crdlil.dll => C:\Users\Iris\AppData\Local\Smartbar\Application\Resources\crdlil.dll [60416 2014-11-21] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
ShortcutTarget: SmartWeb.lnk -> C:\Users\Iris\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
Startup: C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk
ShortcutTarget: StormWatchApp.lnk -> C:\Users\Iris\AppData\Local\StormWatch\StormWatchApp.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3450306727-158836411-271950113-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3450306727-158836411-271950113-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49461;https=127.0.0.1:49461
ProxyEnable: [S-1-5-21-3450306727-158836411-271950113-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3450306727-158836411-271950113-1001] => http=127.0.0.1:13947;https=127.0.0.1:13947
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1420036292&from=wpm12233&uid=ST9500325AS_S2WFP9Z5XXXXS2WFP9Z5
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1420036292&from=wpm12233&uid=ST9500325AS_S2WFP9Z5XXXXS2WFP9Z5
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1411928707&from=tugs&uid=ST9500325AS_S2WFP9Z5XXXXS2WFP9Z5&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1411928707&from=tugs&uid=ST9500325AS_S2WFP9Z5XXXXS2WFP9Z5&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1420036292&from=wpm12233&uid=ST9500325AS_S2WFP9Z5XXXXS2WFP9Z5
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1420036292&from=wpm12233&uid=ST9500325AS_S2WFP9Z5XXXXS2WFP9Z5
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1411928707&from=tugs&uid=ST9500325AS_S2WFP9Z5XXXXS2WFP9Z5&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1411928707&from=tugs&uid=ST9500325AS_S2WFP9Z5XXXXS2WFP9Z5&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEU-cMTeldOutkMRm1lHMNM_I966xRj-emLdmHwZI1caMrWW96Lq0g7hHFdZIx84rWozjRGxv0CloDr3lWe7jMeMTFZbmBNzY-12ynu2JEXqu0OVK1cobnnacaRQerXIwfJipPnCt6f_FIw,,
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEU-cMTeldOutkMRm1lHMNM_I966xRj-emLdmHwZI1caMrWW96Lq0g7hHFdZIx84rWozjRGxv0CloDr3pomEMmiYxpbFoyeGjqammZp6wVVOZXMlbiG_SB4g4Ckb-gu-J7nbkifPn-JKz0A,,&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEU-cMTeldOutkMRm1lHMNM_I966xRj-emLdmHwZI1caMrWW96Lq0g7hHFdZIx84rWozjRGxv0CloDr3pomEMmiYxpbFoyeGjqammZp6wVVOZXMlbiG_SB4g4Ckb-gu-J7nbkifPn-JKz0A,,&q={searchTerms}
HKU\S-1-5-21-3450306727-158836411-271950113-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEU-cMTeldOutkMRm1lHMNM_I966xRj-emLdmHwZI1caMrWW96Lq0g7hHFdZIx84rWozjRGxv0CloDr3pomEMmiYxpbFoyeGjqammZp6wVVOZXMlbiG_SB4g4Ckb-gu_NijG4_iQCKqUEOQkE5g,,&q={searchTerms}
HKU\S-1-5-21-3450306727-158836411-271950113-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M3F2EFB8E-8652-43E1-A5AD-2A1CE869AE5B&SearchSource=55&CUI=&UM=2&UP=SP148E3FF6-F5F7-42C6-AF12-DBEEA8245E4B&SSPV=
HKU\S-1-5-21-3450306727-158836411-271950113-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1420036292&from=wpm12233&uid=ST9500325AS_S2WFP9Z5XXXXS2WFP9Z5
HKU\S-1-5-21-3450306727-158836411-271950113-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG
HKU\S-1-5-21-3450306727-158836411-271950113-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG
HKU\S-1-5-21-3450306727-158836411-271950113-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=980e72c3000000000000e0ca94beb0f6
HKU\S-1-5-21-3450306727-158836411-271950113-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEU-cMTeldOutkMRm1lHMNM_I966xRj-emLdmHwZI1caMrWW96Lq0g7hHFdZIx84rWozjRGxv0CloDr3pomEMmiYxpbFoyeGjqammZp6wVVOZXMlbiG_SB4g4Ckb-gu_NijG4_iQCKqUEOQkE5g,,&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1411928707&from=tugs&uid=ST9500325AS_S2WFP9Z5XXXXS2WFP9Z5&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1411928707&from=tugs&uid=ST9500325AS_S2WFP9Z5XXXXS2WFP9Z5&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEU-cMTeldOutkMRm1lHMNM_I966xRj-emLdmHwZI1caMrWW96Lq0g7hHFdZIx84rWozjRGxv0CloDr3pomEMmiYxpbFoyeGjqammZp6wVVOZXMlbiG_SB4g4Ckb-gu-J7nbkifPn-JKz0A,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEU-cMTeldOutkMRm1lHMNM_I966xRj-emLdmHwZI1caMrWW96Lq0g7hHFdZIx84rWozjRGxv0CloDr3pomEMmiYxpbFoyeGjqammZp6wVVOZXMlbiG_SB4g4Ckb-gu-J7nbkifPn-JKz0A,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope 006ee092-9658-4fd6-bd8e-a21a348e59f5 URL = 
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEU-cMTeldOutkMRm1lHMNM_I966xRj-emLdmHwZI1caMrWW96Lq0g7hHFdZIx84rWozjRGxv0CloDr3pomEMmiYxpbFoyeGjqammZp6wVVOZXMlbiG_SB4g4Ckb-gu-J7nbkifPn-JKz0A,,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-21-3450306727-158836411-271950113-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M3F2EFB8E-8652-43E1-A5AD-2A1CE869AE5B&SearchSource=58&CUI=&UM=2&UP=SP148E3FF6-F5F7-42C6-AF12-DBEEA8245E4B&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3450306727-158836411-271950113-1001 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-3450306727-158836411-271950113-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEU-cMTeldOutkMRm1lHMNM_I966xRj-emLdmHwZI1caMrWW96Lq0g7hHFdZIx84rWozjRGxv0CloDr3pomEMmiYxpbFoyeGjqammZp6wVVOZXMlbiG_SB4g4Ckb-gu_NijG4_iQCKqUEOQkE5g,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3450306727-158836411-271950113-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M3F2EFB8E-8652-43E1-A5AD-2A1CE869AE5B&SearchSource=58&CUI=&UM=2&UP=SP148E3FF6-F5F7-42C6-AF12-DBEEA8245E4B&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3450306727-158836411-271950113-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1420040080&from=wpm12233&uid=ST9500325AS_S2WFP9Z5XXXXS2WFP9Z5&q={searchTerms}
BHO: LuckyiShOppera -> {0243c6aa-9c63-478b-8ebe-36959530e8c5} -> C:\Program Files (x86)\LuckyiShOppera\8KrO4YIqvcOxLB.x64.dll ()
BHO: Object Browser -> {11111111-1111-1111-1111-110311281150} -> C:\Program Files (x86)\Object Browser\Object Browser-bho64.dll (Object Browser)
BHO: TheHDvid-Codec V10 -> {11111111-1111-1111-1111-110611331115} -> C:\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-bho64.dll (home)
BHO: HQVP1.9V28.09 -> {11111111-1111-1111-1111-110611381131} -> C:\Program Files (x86)\HQVP1.9V28.09\HQVP1.9V28.09-bho64.dll (HighQVPV28.09)
BHO: iWebar -> {11111111-1111-1111-1111-110611511123} -> C:\Program Files (x86)\iWebar\iWebar-bho64.dll (iWebar)
BHO: BetterPRicEEChec -> {150023d7-264b-42cb-a367-d0656604a759} -> C:\Program Files (x86)\BetterPRicEEChec\0sUWES3cvmPXOm.x64.dll ()
BHO: deaaL4real -> {234a6ea0-0ba8-459d-a8f3-d107e3aef29b} -> C:\ProgramData\deaaL4real\bb6n5a31ck0be4.x64.dll ()
BHO: PriceDownloader -> {2ab04d8f-df1b-404c-bac7-d568a752b99e} -> C:\ProgramData\PriceDownloader\K7TEanJFQp4AJb.x64.dll ()
BHO: Shopping Helper SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: ShopperMaster -> {74be7230-d366-4041-9467-294dbd6295f9} -> C:\ProgramData\ShopperMaster\LdphN9UXojQcBZ.x64.dll ()
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll (Goobzo Ltd.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: SalesChecker -> {c6ae42d8-ab05-42e1-a694-40c28454de55} -> C:\ProgramData\SalesChecker\VTsXE9CDCjbbIR.x64.dll ()
BHO: less2Peayu -> {d142d4db-11ad-4ec8-9c2a-386d3676fd32} -> C:\ProgramData\less2Peayu\LcTMkJXC3XfLrV.x64.dll ()
BHO-x32: LuckyiShOppera -> {0243c6aa-9c63-478b-8ebe-36959530e8c5} -> C:\Program Files (x86)\LuckyiShOppera\8KrO4YIqvcOxLB.dll ()
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Object Browser -> {11111111-1111-1111-1111-110311281150} -> C:\Program Files (x86)\Object Browser\Object Browser-bho.dll (Object Browser)
BHO-x32: TheHDvid-Codec V10 -> {11111111-1111-1111-1111-110611331115} -> C:\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-bho.dll (home)
BHO-x32: HQVP1.9V28.09 -> {11111111-1111-1111-1111-110611381131} -> C:\Program Files (x86)\HQVP1.9V28.09\HQVP1.9V28.09-bho.dll (HighQVPV28.09)
BHO-x32: iWebar -> {11111111-1111-1111-1111-110611511123} -> C:\Program Files (x86)\iWebar\iWebar-bho.dll (iWebar)
BHO-x32: BetterPRicEEChec -> {150023d7-264b-42cb-a367-d0656604a759} -> C:\Program Files (x86)\BetterPRicEEChec\0sUWES3cvmPXOm.dll ()
BHO-x32: deaaL4real -> {234a6ea0-0ba8-459d-a8f3-d107e3aef29b} -> C:\ProgramData\deaaL4real\bb6n5a31ck0be4.dll ()
BHO-x32: PriceDownloader -> {2ab04d8f-df1b-404c-bac7-d568a752b99e} -> C:\ProgramData\PriceDownloader\K7TEanJFQp4AJb.dll ()
BHO-x32: Shopping Helper SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Lyrics Finder -> {398C01F1-E584-46AD-A649-4F78B435DCFE} -> C:\Program Files (x86)\LyricsFinder\lfind.dll (Nijad Software)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: ShopperMaster -> {74be7230-d366-4041-9467-294dbd6295f9} -> C:\ProgramData\ShopperMaster\LdphN9UXojQcBZ.dll ()
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll (Goobzo Ltd.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
BHO-x32: SalesChecker -> {c6ae42d8-ab05-42e1-a694-40c28454de55} -> C:\ProgramData\SalesChecker\VTsXE9CDCjbbIR.dll ()
BHO-x32: less2Peayu -> {d142d4db-11ad-4ec8-9c2a-386d3676fd32} -> C:\ProgramData\less2Peayu\LcTMkJXC3XfLrV.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3450306727-158836411-271950113-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3450306727-158836411-271950113-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 16 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9-x64 01 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
Winsock: Catalog9-x64 02 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
Winsock: Catalog9-x64 03 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
Winsock: Catalog9-x64 04 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
Winsock: Catalog9-x64 16 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1411928707&from=tugs&uid=ST9500325AS_S2WFP9Z5XXXXS2WFP9Z5

FireFox:
========
FF ProfilePath: C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M3F2EFB8E-8652-43E1-A5AD-2A1CE869AE5B&SearchSource=55&CUI=&UM=2&UP=SP148E3FF6-F5F7-42C6-AF12-DBEEA8245E4B&SSPV=
FF DefaultSearchEngine: delta-homes
FF SelectedSearchEngine: Trovi
FF Homepage: hxxp://www.trovi.com/corse/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M3F2EFB8E-8652-43E1-A5AD-2A1CE869AE5B&SearchSource=70&CUI=&SSPV=&Lay=LAY_ID&UM=2&UP=SP148E3FF6-F5F7-42C6-AF12-DBEEA8245E4B&fq=FQ_TERM&SAT=SAT_ID
FF Keyword.URL: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEU-cMTeldOutkMRm1lHMNM_I966xRj-emLdmHwZI1caMrWW96Lq0g7hHFdZIx84rWozjRGxv0CloDr3pomEMmiYxpbFoyeGjqammZp6wVVOZXMlbiG_SB4g4Ckb-gu_NijG4_iQCKqUEOQkE5g,,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3450306727-158836411-271950113-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\delta-homes.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF Extension: CinPlus-2.4c - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\0cd1569197354ecf9be03@d3ee3bc4210848f7b5a58324f064f.com [2014-12-31]
FF Extension: TheHDvid-Codec V10 - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\43f13f31-cec7-4ac7-ad4a-18dfdaeae120@gmail.com [2015-01-31]
FF Extension: Object Browser - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com [2015-01-24]
FF Extension: RoYalCouupon - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\BXzm@R.com [2015-01-29]
FF Extension: compatibilityaddonsmozillaorg - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\compatibility@addons.mozilla.org [2015-01-29]
FF Extension: Security Protection - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\detgdp@gmail.com [2014-12-31]
FF Extension: RoyalShopperApp - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\DOAs@D.edu [2014-11-09]
FF Extension: ClickForSale - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\mM@GPCbN35.net [2014-11-21]
FF Extension: iWebar1.1 - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\ROUAILDE73397174@UXGZI17268980.com [2014-12-31]
FF Extension: PriceDownloader - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\U@inl.edu [2014-11-09]
FF Extension: SalesChhecker - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\Wy@PcOHg6F21.com [2015-01-31]
FF Extension: SaVinshopi - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\Y91x2u@rXO.com [2015-01-25]
FF Extension: Shopping Helper Smartbar - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\{211c3e92-d35c-d3a9-002f-b470c8974aad} [2014-10-25]
FF Extension: Shopper-Pro - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2014-11-09]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn [2012-08-25]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2 [2015-01-31]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\4e09pvdy.default-1381074144463\extensions\faststartff@gmail.com
FF Extension: Fast Start - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\4e09pvdy.default-1381074144463\extensions\faststartff@gmail.com [2014-09-28]
FF HKLM-x32\...\Firefox\Extensions: [{38e9e285-5266-4fe2-b5b5-c14c29b0cd45}] - C:\Program Files (x86)\WebEnhance\webenhance.xpi
FF Extension: WebEnhance - C:\Program Files (x86)\WebEnhance\webenhance.xpi [2014-09-30]
FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\extensions\detgdp@gmail.com
FF HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Firefox\Extensions: [{58bd07eb-0ee0-4df0-8121-dc9b693373df}] - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
FF HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Firefox\Extensions: [lfind@nijadsoft.net] - C:\Program Files (x86)\LyricsFinder\FF
FF Extension: Lyrics Finder - C:\Program Files (x86)\LyricsFinder\FF [2013-06-21]
FF HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.delta-homes.com/?type=sc&ts=1420040080&from=wpm12233&uid=ST9500325AS_S2WFP9Z5XXXXS2WFP9Z5

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M3F2EFB8E-8652-43E1-A5AD-2A1CE869AE5B&SearchSource=55&CUI=&UM=2&UP=SP148E3FF6-F5F7-42C6-AF12-DBEEA8245E4B&SSPV="
CHR Profile: C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (PageRank) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfcdbaimlghobbjcnedilbjalppkblik [2014-11-21]
CHR Extension: (Movie2kDownloader 2) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf [2013-03-27]
CHR Extension: (bpconcjcammlapcogcnnelfmaeghhagj) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2014-10-02]
CHR Extension: (Contrast Theme for Gmail) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbibcldlgllnamlpilmfleeobcgalfgi [2015-01-31]
CHR Extension: (gdbfnafnalfjconpgenohfidcaeibkoc) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdbfnafnalfjconpgenohfidcaeibkoc [2015-01-25]
CHR Extension: (Bargain Workbench) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebcpofjimbbchggpnfcaiieolloeodp [2013-08-29]
CHR Extension: (Lyrics Finder) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnbcopcndefcccgdofjadnafjljgofam [2013-06-21]
CHR Extension: (Ultimate Guitar Chord Finder  Tuner) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\heaonkngmjjglodfnhecekakddbggmhi [2014-10-25]
CHR Extension: (My Movie Magnet) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpljfflibaokjcndmchkfjalpjjblioc [2013-07-30]
CHR Extension: (Financial Times News Feed) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikbgmjbblkefbdmndheohoboafbagffo [2015-01-29]
CHR Extension: (cifFix) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jclfgmgojdnckljehaliiiolimmhmoad [2014-11-09]
CHR Extension: (WhoWorks At) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeldhknnfopoiloahhpmbblbhemankjj [2014-11-09]
CHR Extension: (Object Browser) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhdjhhpjicomphhjpehdhjenbaamdpnn [2015-01-29]
CHR Extension: (Yontoo) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc [2013-03-27]
CHR Extension: (PotatoSmile) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oalbpfagfhfkcmklpdanadjpbfdedndn [2015-01-29]
CHR Extension: (Quick start) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-09-28]
CHR Extension: (HQVP1.9V28.09) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\plimopelmdneikoknbgpopffpbmlhgpa [2014-09-28]
CHR HKLM\...\Chrome\Extension: [gebcpofjimbbchggpnfcaiieolloeodp] - C:\Users\Iris\AppData\Local\BargainWorkbench.crx [2013-08-29]
CHR HKLM\...\Chrome\Extension: [hpljfflibaokjcndmchkfjalpjjblioc] - C:\Users\Iris\AppData\Local\MyMovieMagnet.crx [2013-07-30]
CHR HKLM\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx [2014-12-31]
CHR HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Chrome\Extension: [gebcpofjimbbchggpnfcaiieolloeodp] - C:\Users\Iris\AppData\Local\BargainWorkbench.crx [2013-08-29]
CHR HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Chrome\Extension: [hpljfflibaokjcndmchkfjalpjjblioc] - C:\Users\Iris\AppData\Local\MyMovieMagnet.crx [2013-07-30]
CHR HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Iris\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-09-17]
CHR HKLM-x32\...\Chrome\Extension: [blaofbhgbmeikidhlkmjhbkbfohpgekf] - C:\Program Files (x86)\Movie2KDownloader.com\Movie2KDownloader10.crx [2012-12-13]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gebcpofjimbbchggpnfcaiieolloeodp] - C:\Users\Iris\AppData\Local\BargainWorkbench.crx [2013-08-29]
CHR HKLM-x32\...\Chrome\Extension: [gnbcopcndefcccgdofjadnafjljgofam] - C:\Program Files (x86)\LyricsFinder\Chrome.crx [2013-02-27]
CHR HKLM-x32\...\Chrome\Extension: [hpljfflibaokjcndmchkfjalpjjblioc] - C:\Users\Iris\AppData\Local\MyMovieMagnet.crx [2013-07-30]
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files (x86)\Yontoo\YontooLayers.crx [2013-02-17]
CHR HKLM-x32\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx [2014-12-31]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-09-28]
CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx [Not Found]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.delta-homes.com/?type=sc&ts=1420040080&from=wpm12233&uid=ST9500325AS_S2WFP9Z5XXXXS2WFP9Z5

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AISConnect; C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe [32768 2009-01-26] () [File not signed]
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) <==== ATTENTION
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3503376 2015-01-20] (Client Connect LTD)
R2 d18dd5bb; c:\Program Files (x86)\AwesomeSalesonOffer\LessIsBest.dll [4246528 2014-12-31] () [File not signed]
R2 FastPlayerUpdaterService; C:\Program Files (x86)\FastPlayer\FastPlayerUpdaterService.exe [11776 2014-09-22] () [File not signed]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-01-30] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-01-30] (globalUpdate) [File not signed]
R2 gsEyZbUfv; C:\ProgramData\EiTVjiBBmwA\gsEyZbUfv.exe [2726776 2014-11-09] (Time Lapse Solutions)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-09-28] (Cherished Technololgy LIMITED)
R2 Internet Enhancer Service; C:\Program Files (x86)\WInterEnhance\WInterEnhance Internet Enhancer\InternetEnhancerService.exe [312320 2014-12-19] () [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-11-01] (Intel Corporation) [File not signed]
R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32800 2014-08-27] () <==== ATTENTION
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [399432 2012-09-29] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [676936 2012-09-29] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R3 MyOSProtect; C:\Program Files (x86)\PCTRunner\MyOSProtect.exe [1317096 2014-09-01] (MyOSCompany) [File not signed]
R2 NetHttpService; C:\Windows\SysWOW64\nethtsrv.exe [369664 2015-01-31] () [File not signed]
R2 NewPlayer; C:\Program Files (x86)\ver6NewPlayer\Q7dt179.exe [316416 2014-09-28] () [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [330240 2010-06-24] (FUJITSU LIMITED) [File not signed]
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-09-02] () [File not signed] <==== ATTENTION
S2 scores; C:\Windows\score.exe [4834816 2014-10-02] () [File not signed]
R2 serverca; C:\Users\Iris\AppData\Local\ConvertAd\CASrv.exe [123392 2015-01-24] () [File not signed]
R2 servervo; C:\Users\Iris\AppData\Roaming\VOPackage\VOsrv.exe [72192 2014-09-28] () [File not signed] <==== ATTENTION
R2 ServiceUpdater; C:\Windows\SysWOW64\netupdsrv.exe [186368 2015-01-31] () [File not signed]
R2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346880 2014-12-30] (ShopperPro)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-11-01] (Intel Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2014-12-26] (Fuyu LIMITED) [File not signed]
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [425136 2014-12-31] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [1388120 2013-01-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-04] (Symantec Corporation)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130126.002\IDSvia64.sys [513184 2012-12-02] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130128.032\ENG64.SYS [126192 2013-01-23] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130128.032\EX64.SYS [2087664 2013-01-23] (Symantec Corporation)
S1 nethfdrv; C:\Windows\system32\drivers\nethfdrv.sys [38912 2015-01-31] (nethfdrv) [File not signed]
R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58728 2014-08-25] (YTDownloader)
R3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41856 2014-12-30] ()
R2 SPDRIVER_1.37.0.1399; C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1399\jsdrv.sys [52584 2014-12-30] ()
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-09-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
U2 wuaserv; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 19:45 - 2015-01-31 19:48 - 00051711 _____ () C:\Users\Iris\Desktop\FRST.txt
2015-01-31 19:45 - 2015-01-31 19:46 - 00000000 ____D () C:\FRST
2015-01-31 19:43 - 2015-01-31 19:43 - 00000687 _____ () C:\awh9443.tmp
2015-01-31 19:40 - 2015-01-31 19:40 - 00001462 _____ () C:\Users\Iris\Desktop\Play Now Radio.lnk
2015-01-31 16:01 - 2015-01-31 16:01 - 00000687 _____ () C:\awhFB6E.tmp
2015-01-31 13:42 - 2015-01-31 13:42 - 00000687 _____ () C:\awhE021.tmp
2015-01-31 13:27 - 2015-01-31 13:27 - 00000000 ____D () C:\Program Files (x86)\SalesChhecker
2015-01-31 13:26 - 2015-01-31 13:26 - 00000000 ____D () C:\Program Files (x86)\Contrast Theme for Gmail
2015-01-31 13:26 - 2015-01-31 13:26 - 00000000 ____D () C:\Program Files (x86)\BetterPRicEEChec
2015-01-31 13:21 - 2015-01-31 13:21 - 00000687 _____ () C:\awh92BD.tmp
2015-01-31 13:09 - 2015-01-31 19:42 - 00003076 _____ () C:\Windows\System32\Tasks\Advanced-System Protector_startup
2015-01-31 10:39 - 2015-01-31 10:39 - 00437248 _____ () C:\Windows\SysWOW64\hfpapi.dll
2015-01-31 10:39 - 2015-01-31 10:39 - 00369664 _____ () C:\Windows\SysWOW64\nethtsrv.exe
2015-01-31 10:39 - 2015-01-31 10:39 - 00186368 _____ () C:\Windows\SysWOW64\netupdsrv.exe
2015-01-31 10:39 - 2015-01-31 10:39 - 00139776 _____ () C:\Windows\SysWOW64\installd.exe
2015-01-31 10:39 - 2015-01-31 10:39 - 00108544 _____ () C:\Windows\SysWOW64\hfnapi.dll
2015-01-31 10:39 - 2015-01-31 10:39 - 00038912 _____ (nethfdrv) C:\Windows\system32\Drivers\nethfdrv.sys
2015-01-30 00:54 - 2015-01-30 00:54 - 00003454 _____ () C:\Windows\System32\Tasks\avaxvyvax
2015-01-30 00:52 - 2015-01-30 00:55 - 00000000 ____D () C:\Users\Iris\AppData\Local\avaxvyvax
2015-01-30 00:48 - 2015-01-31 19:35 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2015-01-30 00:46 - 2015-01-30 00:46 - 00003498 _____ () C:\Windows\System32\Tasks\Play Now Radio
2015-01-30 00:46 - 2015-01-30 00:46 - 00003492 _____ () C:\Windows\System32\Tasks\Play Now Radio Updater
2015-01-30 00:46 - 2015-01-30 00:46 - 00000000 ____D () C:\Users\Iris\AppData\Local\playnowradio
2015-01-30 00:45 - 2015-01-31 19:38 - 00002438 _____ () C:\Windows\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-5_user.job
2015-01-30 00:45 - 2015-01-31 19:38 - 00002438 _____ () C:\Windows\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-5.job
2015-01-30 00:45 - 2015-01-30 00:45 - 00005468 _____ () C:\Windows\System32\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-5
2015-01-30 00:44 - 2015-01-31 19:38 - 00003452 _____ () C:\Windows\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-1.job
2015-01-30 00:44 - 2015-01-31 19:38 - 00002102 _____ () C:\Windows\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-2.job
2015-01-30 00:44 - 2015-01-31 19:38 - 00001334 _____ () C:\Windows\Tasks\YZQRCM.job
2015-01-30 00:44 - 2015-01-30 00:44 - 01317848 _____ (home) C:\Users\Iris\AppData\Roaming\YZQRCM.exe
2015-01-30 00:44 - 2015-01-30 00:44 - 00006482 _____ () C:\Windows\System32\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-1
2015-01-30 00:44 - 2015-01-30 00:44 - 00005132 _____ () C:\Windows\System32\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-2
2015-01-30 00:44 - 2015-01-30 00:44 - 00004356 _____ () C:\Windows\System32\Tasks\YZQRCM
2015-01-30 00:43 - 2015-01-31 19:43 - 00005510 _____ () C:\Windows\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-6.job
2015-01-30 00:43 - 2015-01-31 19:38 - 00005510 _____ () C:\Windows\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-7.job
2015-01-30 00:43 - 2015-01-31 19:38 - 00004486 _____ () C:\Windows\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-4.job
2015-01-30 00:43 - 2015-01-31 19:38 - 00001332 _____ () C:\Windows\Tasks\CNPQO.job
2015-01-30 00:43 - 2015-01-30 00:43 - 01941464 _____ (home) C:\Users\Iris\AppData\Roaming\CNPQO.exe
2015-01-30 00:43 - 2015-01-30 00:43 - 00008540 _____ () C:\Windows\System32\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-7
2015-01-30 00:43 - 2015-01-30 00:43 - 00008538 _____ () C:\Windows\System32\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-6
2015-01-30 00:43 - 2015-01-30 00:43 - 00007516 _____ () C:\Windows\System32\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-4
2015-01-30 00:43 - 2015-01-30 00:43 - 00004354 _____ () C:\Windows\System32\Tasks\CNPQO
2015-01-30 00:43 - 2015-01-30 00:43 - 00000000 ____D () C:\Program Files (x86)\003c8a7b-1f7b-4a01-b380-359c358af40a
2015-01-30 00:42 - 2015-01-31 19:43 - 00002104 _____ () C:\Windows\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-10_user.job
2015-01-30 00:42 - 2015-01-30 00:45 - 00000000 ____D () C:\Program Files (x86)\TheHDvid-Codec V10
2015-01-30 00:41 - 2015-01-30 00:45 - 00000000 ____D () C:\Program Files (x86)\FLVPlayer
2015-01-30 00:41 - 2015-01-30 00:41 - 00000000 ____D () C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVPlayer
2015-01-30 00:40 - 2015-01-31 19:24 - 02130944 _____ (Farbar) C:\Users\Iris\Desktop\FRST64.exe
2015-01-29 23:54 - 2015-01-29 23:54 - 00000000 ____D () C:\Program Files (x86)\RoYalCouupon
2015-01-29 23:54 - 2015-01-29 23:54 - 00000000 ____D () C:\Program Files (x86)\LuckyiShOppera
2015-01-29 23:53 - 2015-01-29 23:53 - 00000000 ____D () C:\Program Files (x86)\PotatoSmile
2015-01-29 11:53 - 2015-01-31 13:27 - 00000000 ____D () C:\ProgramData\9218317531913342215
2015-01-29 11:53 - 2015-01-29 11:53 - 00000000 ____D () C:\ProgramData\lofihbppcacmfhnckemcphfagebhaogg
2015-01-29 11:53 - 2015-01-29 11:53 - 00000000 ____D () C:\Program Files (x86)\Financial Times News Feed
2015-01-29 11:53 - 2015-01-29 11:53 - 00000000 ____D () C:\Program Files (x86)\DiscountLOcator
2015-01-29 11:39 - 2015-01-29 11:39 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\Iris\AppData\Roaming\YZQRCM
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\Iris\AppData\Roaming\CNPQO
2015-01-24 15:02 - 2015-01-29 11:33 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2015-01-24 15:02 - 2015-01-29 11:33 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2015-01-24 15:02 - 2015-01-24 15:02 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2015-01-24 15:02 - 2015-01-24 15:02 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2015-01-24 15:02 - 2015-01-24 15:02 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2015-01-24 15:01 - 2015-01-29 11:33 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2015-01-24 15:01 - 2015-01-24 15:01 - 00613057 _____ (CMI Limited) C:\Users\Iris\AppData\Local\nshB9CA.tmp
2015-01-24 15:01 - 2015-01-24 15:01 - 00001051 _____ () C:\Users\Iris\Desktop\AnyProtect.lnk
2015-01-24 15:01 - 2015-01-24 15:01 - 00000000 __SHD () C:\Users\Iris\AppData\Roaming\AnyProtectEx
2015-01-24 15:01 - 2015-01-24 15:01 - 00000000 ____D () C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-01-24 15:01 - 2015-01-24 15:01 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2015-01-24 13:56 - 2015-01-24 13:56 - 00000000 ____D () C:\Users\Iris\AppData\Local\ConvertAd
2015-01-24 13:46 - 2015-01-24 13:46 - 00000000 ____D () C:\Users\Iris\AppData\Local\gmsd_de_138
2015-01-24 13:46 - 2015-01-24 13:46 - 00000000 ____D () C:\Program Files (x86)\gmsd_de_138
2015-01-24 11:56 - 2015-01-24 11:56 - 00000000 ____D () C:\ProgramData\less2Peayu
2015-01-24 11:56 - 2015-01-24 11:56 - 00000000 ____D () C:\ProgramData\deaaL4real

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 19:47 - 2014-09-28 19:23 - 00000000 ____D () C:\Users\Iris\AppData\Local\Genesis_09281823
2015-01-31 19:47 - 2013-07-26 23:47 - 00000086 _____ () C:\Users\Iris\AppData\Roaming\WB.CFG
2015-01-31 19:47 - 2013-06-21 21:47 - 00000282 _____ () C:\Windows\Tasks\DSite.job
2015-01-31 19:47 - 2009-07-14 05:45 - 00031536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 19:47 - 2009-07-14 05:45 - 00031536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 19:46 - 2012-08-25 12:36 - 01911445 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 19:43 - 2014-11-09 20:30 - 00005502 _____ () C:\Windows\Tasks\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-6.job
2015-01-31 19:43 - 2014-11-09 20:29 - 00005830 _____ () C:\Windows\Tasks\7d2743b4-7b82-4bf0-86c6-afe5b400f402-6.job
2015-01-31 19:43 - 2014-09-28 19:27 - 00003452 _____ () C:\Windows\Tasks\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-6.job
2015-01-31 19:42 - 2013-01-28 19:22 - 00000000 ____D () C:\Users\Iris\AppData\Roaming\Skype
2015-01-31 19:42 - 2012-11-05 19:10 - 00000000 ____D () C:\Users\Iris\AppData\Roaming\Spotify
2015-01-31 19:41 - 2014-12-31 15:33 - 00000000 ____D () C:\Program Files (x86)\WinZipper
2015-01-31 19:41 - 2014-09-28 19:25 - 00000000 ____D () C:\Users\Iris\AppData\Local\mbot_de_107
2015-01-31 19:41 - 2013-01-29 00:06 - 00000000 ___RD () C:\Users\Iris\Dropbox
2015-01-31 19:40 - 2014-11-09 22:17 - 00000356 _____ () C:\Windows\Tasks\AmiUpdXp.job
2015-01-31 19:40 - 2013-01-29 00:02 - 00000000 ____D () C:\Users\Iris\AppData\Roaming\Dropbox
2015-01-31 19:38 - 2014-11-09 20:31 - 00003102 _____ () C:\Windows\Tasks\7d2743b4-7b82-4bf0-86c6-afe5b400f402-5_user.job
2015-01-31 19:38 - 2014-11-09 20:31 - 00002758 _____ () C:\Windows\Tasks\7d2743b4-7b82-4bf0-86c6-afe5b400f402-5.job
2015-01-31 19:38 - 2014-11-09 20:31 - 00002430 _____ () C:\Windows\Tasks\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-5_user.job
2015-01-31 19:38 - 2014-11-09 20:30 - 00004478 _____ () C:\Windows\Tasks\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-4.job
2015-01-31 19:38 - 2014-11-09 20:30 - 00004462 _____ () C:\Windows\Tasks\7d2743b4-7b82-4bf0-86c6-afe5b400f402-4.job
2015-01-31 19:38 - 2014-11-09 20:30 - 00003748 _____ () C:\Windows\Tasks\7d2743b4-7b82-4bf0-86c6-afe5b400f402-1.job
2015-01-31 19:38 - 2014-11-09 20:30 - 00003436 _____ () C:\Windows\Tasks\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-1.job
2015-01-31 19:38 - 2014-11-09 20:30 - 00002430 _____ () C:\Windows\Tasks\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-5.job
2015-01-31 19:38 - 2014-11-09 20:30 - 00002414 _____ () C:\Windows\Tasks\7d2743b4-7b82-4bf0-86c6-afe5b400f402-2.job
2015-01-31 19:38 - 2014-11-09 20:30 - 00002094 _____ () C:\Windows\Tasks\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-2.job
2015-01-31 19:38 - 2014-11-09 20:29 - 00005488 _____ () C:\Windows\Tasks\7d2743b4-7b82-4bf0-86c6-afe5b400f402-11.job
2015-01-31 19:38 - 2014-11-09 20:29 - 00005486 _____ () C:\Windows\Tasks\7d2743b4-7b82-4bf0-86c6-afe5b400f402-7.job
2015-01-31 19:38 - 2014-11-09 20:29 - 00005168 _____ () C:\Windows\Tasks\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-11.job
2015-01-31 19:38 - 2014-11-09 20:29 - 00005166 _____ () C:\Windows\Tasks\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-7.job
2015-01-31 19:38 - 2014-11-09 20:29 - 00003798 _____ () C:\Windows\Tasks\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-3.job
2015-01-31 19:38 - 2014-09-28 19:28 - 00003796 _____ () C:\Windows\Tasks\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-4.job
2015-01-31 19:38 - 2014-09-28 19:28 - 00002752 _____ () C:\Windows\Tasks\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-1.job
2015-01-31 19:38 - 2014-09-28 19:28 - 00002428 _____ () C:\Windows\Tasks\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-5_user.job
2015-01-31 19:38 - 2014-09-28 19:28 - 00002428 _____ () C:\Windows\Tasks\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-5.job
2015-01-31 19:38 - 2014-09-28 19:28 - 00002092 _____ () C:\Windows\Tasks\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-2.job
2015-01-31 19:38 - 2014-09-28 19:28 - 00001424 _____ () C:\Windows\Tasks\a8fa3747-9df7-44eb-ba24-7b9b53596002.job
2015-01-31 19:38 - 2014-09-28 19:27 - 00004478 _____ () C:\Windows\Tasks\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-11.job
2015-01-31 19:38 - 2014-09-28 19:27 - 00003116 _____ () C:\Windows\Tasks\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-7.job
2015-01-31 19:38 - 2014-09-28 19:27 - 00000614 _____ () C:\Windows\Tasks\56ea00c8-0218-431a-af3c-946fd69f3dea.job
2015-01-31 19:38 - 2014-09-28 19:26 - 00000890 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-01-31 19:38 - 2014-09-28 19:25 - 00003796 _____ () C:\Windows\Tasks\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-3.job
2015-01-31 19:38 - 2014-09-28 19:25 - 00000404 _____ () C:\Windows\Tasks\NewPlayer Update.job
2015-01-31 19:38 - 2012-08-25 12:41 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-31 19:37 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-31 19:37 - 2009-07-14 05:51 - 00104609 _____ () C:\Windows\setupact.log
2015-01-31 19:37 - 2009-07-14 05:45 - 00416312 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-31 19:22 - 2012-09-15 11:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-31 19:12 - 2012-08-25 12:41 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-31 18:50 - 2014-11-09 20:29 - 00000894 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-01-31 18:04 - 2014-09-28 19:27 - 00000000 ___HD () C:\Users\Public\Temp
2015-01-31 16:31 - 2014-09-28 19:26 - 00003238 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2015-01-31 16:00 - 2012-11-05 19:10 - 00000000 ____D () C:\Users\Iris\AppData\Local\Spotify
2015-01-31 14:03 - 2013-12-13 23:20 - 01781914 _____ () C:\Windows\IE11_main.log
2015-01-31 13:27 - 2012-09-18 00:03 - 00000000 ____D () C:\Users\Iris\AppData\Local\CrashDumps
2015-01-31 13:22 - 2012-09-15 11:26 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-31 13:22 - 2012-09-15 11:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-31 13:22 - 2012-09-15 11:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-31 13:04 - 2010-11-21 04:47 - 00203786 _____ () C:\Windows\PFRO.log
2015-01-30 00:43 - 2014-11-09 20:29 - 00003892 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-01-30 00:43 - 2014-09-28 19:26 - 00003638 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-01-30 00:43 - 2012-12-27 13:15 - 00000000 ____D () C:\Program Files (x86)\Amazon
2015-01-30 00:33 - 2014-11-21 14:19 - 00000000 ____D () C:\Users\Iris\AppData\Local\ZombieInvasion
2015-01-30 00:06 - 2014-09-28 19:41 - 00001091 _____ () C:\Users\Iris\Desktop\Continue Live Installation.lnk
2015-01-29 23:55 - 2011-02-14 13:57 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-01-29 23:55 - 2011-02-14 13:57 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-01-29 23:55 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-29 23:47 - 2014-11-09 22:17 - 00000000 ____D () C:\Users\Iris\AppData\Local\StormWatch
2015-01-29 12:24 - 2012-08-25 12:56 - 00000000 ____D () C:\Windows\System32\Tasks\Fujitsu
2015-01-25 03:21 - 2014-10-25 18:01 - 00000000 ____D () C:\ProgramData\7fee0af45c734d07
2015-01-25 03:03 - 2014-09-29 23:01 - 00001047 _____ () C:\Users\Public\Desktop\Advanced-System Protector.lnk
2015-01-25 03:03 - 2014-09-29 23:01 - 00000000 ____D () C:\Users\Iris\AppData\Roaming\Systweak
2015-01-25 03:03 - 2014-09-29 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
2015-01-25 03:03 - 2014-09-29 23:01 - 00000000 ____D () C:\Program Files (x86)\ASP
2015-01-24 14:19 - 2014-09-28 19:25 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2015-01-24 12:28 - 2014-09-28 23:46 - 00000000 ____D () C:\Users\Iris\AppData\Roaming\InetStat
2015-01-24 12:23 - 2014-09-28 23:46 - 00000000 ____D () C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
2015-01-24 11:12 - 2013-06-21 21:47 - 00000000 ____D () C:\Program Files (x86)\Wajam

==================== Files in the root of some directories =======

2014-11-09 20:30 - 2014-11-09 20:30 - 1528736 _____ (Object Browser) C:\Users\Iris\AppData\Roaming\BNH.exe
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Iris\AppData\Roaming\CNPQO
2015-01-30 00:43 - 2015-01-30 00:43 - 1941464 _____ (home) C:\Users\Iris\AppData\Roaming\CNPQO.exe
2014-11-09 20:29 - 2014-11-09 20:29 - 2025376 _____ (Object Browser) C:\Users\Iris\AppData\Roaming\DCIEUTUC.exe
2013-07-26 23:47 - 2015-01-31 19:47 - 0000086 _____ () C:\Users\Iris\AppData\Roaming\WB.CFG
2013-07-06 13:54 - 2013-07-06 13:54 - 0000005 _____ () C:\Users\Iris\AppData\Roaming\WBPU-Q3-TTL.DAT
2013-07-09 19:52 - 2013-07-09 19:52 - 0000005 _____ () C:\Users\Iris\AppData\Roaming\WBPU-Q4-TTL.DAT
2013-07-15 16:56 - 2014-01-03 00:55 - 0000005 _____ () C:\Users\Iris\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-06-26 12:47 - 2014-01-31 08:47 - 0000005 _____ () C:\Users\Iris\AppData\Roaming\WBPU-TTL.DAT
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Iris\AppData\Roaming\YZQRCM
2015-01-30 00:44 - 2015-01-30 00:44 - 1317848 _____ (home) C:\Users\Iris\AppData\Roaming\YZQRCM.exe
2013-08-29 15:22 - 2013-08-29 15:22 - 0085126 _____ () C:\Users\Iris\AppData\Local\BargainWorkbench.crx
2013-07-30 23:50 - 2013-07-30 23:50 - 0081402 _____ () C:\Users\Iris\AppData\Local\MyMovieMagnet.crx
2015-01-24 15:01 - 2015-01-24 15:01 - 0613057 _____ (CMI Limited) C:\Users\Iris\AppData\Local\nshB9CA.tmp
2012-12-03 23:53 - 2012-12-04 01:00 - 95023320 ____T () C:\ProgramData\0tbpw.pad

Files to move or delete:
====================
C:\ProgramData\0tbpw.pad


Some content of TEMP:
====================
C:\Users\Iris\AppData\Local\Temp\-6n1cbhk.dll
C:\Users\Iris\AppData\Local\Temp\03qkc-gb.dll
C:\Users\Iris\AppData\Local\Temp\07cldlkl.dll
C:\Users\Iris\AppData\Local\Temp\0swdgjy6.dll
C:\Users\Iris\AppData\Local\Temp\0x6ivzz5.dll
C:\Users\Iris\AppData\Local\Temp\11dneb0y.dll
C:\Users\Iris\AppData\Local\Temp\21whhhir.dll
C:\Users\Iris\AppData\Local\Temp\2cocrb7q.dll
C:\Users\Iris\AppData\Local\Temp\2url0plq.dll
C:\Users\Iris\AppData\Local\Temp\3xdc3hpq.dll
C:\Users\Iris\AppData\Local\Temp\5-_puzu5.dll
C:\Users\Iris\AppData\Local\Temp\556tjvy5.dll
C:\Users\Iris\AppData\Local\Temp\5bpr4in_.dll
C:\Users\Iris\AppData\Local\Temp\5m_sgxhp.dll
C:\Users\Iris\AppData\Local\Temp\6y1h0n1x.dll
C:\Users\Iris\AppData\Local\Temp\74cfrk-c.dll
C:\Users\Iris\AppData\Local\Temp\7an8hst5.dll
C:\Users\Iris\AppData\Local\Temp\7pi_td1f.dll
C:\Users\Iris\AppData\Local\Temp\9fdmxb43.dll
C:\Users\Iris\AppData\Local\Temp\9irqvnmy.dll
C:\Users\Iris\AppData\Local\Temp\adqwrsrs.dll
C:\Users\Iris\AppData\Local\Temp\aiwnfegh.dll
C:\Users\Iris\AppData\Local\Temp\bui26ifb.dll
C:\Users\Iris\AppData\Local\Temp\c-vq1wxp.dll
C:\Users\Iris\AppData\Local\Temp\c0jzfjtz.dll
C:\Users\Iris\AppData\Local\Temp\c5lfzoat.dll
C:\Users\Iris\AppData\Local\Temp\cgcxk_hm.dll
C:\Users\Iris\AppData\Local\Temp\cwmnjegy.dll
C:\Users\Iris\AppData\Local\Temp\d-ngveh8.dll
C:\Users\Iris\AppData\Local\Temp\dhspkfar.dll
C:\Users\Iris\AppData\Local\Temp\dj0nk8wx.dll
C:\Users\Iris\AppData\Local\Temp\dlLogic.exe
C:\Users\Iris\AppData\Local\Temp\dltr.exe
C:\Users\Iris\AppData\Local\Temp\dmcp90rb.dll
C:\Users\Iris\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi_h19j.dll
C:\Users\Iris\AppData\Local\Temp\dwgixoly.dll
C:\Users\Iris\AppData\Local\Temp\dx5ekkx6.dll
C:\Users\Iris\AppData\Local\Temp\e3qf0zeg.dll
C:\Users\Iris\AppData\Local\Temp\eawg2ady.dll
C:\Users\Iris\AppData\Local\Temp\efijtbof.dll
C:\Users\Iris\AppData\Local\Temp\eiohakec.dll
C:\Users\Iris\AppData\Local\Temp\eq9kcbxw.dll
C:\Users\Iris\AppData\Local\Temp\f92_h9kc.dll
C:\Users\Iris\AppData\Local\Temp\fcqlc_wc.dll
C:\Users\Iris\AppData\Local\Temp\fptl306g.dll
C:\Users\Iris\AppData\Local\Temp\fpvvql2b.dll
C:\Users\Iris\AppData\Local\Temp\g911db5f.dll
C:\Users\Iris\AppData\Local\Temp\GCVerifier.dll
C:\Users\Iris\AppData\Local\Temp\gzieybqx.dll
C:\Users\Iris\AppData\Local\Temp\hmlqiihl.dll
C:\Users\Iris\AppData\Local\Temp\hr0yvemd.dll
C:\Users\Iris\AppData\Local\Temp\hs-q5agx.dll
C:\Users\Iris\AppData\Local\Temp\hsg6ekj3.dll
C:\Users\Iris\AppData\Local\Temp\i2imjvu0.dll
C:\Users\Iris\AppData\Local\Temp\i7euamhk.dll
C:\Users\Iris\AppData\Local\Temp\i8h9-dun.dll
C:\Users\Iris\AppData\Local\Temp\igxvcxrh.dll
C:\Users\Iris\AppData\Local\Temp\in_mh9db.dll
C:\Users\Iris\AppData\Local\Temp\ip1djypd.dll
C:\Users\Iris\AppData\Local\Temp\iqb_rd2j.dll
C:\Users\Iris\AppData\Local\Temp\iwv4lfhw.dll
C:\Users\Iris\AppData\Local\Temp\j7dna38j.dll
C:\Users\Iris\AppData\Local\Temp\j8fk64wq.dll
C:\Users\Iris\AppData\Local\Temp\jahvks_7.dll
C:\Users\Iris\AppData\Local\Temp\jgamgvrw.dll
C:\Users\Iris\AppData\Local\Temp\jlgwb7jx.dll
C:\Users\Iris\AppData\Local\Temp\jorfwwfa.dll
C:\Users\Iris\AppData\Local\Temp\ju4a5a12.dll
C:\Users\Iris\AppData\Local\Temp\k01luaqt.dll
C:\Users\Iris\AppData\Local\Temp\k0arx0zi.dll
C:\Users\Iris\AppData\Local\Temp\k9-wx2ps.dll
C:\Users\Iris\AppData\Local\Temp\Launcher__10890.exe
C:\Users\Iris\AppData\Local\Temp\lbpj9ovs.dll
C:\Users\Iris\AppData\Local\Temp\lnrwahld.dll
C:\Users\Iris\AppData\Local\Temp\lwpogwzd.dll
C:\Users\Iris\AppData\Local\Temp\mekr08bg.dll
C:\Users\Iris\AppData\Local\Temp\miscdbok.dll
C:\Users\Iris\AppData\Local\Temp\mqvhjshp.dll
C:\Users\Iris\AppData\Local\Temp\n7kdafo6.dll
C:\Users\Iris\AppData\Local\Temp\nfvut6qw.dll
C:\Users\Iris\AppData\Local\Temp\npzjz1rj.dll
C:\Users\Iris\AppData\Local\Temp\onmpzyoq.dll
C:\Users\Iris\AppData\Local\Temp\oy5n2kvi.dll
C:\Users\Iris\AppData\Local\Temp\ozrkiwbw.dll
C:\Users\Iris\AppData\Local\Temp\pdo8l9i1.dll
C:\Users\Iris\AppData\Local\Temp\pyi4ikwo.dll
C:\Users\Iris\AppData\Local\Temp\qna0wsbq.dll
C:\Users\Iris\AppData\Local\Temp\qvydik7m.dll
C:\Users\Iris\AppData\Local\Temp\qw6rvgiu.dll
C:\Users\Iris\AppData\Local\Temp\r7fnr7t6.dll
C:\Users\Iris\AppData\Local\Temp\rbtfieze.dll
C:\Users\Iris\AppData\Local\Temp\rfwuu1db.dll
C:\Users\Iris\AppData\Local\Temp\rprzekwv.dll
C:\Users\Iris\AppData\Local\Temp\rxd5yo-x.dll
C:\Users\Iris\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Iris\AppData\Local\Temp\spx67wvi.dll
C:\Users\Iris\AppData\Local\Temp\srv3548.exe
C:\Users\Iris\AppData\Local\Temp\stb2t2iq.dll
C:\Users\Iris\AppData\Local\Temp\swydwbbz.dll
C:\Users\Iris\AppData\Local\Temp\teoej_uz.dll
C:\Users\Iris\AppData\Local\Temp\tow0j2ak.dll
C:\Users\Iris\AppData\Local\Temp\tthslagj.dll
C:\Users\Iris\AppData\Local\Temp\uasmioqj.dll
C:\Users\Iris\AppData\Local\Temp\ub4fksxh.dll
C:\Users\Iris\AppData\Local\Temp\uckqaxzk.dll
C:\Users\Iris\AppData\Local\Temp\Uninstall.exe
C:\Users\Iris\AppData\Local\Temp\uoakknmj.dll
C:\Users\Iris\AppData\Local\Temp\uonpebls.dll
C:\Users\Iris\AppData\Local\Temp\us3flluh.dll
C:\Users\Iris\AppData\Local\Temp\u_6pembq.dll
C:\Users\Iris\AppData\Local\Temp\verifier.exe
C:\Users\Iris\AppData\Local\Temp\vkrnz-kt.dll
C:\Users\Iris\AppData\Local\Temp\vymak21d.dll
C:\Users\Iris\AppData\Local\Temp\w3roc5_t.dll
C:\Users\Iris\AppData\Local\Temp\w4586vnl.dll
C:\Users\Iris\AppData\Local\Temp\w9f3a4lg.dll
C:\Users\Iris\AppData\Local\Temp\wcwlalyz.dll
C:\Users\Iris\AppData\Local\Temp\wf0hif6f.dll
C:\Users\Iris\AppData\Local\Temp\wnt6np1w.dll
C:\Users\Iris\AppData\Local\Temp\ww_y7af6.dll
C:\Users\Iris\AppData\Local\Temp\x2iew6z1.dll
C:\Users\Iris\AppData\Local\Temp\x_qoettx.dll
C:\Users\Iris\AppData\Local\Temp\y9aod3tn.dll
C:\Users\Iris\AppData\Local\Temp\yotos9xb.dll
C:\Users\Iris\AppData\Local\Temp\_kmvkega.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-26 00:21

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Alt 01.02.2015, 20:15   #6
Irissss
 
Searchpage/genesis offers/ thanksforthedownload etc. - Standard

Searchpage/genesis offers/ thanksforthedownload etc.



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-01-2015 01
Ran by Iris at 2015-01-31 19:50:29
Running from C:\Users\Iris\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced-System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~4A5BE654_is1) (Version: 2.1.1000.14452 - systweak.com) <==== ATTENTION
AIS Connect (HKLM-x32\...\AIS Connect) (Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH)
AIS Connect (x32 Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH) Hidden
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.4 - CMI Limited) <==== ATTENTION
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BetterPRicEEChec (HKLM-x32\...\{4E5FE462-1A84-47B4-3411-C72434AAD86C}) (Version:  - "") <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Contrast Theme for Gmail (HKLM-x32\...\{BA5D43C9-D633-D0EC-CFEA-2ABA974B333D}) (Version:  - "")
ConvertAd (HKLM-x32\...\ConvertAd) (Version: 1.0.0.0 - ConvertAd) <==== ATTENTION!
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1908.7636 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
deaaL4real (HKLM-x32\...\{2FA77785-00C3-A920-6452-D4FE5C9C129F}) (Version:  - "")
Delta Chrome Toolbar (HKLM-x32\...\{177586E7-E42E-4F38-83D1-D15B4AF5B714}) (Version: 1.0.0.0 - DeltaInstaller) <==== ATTENTION
Delta toolbar   (HKLM-x32\...\delta) (Version: 1.8.10.0 - Delta) <==== ATTENTION
DeskUpdate 4.11 (HKLM-x32\...\DeskUpdate_is1) (Version: 4.11.0074 - Fujitsu Technology Solutions)
DiscountLOcator (HKLM-x32\...\{194FED75-9C74-BDB7-53F8-8CFFEF1AFEC9}) (Version:  - DiscountLocator) <==== ATTENTION
Dropbox (HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
eBay (HKLM-x32\...\{9983CD31-473F-4808-8317-5346119F0187}) (Version: 1.0.1 - eBay Inc.)
FastPlayer (HKLM-x32\...\FastPlayer) (Version: v1.0.0.1 - ) <==== ATTENTION
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Financial Times News Feed (HKLM-x32\...\{80E8B0A0-117D-1402-7CDE-688156237115}) (Version:  - CoupScanner) <==== ATTENTION
FLVPlayer (HKLM-x32\...\1ClickDownload) (Version: 2.1 Build 26473 - FLVPlayer) <==== ATTENTION
Free Studio version 5.7.3.917 (HKLM-x32\...\Free Studio_is1) (Version: 5.7.3.917 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.33.1005 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.33.1005 - DVDVideoSoft Ltd.)
Fujitsu Display Manager (HKLM-x32\...\InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}) (Version:  - )
Fujitsu Display Manager (Version: 7.01.00.210 - FUJITSU LIMITED) Hidden
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}) (Version: 3.60.1.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.60.1.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version:  - )
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.000 - Ihr Firmenname) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version:  - )
Fujitsu System Extension Utility (Version: 3.1.1.0 - FUJITSU LIMITED) Hidden
GamesDesktop 014.138 (HKLM-x32\...\gmsd_de_138_is1) (Version:  - GAMESDESKTOP) <==== ATTENTION
Genesis (HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\genesis_09281823) (Version:  - ) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HQVP1.9V28.09 (HKLM-x32\...\HQVP1.9V28.09) (Version: 1.35.9.16 - HighQVPV28.09)
InetStat (HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\InetStat) (Version: 0.5b - InetStat) <==== ATTENTION!
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2025 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{5FE78439-7CAA-45FE-A808-2D7A0FC98643}) (Version: 11.0.2.25 - Apple Inc.)
iWebar (HKLM-x32\...\iWebar) (Version: 1.35.9.29 - iWebar) <==== ATTENTION!
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
less2Peayu (HKLM-x32\...\{82B558C7-2A69-D3D5-B65A-DCAB3B65AD02}) (Version:  - "") <==== ATTENTION
LifeBook Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version:  - )
LifeBook Application Panel (Version: 8.1.0.0 - FUJITSU LIMITED) Hidden
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
LuckyiShOppera (HKLM-x32\...\{AE9B04F2-E9E8-162C-829B-52C116B3EFCC}) (Version:  - "") <==== ATTENTION
Lyrics Finder (HKLM-x32\...\lfind@nijadsoft.net) (Version:  - Nijad Software) <==== ATTENTION
Malwarebytes Anti-Malware Version 1.65.1.1000 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.65.1.1000 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyBestOffersToday 014.107 (HKLM-x32\...\mbot_de_107_is1) (Version:  - MYBESTOFFERSTODAY) <==== ATTENTION
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
NewPlayer (HKLM-x32\...\3EF8582E-5BF9-971B-CFB1-19A4B20089AF) (Version:  - NewPlayer-software) <==== ATTENTION
Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.7.2.3 - Symantec Corporation)
Object Browser (HKLM-x32\...\Object Browser) (Version: 1.35.9.29 - Object Browser) <==== ATTENTION!
OffersWizard Network System Driver (HKLM-x32\...\inethnfd) (Version: 1.0.0.3001 - ) <==== ATTENTION
omiga-plus uninstall (HKLM-x32\...\omiga-plus uninstall) (Version:  - omiga-plus) <==== ATTENTION
OnlineLowDeals (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - OnlineLowDeals) <==== ATTENTION
Open It! (HKLM-x32\...\OpenIt Open It!) (Version: 1.1.1 - OpenIt)
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.2.0.1 - PC Utilities Software Limited) <==== ATTENTION
PDF24 Creator 5.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PepperZip 1.0 (HKLM-x32\...\PepperZip) (Version: 1.0 - PepperWare Co.) <==== ATTENTION
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Play Now Radio (HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\playnowradio) (Version:  - playnowradio) <==== ATTENTION
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 5.3.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (Version: 5.3.001 - FUJITSU LIMITED) Hidden
PotatoSmile (HKLM-x32\...\{D86C82B0-1F02-816A-5F3D-6466F6A67566}) (Version:  - "")
Power Saving Utility (HKLM-x32\...\InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}) (Version:  - )
Power Saving Utility (Version: 31.01.11.013 - FUJITSU LIMITED) Hidden
PremiumDiscounts (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{d18dd5bb}) (Version:  - Software Publisher) <==== ATTENTION
PriceDownloader (HKLM-x32\...\{2D471A31-4FA7-95BA-1880-D441113ED736}) (Version:  - "") <==== ATTENTION
Qtrax Connection Manager (HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Qtrax Connection Manager) (Version: 20.13.07.02 - Qtrax Inc)
Qtrax Player (HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\2826921322.portal.qtrax.com) (Version:  - portal.qtrax.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30087 - Realtek Semiconductor Corp.)
RegClean-Pro (HKLM-x32\...\RegClean-Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
RoYalCouupon (HKLM-x32\...\{40DC4B27-4588-C56F-7737-D03A0ACE4383}) (Version:  - "") <==== ATTENTION
SalesChhecker (HKLM-x32\...\{CC17A332-9555-AD95-3985-0BDD9BF0EC71}) (Version:  - "")
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.20.1.20 - Client Connect LTD) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
ShopperMaster (HKLM-x32\...\{35E0D123-1F22-9AE6-F973-B7ECA46E8BFE}) (Version:  - "") <==== ATTENTION
Shopper-Pro (HKLM-x32\...\ShopperPro) (Version:  - ) <==== ATTENTION
Shopping Helper Smartbar (HKLM-x32\...\{C64BEB42-B25D-4674-BB55-4099CB720110}) (Version: 11.113.63.19229 - ReSoft Ltd.) <==== ATTENTION
Shopping Helper Smartbar Engine (HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\{7cf8ca7a-5617-487f-9801-87b07f2caf94}) (Version: 11.113.63.19229 - ReSoft Ltd.) <==== ATTENTION
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SmartWeb (HKLM-x32\...\SmartWeb) (Version: 8.0.3 - SoftBrain Technologies Ltd.) <==== ATTENTION
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.4.2 - ) <==== ATTENTION
Spotify (HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
StormWatch (HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\StormWatch) (Version: 1.0.1.10 - StormWatch) <==== ATTENTION!
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
TheHDvid-Codec V10 (HKLM-x32\...\TheHDvid-Codec V10) (Version: 1.36.01.22 - home) <==== ATTENTION
TuneUp Utilities 2012 (HKLM-x32\...\TuneUp Utilities 2012) (Version: 12.0.3600.73 - TuneUp Software)
TuneUp Utilities 2012 (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden
Uniblue SpeedUpMyPC (HKLM-x32\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: 5.2.1.7 - Uniblue Systems Ltd) <==== ATTENTION
Update for Zip Opener (HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\DSite) (Version:  - ) <==== ATTENTION
Wajam (HKLM-x32\...\WInterEnhance) (Version: 2.21.2.24 (i2.6) - WInterEnhance) <==== ATTENTION
Web Protect for Windows (HKLM-x32\...\wp-dcollect-tgu) (Version: 10.0.0 - PC Publishing) <==== ATTENTION
WebEnhance (HKLM-x32\...\WebEnhance) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinZipper (HKLM-x32\...\WinZipper) (Version: 1.5.77 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
Yontoo 1.12.02 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.12.02 - Yontoo LLC) <==== ATTENTION
YTDownloader (HKLM-x32\...\YTDownloader) (Version:  - YTDownloader) <==== ATTENTION!
Zip Opener Packages (HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Zip Opener Packages) (Version:  - ) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

15-10-2014 21:56:10 Windows Update
25-10-2014 17:33:42 Windows Update
25-10-2014 22:39:31 Windows Update
25-10-2014 23:03:06 Windows Update
26-10-2014 20:38:20 Windows Update
26-10-2014 22:36:36 Windows Update
09-11-2014 20:34:41 Windows Update
09-11-2014 23:31:23 Windows Update
21-11-2014 14:25:50 Windows Update
31-12-2014 14:43:04 Windows Update
31-12-2014 14:47:39 Windows Modules Installer
24-01-2015 11:23:44 Windows Update
24-01-2015 11:31:26 Windows Update
25-01-2015 03:12:53 Windows Update
29-01-2015 11:46:43 Windows Update
30-01-2015 00:01:27 Windows Update
31-01-2015 13:23:08 Windows Update
31-01-2015 13:23:08 Windows Update
31-01-2015 14:01:51 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {088D4EB3-FD54-4B55-AF95-2844A26ECBB5} - System32\Tasks\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-5_user => C:\Program Files (x86)\HQVP1.9V28.09\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-5.exe [2014-09-28] (HighQVPV28.09) <==== ATTENTION
Task: {0A2EB7CB-9A4B-4DC6-BEAB-F1A355082ADC} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe [2014-08-25] (Goobzo) <==== ATTENTION
Task: {0E6AA818-5BFA-4F03-883C-5FCF6A91EC65} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {0FBBD3E4-D047-4088-8625-5D69E5EF149E} - System32\Tasks\7d2743b4-7b82-4bf0-86c6-afe5b400f402-1 => C:\Program Files (x86)\iWebar\iWebar-codedownloader.exe [2014-11-09] (iWebar) <==== ATTENTION
Task: {103EFDC1-0AFE-4F45-9011-109610858654} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [2014-09-16] (PC Utilities Software Limited) <==== ATTENTION
Task: {16596EF7-542F-4431-8704-1D5491B94CE0} - System32\Tasks\YZQRCM => C:\Users\Iris\AppData\Roaming\YZQRCM.exe [2015-01-30] (home) <==== ATTENTION
Task: {1703BA76-32C9-4056-8253-FF51EC6B28A3} - System32\Tasks\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-1 => C:\Program Files (x86)\HQVP1.9V28.09\HQVP1.9V28.09-codedownloader.exe [2014-09-28] (HighQVPV28.09) <==== ATTENTION
Task: {19EC01F6-F939-492E-9136-8BC54A98DF7D} - System32\Tasks\a8fa3747-9df7-44eb-ba24-7b9b53596002 => C:\Program Files (x86)\HQVP1.9V28.09\a8fa3747-9df7-44eb-ba24-7b9b53596002.exe [2014-09-28] (HighQVPV28.09) <==== ATTENTION
Task: {1E10A7FB-2A99-4AB9-8290-E9E0CF94ED11} - System32\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-4 => C:\Program Files (x86)\TheHDvid-Codec V10\84ac6b56-1a0e-44c6-a81c-7575aa44c736-4.exe [2015-01-30] (home) <==== ATTENTION
Task: {1FC41ECE-2B71-4FB8-8AED-62002C022288} - System32\Tasks\7d2743b4-7b82-4bf0-86c6-afe5b400f402-5 => C:\Program Files (x86)\iWebar\7d2743b4-7b82-4bf0-86c6-afe5b400f402-5.exe [2014-11-09] (iWebar) <==== ATTENTION
Task: {2096D68A-72D9-42A6-AD40-D4BD6138BC63} - System32\Tasks\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-5 => C:\Program Files (x86)\HQVP1.9V28.09\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-5.exe [2014-09-28] (HighQVPV28.09) <==== ATTENTION
Task: {22F4B317-F90F-4D45-8E49-D1EFA17725F7} - System32\Tasks\CNPQO => C:\Users\Iris\AppData\Roaming\CNPQO.exe [2015-01-30] (home) <==== ATTENTION
Task: {26D058A4-67B7-42A5-8A91-0A5651B8511D} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1399\jsdrv.exe [2014-12-30] () <==== ATTENTION
Task: {276C8E0A-7E33-4361-AC2D-1325CEE53CBF} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {2A794D5E-F5A4-44CE-9728-8BB6E45C80BB} - System32\Tasks\7d2743b4-7b82-4bf0-86c6-afe5b400f402-11 => C:\Program Files (x86)\iWebar\7d2743b4-7b82-4bf0-86c6-afe5b400f402-11.exe [2014-11-09] (iWebar) <==== ATTENTION
Task: {2FD9345C-3515-425F-AF73-BF73DA5CB017} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-01-30] (globalUpdate) <==== ATTENTION
Task: {3762BD60-54A3-486A-83BC-146B1BCCD005} - System32\Tasks\AmiUpdXp => C:\Users\Iris\AppData\Local\1755\Updater.exe [2014-11-09] () <==== ATTENTION
Task: {386D75BC-CA23-45F3-98B7-9B06504EAE75} - System32\Tasks\7d2743b4-7b82-4bf0-86c6-afe5b400f402-4 => C:\Program Files (x86)\iWebar\7d2743b4-7b82-4bf0-86c6-afe5b400f402-4.exe [2014-11-09] (iWebar) <==== ATTENTION
Task: {3909FFEC-8960-4D92-99D0-700F9436E49B} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-01-24] (AnyProtect.com) <==== ATTENTION
Task: {3953BD6C-3F2D-4EF7-A78F-053C13EDD902} - System32\Tasks\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-5 => C:\Program Files (x86)\Object Browser\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-5.exe [2014-11-09] (Object Browser) <==== ATTENTION
Task: {3D61946B-23BE-42F2-A9DE-54450EA48419} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {450A4E0B-A288-4CCC-9D6C-BFCB50FA2186} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-31] (Adobe Systems Incorporated)
Task: {472FA56A-84C2-4F1A-87C5-0A2328306CDA} - System32\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-2 => C:\Program Files (x86)\TheHDvid-Codec V10\84ac6b56-1a0e-44c6-a81c-7575aa44c736-2.exe [2015-01-30] (home) <==== ATTENTION
Task: {4D08E9AB-2F37-47C2-9488-8940CC87DA64} - System32\Tasks\7d2743b4-7b82-4bf0-86c6-afe5b400f402-7 => C:\Program Files (x86)\iWebar\7d2743b4-7b82-4bf0-86c6-afe5b400f402-7.exe [2014-11-09] (iWebar) <==== ATTENTION
Task: {4D9CF1DD-C8A4-4F7C-9BC1-68196796E82F} - System32\Tasks\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-6 => C:\Program Files (x86)\Object Browser\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-6.exe [2014-11-09] (Object Browser) <==== ATTENTION
Task: {502CFBCE-AD9B-41EA-BCC2-F9D929223106} - System32\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-5_user => C:\Program Files (x86)\TheHDvid-Codec V10\84ac6b56-1a0e-44c6-a81c-7575aa44c736-5.exe [2015-01-30] (home) <==== ATTENTION
Task: {519F2A36-5F5A-4795-B03F-0A7202F5EFB5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5294EF5B-EC6C-4974-B6D4-437407FC339B} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe [2014-12-30] (Goobzo) <==== ATTENTION
Task: {52FB3744-6BBC-45B1-A1C7-F6843B3EA646} - System32\Tasks\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-7 => C:\Program Files (x86)\Object Browser\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-7.exe [2014-11-09] (Object Browser) <==== ATTENTION
Task: {5329A298-6E8D-44E2-AAF6-0524B9E2B289} - System32\Tasks\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-3 => C:\Program Files (x86)\Object Browser\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-3.exe [2014-11-09] (Object Browser) <==== ATTENTION
Task: {54B40CE4-2A1D-42B2-B849-5E40998F5299} - System32\Tasks\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-6 => C:\Program Files (x86)\HQVP1.9V28.09\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-6.exe [2014-09-28] (HighQVPV28.09) <==== ATTENTION
Task: {54E06D6D-CDA9-4421-BE77-787B20597225} - System32\Tasks\7d2743b4-7b82-4bf0-86c6-afe5b400f402-2 => C:\Program Files (x86)\iWebar\7d2743b4-7b82-4bf0-86c6-afe5b400f402-2.exe [2014-11-09] (iWebar) <==== ATTENTION
Task: {60DFF8E0-C4B6-488B-8031-28526C9F4C52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-25] (Google Inc.)
Task: {62123F39-D40E-4021-9E7A-69BB5E1AD0D7} - System32\Tasks\SPBIW_UpdateTask_Time_34313637383037312d45372a5a506c41324a345741 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {6688662B-18F7-44FC-9123-C395A8DC7C4B} - System32\Tasks\7d2743b4-7b82-4bf0-86c6-afe5b400f402-6 => C:\Program Files (x86)\iWebar\7d2743b4-7b82-4bf0-86c6-afe5b400f402-6.exe [2014-11-09] (iWebar) <==== ATTENTION
Task: {6AFBDE18-1157-4D4D-A4DB-1098811B8C02} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2014-08-25] (YTDownloader) <==== ATTENTION
Task: {6CE2A064-0662-44D2-888C-880B7ED540EE} - System32\Tasks\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-4 => C:\Program Files (x86)\Object Browser\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-4.exe [2014-11-09] (Object Browser) <==== ATTENTION
Task: {6D52ECA5-631E-48C6-A42E-B0EC2DE75F89} - System32\Tasks\NewPlayer Update => C:\Program Files (x86)\ver6NewPlayer\t0NewPlayerW38.exe [2014-09-28] ()
Task: {6FDDB323-C299-4F85-84CA-B445A94AE48B} - System32\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-10_user => C:\Program Files (x86)\TheHDvid-Codec V10\84ac6b56-1a0e-44c6-a81c-7575aa44c736-10.exe [2015-01-30] (home) <==== ATTENTION
Task: {72D14549-0652-412C-92A5-BAC8B3251A43} - System32\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-1 => C:\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-codedownloader.exe [2015-01-30] (home) <==== ATTENTION
Task: {742F8CC8-2A65-4621-BA74-CAEFF454806F} - System32\Tasks\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-5_user => C:\Program Files (x86)\Object Browser\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-5.exe [2014-11-09] (Object Browser) <==== ATTENTION
Task: {793E6BC0-41D9-4008-BC21-C19B784894D4} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-01-24] (AnyProtect.com) <==== ATTENTION
Task: {7BA70480-C0E9-4617-B3C3-CB71B8CE5990} - System32\Tasks\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-11 => C:\Program Files (x86)\Object Browser\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-11.exe [2014-11-09] (Object Browser) <==== ATTENTION
Task: {80E06C86-441B-4190-9FAB-AD1503B4E5C8} - System32\Tasks\Play Now Radio => C:\Users\Iris\AppData\Local\playnowradio\playnowradio\1.3.19.3\playnowradio.exe [2015-01-30] (Pay By Ads LTD) <==== ATTENTION
Task: {82349177-980D-40A7-B379-E623ACC206D3} - System32\Tasks\avaxvyvax => C:\Users\Iris\AppData\Local\avaxvyvax\avaxvyvax.exe [2015-01-20] ()
Task: {864751C0-8BDE-42DD-A603-4AE6D45CFA64} - System32\Tasks\DSite => C:\Users\Iris\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe [2013-06-21] () <==== ATTENTION
Task: {88EE5756-64AF-4B53-9F09-AE06132BB992} - System32\Tasks\ShopperPro => C:\Program Files (x86)\ShopperPro\ShopperPro.exe [2014-12-30] (Goobzo LTD) <==== ATTENTION
Task: {8C87204A-94CC-43A4-99FD-E026397614C5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {92EC7961-A6B0-477B-8449-FA388EC6C5B2} - System32\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-5 => C:\Program Files (x86)\TheHDvid-Codec V10\84ac6b56-1a0e-44c6-a81c-7575aa44c736-5.exe [2015-01-30] (home) <==== ATTENTION
Task: {9D47777A-C6A0-4712-BD77-631E8BCF3297} - System32\Tasks\Play Now Radio Updater => C:\Users\Iris\AppData\Local\playnowradio\playnowradio\1.3.19.3\playsetup.exe [2015-01-30] (Pay By Ads LTD) <==== ATTENTION
Task: {9EC75519-3538-42F9-8B33-510385D5A827} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-01-30] (globalUpdate) <==== ATTENTION
Task: {A3E83DFA-476A-4869-BF70-9308A022824C} - System32\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-7 => C:\Program Files (x86)\TheHDvid-Codec V10\84ac6b56-1a0e-44c6-a81c-7575aa44c736-7.exe [2015-01-30] (home) <==== ATTENTION
Task: {A685E1BE-FA42-48F9-A7D8-8A3297FDD303} - System32\Tasks\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-11 => C:\Program Files (x86)\HQVP1.9V28.09\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-11.exe [2014-09-28] (HighQVPV28.09) <==== ATTENTION
Task: {BC27A4D8-5960-45B0-95B0-AB399C32C614} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {BDC36801-786A-453D-AAE0-8DBE9B3994DF} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-01-24] (AnyProtect.com) <==== ATTENTION
Task: {C9F1C2F6-73D2-4989-8DAC-33F2BD733898} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {CE42F09A-D46F-4552-A0AF-35949BF820C2} - System32\Tasks\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-2 => C:\Program Files (x86)\Object Browser\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-2.exe [2014-11-09] (Object Browser) <==== ATTENTION
Task: {D3C5021A-A9F3-4B70-B947-A3A28029454C} - System32\Tasks\Fujitsu\DeskUpdateRetry => c:\Fujitsu\Programs\DeskUpdate\ducmd.exe [2010-10-13] (Fujitsu Technology Solutions)
Task: {D458E88A-497B-49F2-9467-3F2C16349361} - System32\Tasks\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-7 => C:\Program Files (x86)\HQVP1.9V28.09\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-7.exe [2014-09-28] (HighQVPV28.09) <==== ATTENTION
Task: {DBD5752E-6561-4D46-8657-D133D369643F} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {E044AD13-0F00-42E1-ADC0-B9BCE2CB5970} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2012-05-29] (TuneUp Software)
Task: {E222BD60-A2EA-4F44-AB26-9E4EFC97BA7E} - System32\Tasks\Advanced-System Protector_startup => C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe [2014-12-09] () <==== ATTENTION
Task: {E5271480-0591-4F63-BE61-9C47E40378E1} - System32\Tasks\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-3 => C:\Program Files (x86)\HQVP1.9V28.09\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-3.exe [2014-09-28] (HighQVPV28.09) <==== ATTENTION
Task: {E57DCCFA-155A-4510-909B-EE72BC0A842C} - System32\Tasks\Fujitsu\DeskUpdate => c:\Fujitsu\Programs\DeskUpdate\ducmd.exe [2010-10-13] (Fujitsu Technology Solutions)
Task: {E855BE10-2314-43AB-96F1-6534C4DE7290} - System32\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-6 => C:\Program Files (x86)\TheHDvid-Codec V10\84ac6b56-1a0e-44c6-a81c-7575aa44c736-6.exe [2015-01-30] (home) <==== ATTENTION
Task: {EB4E7C56-D391-431A-B2A1-2AC1050A1825} - System32\Tasks\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-2 => C:\Program Files (x86)\HQVP1.9V28.09\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-2.exe [2014-09-28] (HighQVPV28.09) <==== ATTENTION
Task: {ECED32AB-D012-4724-904C-CA9320F39600} - System32\Tasks\7d2743b4-7b82-4bf0-86c6-afe5b400f402-5_user => C:\Program Files (x86)\iWebar\7d2743b4-7b82-4bf0-86c6-afe5b400f402-5.exe [2014-11-09] (iWebar) <==== ATTENTION
Task: {F0D6985D-70B1-43ED-86E1-735366F22736} - System32\Tasks\56ea00c8-0218-431a-af3c-946fd69f3dea => C:\Program Files (x86)\HQVP1.9V28.09\56ea00c8-0218-431a-af3c-946fd69f3dea.exe [2014-09-28] () <==== ATTENTION
Task: {F19BD183-5A20-4688-8ECE-D8157D431B68} - System32\Tasks\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-1 => C:\Program Files (x86)\Object Browser\Object Browser-codedownloader.exe [2014-11-09] (Object Browser) <==== ATTENTION
Task: {FAA6CC61-EA81-482B-A83D-B13927E7326D} - System32\Tasks\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-4 => C:\Program Files (x86)\HQVP1.9V28.09\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-4.exe [2014-09-28] (HighQVPV28.09) <==== ATTENTION
Task: {FE464BB4-2EE9-4AE5-9000-C6EF135EFB18} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-11-13] (MyPC Backup) <==== ATTENTION
Task: {FE922BD5-19C5-4753-B863-65E979E82ECC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-25] (Google Inc.)
Task: C:\Windows\Tasks\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-1.job => C:\Program Files (x86)\Object Browser\Object Browser-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-11.job => C:\Program Files (x86)\Object Browser\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-2.job => C:\Program Files (x86)\Object Browser\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-3.job => C:\Program Files (x86)\Object Browser\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-4.job => C:\Program Files (x86)\Object Browser\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-5.job => C:\Program Files (x86)\Object Browser\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-5_user.job => C:\Program Files (x86)\Object Browser\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-6.job => C:\Program Files (x86)\Object Browser\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-7.job => C:\Program Files (x86)\Object Browser\186aa42a-bc1d-42d3-98c6-b0b4350fc50e-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\56ea00c8-0218-431a-af3c-946fd69f3dea.job => C:\Program Files (x86)\HQVP1.9V28.09\56ea00c8-0218-431a-af3c-946fd69f3dea.exe <==== ATTENTION
Task: C:\Windows\Tasks\7d2743b4-7b82-4bf0-86c6-afe5b400f402-1.job => C:\Program Files (x86)\iWebar\iWebar-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\7d2743b4-7b82-4bf0-86c6-afe5b400f402-11.job => C:\Program Files (x86)\iWebar\7d2743b4-7b82-4bf0-86c6-afe5b400f402-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\7d2743b4-7b82-4bf0-86c6-afe5b400f402-2.job => C:\Program Files (x86)\iWebar\7d2743b4-7b82-4bf0-86c6-afe5b400f402-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\7d2743b4-7b82-4bf0-86c6-afe5b400f402-4.job => C:\Program Files (x86)\iWebar\7d2743b4-7b82-4bf0-86c6-afe5b400f402-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\7d2743b4-7b82-4bf0-86c6-afe5b400f402-5.job => C:\Program Files (x86)\iWebar\7d2743b4-7b82-4bf0-86c6-afe5b400f402-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\7d2743b4-7b82-4bf0-86c6-afe5b400f402-5_user.job => C:\Program Files (x86)\iWebar\7d2743b4-7b82-4bf0-86c6-afe5b400f402-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\7d2743b4-7b82-4bf0-86c6-afe5b400f402-6.job => C:\Program Files (x86)\iWebar\7d2743b4-7b82-4bf0-86c6-afe5b400f402-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\7d2743b4-7b82-4bf0-86c6-afe5b400f402-7.job => C:\Program Files (x86)\iWebar\7d2743b4-7b82-4bf0-86c6-afe5b400f402-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-1.job => C:\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-10_user.job => C:\Program Files (x86)\TheHDvid-Codec V10\84ac6b56-1a0e-44c6-a81c-7575aa44c736-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-2.job => C:\Program Files (x86)\TheHDvid-Codec V10\84ac6b56-1a0e-44c6-a81c-7575aa44c736-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-4.job => C:\Program Files (x86)\TheHDvid-Codec V10\84ac6b56-1a0e-44c6-a81c-7575aa44c736-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-5.job => C:\Program Files (x86)\TheHDvid-Codec V10\84ac6b56-1a0e-44c6-a81c-7575aa44c736-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-5_user.job => C:\Program Files (x86)\TheHDvid-Codec V10\84ac6b56-1a0e-44c6-a81c-7575aa44c736-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-6.job => C:\Program Files (x86)\TheHDvid-Codec V10\84ac6b56-1a0e-44c6-a81c-7575aa44c736-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\84ac6b56-1a0e-44c6-a81c-7575aa44c736-7.job => C:\Program Files (x86)\TheHDvid-Codec V10\84ac6b56-1a0e-44c6-a81c-7575aa44c736-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-1.job => C:\Program Files (x86)\HQVP1.9V28.09\HQVP1.9V28.09-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-11.job => C:\Program Files (x86)\HQVP1.9V28.09\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-2.job => C:\Program Files (x86)\HQVP1.9V28.09\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-3.job => C:\Program Files (x86)\HQVP1.9V28.09\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-4.job => C:\Program Files (x86)\HQVP1.9V28.09\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-5.job => C:\Program Files (x86)\HQVP1.9V28.09\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-5_user.job => C:\Program Files (x86)\HQVP1.9V28.09\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-6.job => C:\Program Files (x86)\HQVP1.9V28.09\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-7.job => C:\Program Files (x86)\HQVP1.9V28.09\8b9b81b3-e9b9-4943-bb1e-25e00fb8a529-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\a8fa3747-9df7-44eb-ba24-7b9b53596002.job => C:\Program Files (x86)\HQVP1.9V28.09\a8fa3747-9df7-44eb-ba24-7b9b53596002.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Iris\AppData\Local\1755\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\CNPQO.job => C:\Users\Iris\AppData\Roaming\CNPQO.exe <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\Iris\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\NewPlayer Update.job => C:\Program Files (x86)\ver6NewPlayer\t0NewPlayerW38.exe
Task: C:\Windows\Tasks\YZQRCM.job => C:\Users\Iris\AppData\Roaming\YZQRCM.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2009-01-26 16:49 - 2009-01-26 16:49 - 00032768 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe
2014-09-22 14:07 - 2014-09-22 14:07 - 00011776 _____ () C:\Program Files (x86)\FastPlayer\FastPlayerUpdaterService.exe
2014-12-19 17:56 - 2014-12-19 17:56 - 00312320 _____ () C:\Program Files (x86)\WInterEnhance\WInterEnhance Internet Enhancer\InternetEnhancerService.exe
2014-08-27 15:34 - 2014-08-27 15:34 - 00032800 _____ () C:\Program Files (x86)\LPT\srpts.exe
2014-08-21 11:33 - 2014-09-28 19:28 - 00106376 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-08-21 11:32 - 2014-09-28 19:28 - 00733576 _____ () C:\Program Files (x86)\SupTab\HpUI.exe
2014-09-29 23:01 - 2014-12-09 13:48 - 06715176 _____ () C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe
2014-09-28 19:24 - 2014-09-28 19:24 - 00261120 _____ () C:\Program Files (x86)\ver6NewPlayer\B5e.exe
2014-07-16 10:55 - 2014-07-16 10:55 - 00073216 _____ () C:\Program Files (x86)\SupTab\Loader64.exe
2014-07-16 11:16 - 2014-07-16 11:16 - 00064000 _____ () C:\Program Files (x86)\SupTab\Loader32.exe
2014-12-19 17:56 - 2014-12-19 17:56 - 00083456 _____ () C:\Program Files (x86)\WInterEnhance\WInterEnhance Internet Enhancer\InternetEnhancer.exe
2015-01-31 10:39 - 2015-01-31 10:39 - 00369664 _____ () C:\Windows\SysWOW64\nethtsrv.exe
2014-08-27 15:34 - 2014-08-27 15:34 - 00034848 _____ () C:\Program Files (x86)\LPT\srptsl.exe
2014-09-28 19:24 - 2014-09-28 19:24 - 00531968 _____ () C:\Program Files (x86)\ver6NewPlayer\t0NewPlayerW38.exe
2014-09-02 20:55 - 2014-09-02 20:55 - 00487483 _____ () C:\monitor.exe
2015-01-24 13:56 - 2015-01-24 13:56 - 00123392 _____ () C:\Users\Iris\AppData\Local\ConvertAd\CASrv.exe
2014-09-28 19:26 - 2014-09-28 19:26 - 00072192 _____ () C:\Users\Iris\AppData\Roaming\VOPackage\VOsrv.exe
2015-01-31 10:39 - 2015-01-31 10:39 - 00186368 _____ () C:\Windows\SysWOW64\netupdsrv.exe
2014-09-28 19:24 - 2014-09-28 19:24 - 00316416 _____ () C:\Program Files (x86)\ver6NewPlayer\Q7dt179.exe
2014-09-28 19:25 - 2014-09-25 11:26 - 03303928 _____ () C:\Users\Iris\AppData\Local\mbot_de_107\upmbot_de_107.exe
2013-07-08 13:32 - 2013-07-29 14:44 - 00118568 _____ () C:\Users\Iris\Qtrax\Player\Notification.exe
2014-09-28 19:23 - 2014-09-28 19:23 - 02584576 _____ () C:\Users\Iris\AppData\Local\Genesis_09281823\Genesis_09281823.exe
2014-09-28 23:46 - 2015-01-24 12:23 - 00777230 _____ () C:\Users\Iris\AppData\Roaming\InetStat\inetstat.exe
2014-11-09 20:26 - 2014-12-30 19:10 - 03224576 _____ () C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1399\jsdrv.exe
2014-11-13 10:59 - 2014-11-13 10:58 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2014-11-13 10:59 - 2014-11-13 10:57 - 00060928 _____ () C:\Program Files (x86)\MyPC Backup\LinqBridge.dll
2014-11-13 10:59 - 2014-11-13 10:57 - 00270336 _____ () C:\Program Files (x86)\MyPC Backup\AlphaFS.dll
2014-08-13 19:19 - 2014-08-13 19:19 - 01140760 _____ () C:\Users\Iris\AppData\Local\StormWatch\StormWatchApp.exe
2014-09-28 19:25 - 2014-09-25 11:26 - 03971528 _____ () C:\Program Files (x86)\mbot_de_107\mbot_de_107.exe
2015-01-24 13:46 - 2015-01-24 10:06 - 03979920 _____ () C:\Program Files (x86)\gmsd_de_138\gmsd_de_138.exe
2015-01-24 03:08 - 2015-01-24 03:08 - 02978816 _____ () C:\Users\Iris\AppData\Local\ConvertAd\ConvertAd.exe
2014-12-31 15:33 - 2014-12-31 05:34 - 00612528 _____ () C:\Program Files (x86)\WinZipper\sqlite3.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00014336 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\schedutils.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00014336 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\cutils.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00025088 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\osal.dll
2009-01-26 16:49 - 2009-01-26 16:49 - 00229376 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\serviceagent.dll
2009-01-26 16:46 - 2009-01-26 16:46 - 00204800 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\messaging.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00017920 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\cmessaging.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00009216 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\threadpool.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00014336 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\utils.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00011264 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\cuxml.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00057344 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\transports.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00208896 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\ssl.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00876544 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\crypto.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00077824 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\expat.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00081920 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\registration.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00090112 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\remoteaccess.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00057344 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\scheduler.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00053248 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\pollingserver.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00045056 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\acm.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00021504 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\httpbroker.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00086016 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\monitormanager.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00053248 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\filetransfer.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00013312 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\urischeme.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00155648 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\filerepository.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00008192 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\md5c.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00258048 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\swupdate.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00053248 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\commoncfg.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00045056 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\usagejob.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00008192 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\sslinit.dll
2009-01-15 14:50 - 2009-01-15 14:50 - 00017408 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\c2sLogger.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00043008 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\httpServerConnDS.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00012288 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\sctunnel.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00017408 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\ttunnel.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00057344 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\totalaccess.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00010240 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaversions.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00014336 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\stdinstallers.dll
2009-03-25 10:23 - 2009-03-25 10:23 - 00029184 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\exectaDS.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00026112 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\winwmids.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00009728 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\pstoreds.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00057344 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\winsysinfods.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00057344 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\winvmstatds.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00025600 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\winfsinfods.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00026112 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\cmdds.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00006656 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\uadfw.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00016896 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\stdrules.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00008192 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\rulelib.dll
2012-08-27 20:33 - 2012-08-27 20:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 20:33 - 2012-08-27 20:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-31 14:51 - 2014-12-31 14:51 - 04246528 _____ () c:\Program Files (x86)\AwesomeSalesonOffer\LessIsBest.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00042528 _____ () C:\Program Files (x86)\LPT\srptc.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00018976 _____ () C:\Program Files (x86)\LPT\Smartbar.Common.dll
2014-09-29 23:01 - 2012-07-25 12:03 - 00886272 _____ () C:\Program Files (x86)\ASP\System.Data.SQLite.dll
2014-09-29 23:01 - 2014-12-09 13:48 - 01730856 _____ () C:\Program Files (x86)\ASP\aspsys.dll
2014-08-21 11:33 - 2014-09-28 19:28 - 00023944 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll
2014-09-29 23:01 - 2014-12-09 13:48 - 00064296 _____ () C:\Program Files (x86)\ASP\ScanDll.dll
2014-09-28 19:24 - 2014-09-28 19:24 - 00226816 _____ () C:\Program Files (x86)\ver6NewPlayer\Q7dt179.dll
2015-01-31 10:39 - 2015-01-31 10:39 - 00108544 _____ () C:\Windows\SysWOW64\hfnapi.dll
2015-01-31 10:39 - 2015-01-31 10:39 - 00437248 _____ () C:\Windows\SysWOW64\hfpapi.dll
2014-08-27 15:35 - 2014-08-27 15:35 - 00070176 _____ () C:\Program Files (x86)\LPT\srut.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00050208 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00086048 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\srau.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00165920 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 02425376 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00066592 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\spbl.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00158240 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00014368 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\siem.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00067616 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\sppsm.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00696864 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00014880 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00078880 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00027168 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2014-08-27 15:35 - 2014-08-27 15:35 - 00070176 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\srut.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00029216 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\srsbs.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00065568 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00150560 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\smti.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00073760 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\smsp.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00011808 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\sidc.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00030752 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\smtu.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00038432 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\smta.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00031264 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\srom.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00024096 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\sgml.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00047136 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\srbu.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00061984 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00024608 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\srpdm.dll
2014-08-27 15:33 - 2014-08-27 15:33 - 00043552 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2014-08-27 15:33 - 2014-08-27 15:33 - 00026656 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00035360 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00193056 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\sgmu.dll
2014-05-12 10:21 - 2014-05-12 10:21 - 00061440 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00255008 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\srns.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Iris\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-31 19:40 - 2015-01-31 19:40 - 00043008 _____ () c:\users\iris\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi_h19j.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Iris\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Iris\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Iris\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-09-04 00:24 - 2014-09-04 00:24 - 00827392 _____ () C:\Program Files (x86)\pctrunner\pcproxydll.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00101408 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll
2015-01-29 23:54 - 2015-01-29 23:54 - 00561664 _____ () C:\Program Files (x86)\LuckyiShOppera\8KrO4YIqvcOxLB.dll
2015-01-31 13:26 - 2015-01-31 13:26 - 00561664 _____ () C:\Program Files (x86)\BetterPRicEEChec\0sUWES3cvmPXOm.dll
2015-01-30 00:45 - 2015-01-30 00:45 - 00394712 _____ () C:\program files (x86)\thehdvid-codec v10\TheHDvid-Codec V10-buttonutil.dll
2014-11-09 20:30 - 2014-11-09 20:30 - 00433056 _____ () C:\program files (x86)\object browser\Object Browser-buttonutil.dll
2014-09-14 14:26 - 2014-09-25 19:57 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-30 00:46 - 2015-01-30 00:46 - 00288768 _____ () C:\Users\Iris\AppData\Local\playnowradio\playnowradio\1.3.19.3\liajnlMl.dll
2015-01-31 13:22 - 2015-01-31 13:22 - 16844976 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00023072 _____ () C:\Users\Iris\AppData\Local\LPT\srptm.exe
2014-08-27 15:34 - 2014-08-27 15:34 - 00081952 _____ () C:\Users\Iris\AppData\Local\LPT\srpt.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00042528 _____ () C:\Users\Iris\AppData\Local\LPT\srptc.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00018976 _____ () C:\Users\Iris\AppData\Local\LPT\Smartbar.Common.dll
2014-08-27 15:35 - 2014-08-27 15:35 - 00070176 _____ () C:\Users\Iris\AppData\Local\LPT\srut.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00067616 _____ () C:\Users\Iris\AppData\Local\LPT\sppsm.dll
2014-08-27 15:34 - 2014-08-27 15:34 - 00158240 _____ () C:\Users\Iris\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-08-27 15:33 - 2014-08-27 15:33 - 00023584 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\Lrcnta.exe
2014-08-27 15:33 - 2014-08-27 15:33 - 00032800 _____ () C:\Users\Iris\AppData\Local\Smartbar\Application\lrcnt.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3450306727-158836411-271950113-500 - Administrator - Disabled)
Gast (S-1-5-21-3450306727-158836411-271950113-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3450306727-158836411-271950113-1002 - Limited - Enabled)
Iris (S-1-5-21-3450306727-158836411-271950113-1001 - Administrator - Enabled) => C:\Users\Iris

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2015 07:45:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514, Zeitstempel: 0x4ce7ae7f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x5315a05a
Ausnahmecode: 0x0000046b
Fehleroffset: 0x000000000000940d
ID des fehlerhaften Prozesses: 0x21a0
Startzeit der fehlerhaften Anwendung: 0xwmpnetwk.exe0
Pfad der fehlerhaften Anwendung: wmpnetwk.exe1
Pfad des fehlerhaften Moduls: wmpnetwk.exe2
Berichtskennung: wmpnetwk.exe3

Error: (01/31/2015 07:44:29 PM) (Source: NetHttpService) (EventID: 0) (User: )
Description: NetHttpServiceNetHttpService Failed to connect to driver

Error: (01/31/2015 07:40:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2015 07:33:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 31.1.2015.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2ea8

Startzeit: 01d03d83efe9afc7

Endzeit: 0

Anwendungspfad: C:\Users\Iris\Desktop\FRST64.exe

Berichts-ID: ae4dbbda-a977-11e4-a790-e0ca94beb0f6

Error: (01/31/2015 07:29:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 31.1.2015.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 4bdc

Startzeit: 01d03d83da1125ab

Endzeit: 0

Anwendungspfad: D:\FRST64.exe

Berichts-ID: 1cc0dd51-a977-11e4-a790-e0ca94beb0f6

Error: (01/31/2015 07:29:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Notification.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1f74

Startzeit: 01d03d665de88b69

Endzeit: 15

Anwendungspfad: C:\Users\Iris\Qtrax\Player\Notification.exe

Berichts-ID: 282ab28b-a976-11e4-a790-e0ca94beb0f6

Error: (01/31/2015 07:29:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 31.1.2015.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1e4c

Startzeit: 01d03d8386d74afa

Endzeit: 16

Anwendungspfad: D:\FRST64.exe

Berichts-ID: 03023f05-a977-11e4-a790-e0ca94beb0f6

Error: (01/31/2015 07:26:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 31.1.2015.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1330

Startzeit: 01d03d833dcd6986

Endzeit: 16

Anwendungspfad: D:\FRST64.exe

Berichts-ID: bae7fd7b-a976-11e4-a790-e0ca94beb0f6

Error: (01/31/2015 07:23:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm OptimizerPro.exe, Version 3.2.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 3058

Startzeit: 01d03d6aeaeabb67

Endzeit: 1400

Anwendungspfad: C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe

Berichts-ID: 38c51fa8-a976-11e4-a790-e0ca94beb0f6

Error: (01/31/2015 06:51:08 PM) (Source: globalUpdate Update) (EventID: 1) (User: NT-AUTORITÄT)
Description: globalUpdate Update has encountered a fatal error.
ver=1.3.25.0.private;lang=en;id=;is_machine=1;upload=0;minidump=C:\Program Files (x86)\globalUpdate\CrashReports\27e89674-6b1e-42d3-a2b1-ca9dff746884.dmp


System errors:
=============
Error: (01/31/2015 07:45:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/31/2015 07:44:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "nethfdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577

Error: (01/31/2015 07:44:08 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (01/31/2015 07:39:41 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {94B83936-77EA-4708-8FC5-F3BBC55C2A32}

Error: (01/31/2015 07:39:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MyOSProtect" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/31/2015 07:38:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
nethfdrv

Error: (01/31/2015 07:38:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "scores" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/31/2015 07:38:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst scores erreicht.

Error: (01/31/2015 07:38:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Protect Monitor" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/31/2015 07:38:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Protect Monitor erreicht.


Microsoft Office Sessions:
=========================
Error: (01/31/2015 07:45:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmpnetwk.exe12.0.7601.175144ce7ae7fKERNELBASE.dll6.1.7601.184095315a05a0000046b000000000000940d21a001d03d85597c7789C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\KERNELBASE.dll4d45a154-a979-11e4-9bc2-e0ca94beb0f6

Error: (01/31/2015 07:44:29 PM) (Source: NetHttpService) (EventID: 0) (User: )
Description: NetHttpServiceNetHttpService Failed to connect to driver

Error: (01/31/2015 07:40:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2015 07:33:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe31.1.2015.12ea801d03d83efe9afc70C:\Users\Iris\Desktop\FRST64.exeae4dbbda-a977-11e4-a790-e0ca94beb0f6

Error: (01/31/2015 07:29:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe31.1.2015.14bdc01d03d83da1125ab0D:\FRST64.exe1cc0dd51-a977-11e4-a790-e0ca94beb0f6

Error: (01/31/2015 07:29:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Notification.exe0.0.0.01f7401d03d665de88b6915C:\Users\Iris\Qtrax\Player\Notification.exe282ab28b-a976-11e4-a790-e0ca94beb0f6

Error: (01/31/2015 07:29:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe31.1.2015.11e4c01d03d8386d74afa16D:\FRST64.exe03023f05-a977-11e4-a790-e0ca94beb0f6

Error: (01/31/2015 07:26:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe31.1.2015.1133001d03d833dcd698616D:\FRST64.exebae7fd7b-a976-11e4-a790-e0ca94beb0f6

Error: (01/31/2015 07:23:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OptimizerPro.exe3.2.0.0305801d03d6aeaeabb671400C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe38c51fa8-a976-11e4-a790-e0ca94beb0f6

Error: (01/31/2015 06:51:08 PM) (Source: globalUpdate Update) (EventID: 1) (User: NT-AUTORITÄT)
Description: globalUpdate Update has encountered a fatal error.
ver=1.3.25.0.private;lang=en;id=;is_machine=1;upload=0;minidump=C:\Program Files (x86)\globalUpdate\CrashReports\27e89674-6b1e-42d3-a2b1-ca9dff746884.dmp


CodeIntegrity Errors:
===================================
  Date: 2015-01-31 19:44:28.564
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-31 19:44:28.396
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-31 19:37:21.610
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-31 19:37:21.376
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-31 16:02:36.693
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-31 16:02:36.522
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-31 15:55:53.066
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-31 15:55:52.847
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-31 13:43:02.389
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-31 13:43:02.124
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 71%
Total physical RAM: 3892.55 MB
Available physical RAM: 1118.23 MB
Total Pagefile: 7783.29 MB
Available Pagefile: 4238.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:463.76 GB) (Free:184.89 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (USB DISK) (Removable) (Total:3.73 GB) (Free:2.2 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F424250E)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=463.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Hallo Sandra,

ich habs wie vorgeschlagen mit nem anderen Laptop runtergeladen, und juhu, es hat endlich geklappt nun bin ich gespannt! Danke dir schonmal und nochmal

Alt 02.02.2015, 19:45   #7
Bootsektor
/// TB-Ausbilder
 
Searchpage/genesis offers/ thanksforthedownload etc. - Standard

Searchpage/genesis offers/ thanksforthedownload etc.



Hallo Iris,

das ist schon eine beeindruckende Kollektion, die du da gesammelt hast.
Lass uns erstmal das Log lesbarer bekommen.

Bitte deinstalliere folgende Programme (falls vorhanden) :

Advanced-System Protector
AnyProtect
BetterPRicEEChec
ConvertAd
Delta Chrome Toolbar
Delta toolbar
DiscountLOcator
eBay
FastPlayer
Financial Times News Feed
FLVPlayer
GamesDesktop 014.138
Genesis
HQVP1.9V28.09
InetStat
iWebar
less2Peayu
LPT System Updater Service
LuckyiShOppera
Lyrics Finder
McAfee Security Scan Plus
MyBestOffersToday 014.107
MyPC Backup
NewPlayer
Object Browser
OffersWizard Network System Driver
omiga-plus uninstall
OnlineLowDeals
Optimizer Pro v3.2
PotatoSmile
PepperZip 1.0
Play Now Radio
PremiumDiscounts
PriceDownloader
RegClean-Pro
Remote Desktop Access
RoYalCouupon
SalesChhecker
Search Protect
ShopperMaster
Shopper-Pro
Shopping Helper Smartbar
Shopping Helper Smartbar Engine
SmartWeb
Software Version Updater
StormWatch
TheHDvid-Codec V10
Uniblue SpeedUpMyPC
Update for Zip Opener
Wajam
Web Protect for Windows
WinZipper
Yontoo 1.12.02
YTDownloader
Zip Opener Packages

Dazu gehe auf:
den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen

Falls du ein Programm nicht deinstallieren kannst, lade dir von hier den Revo-uninstaller herunter und deinstalliere es damit, wähle dabei den moderaten Modus.

Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 3
Starte noch einmal FRST.
  • Setze den Haken bei addition.txt und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
  • Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

Alt 03.02.2015, 01:05   #8
Irissss
 
Searchpage/genesis offers/ thanksforthedownload etc. - Standard

Searchpage/genesis offers/ thanksforthedownload etc.



Hallo Sandra,

die Logs nach Anwendung des Adw Cleaners:

(hierzu muss ich aber noch sagen, dass ich 3 Anläufe hatte, die Malware suchen und löschen zu lassen, und am Ende gabs nichts mehr zu löschen, bzw das war dann schon geschehen ohne dass es eine Logdatei gab - daher hab ich beim 3. Versuch auf "Löschen" geklickt obwohl da nichts war, nur um die Logdatei zu erhalten. Deswegen weiß ich nicht ob die Logdatei sich auch auf die gelöschten Programme bezieht oder nicht)

Code:
ATTFilter
# Gestartet von : C:\Users\Iris\Desktop\AdwCleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16563


-\\ Mozilla Firefox v32.0.3 (x86 de)


-\\ Google Chrome v37.0.2062.124


*************************

AdwCleaner[R0].txt - [49804 octets] - [03/02/2015 00:22:35]
AdwCleaner[R1].txt - [2288 octets] - [03/02/2015 01:15:57]
AdwCleaner[R2].txt - [1207 octets] - [03/02/2015 01:38:44]
AdwCleaner[S0].txt - [44816 octets] - [03/02/2015 00:25:34]
AdwCleaner[S1].txt - [1849 octets] - [03/02/2015 01:17:51]
AdwCleaner[S2].txt - [1129 octets] - [03/02/2015 01:40:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1189 octets] ##########
         
FRST Editor:


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Iris (administrator) on IRIS-PC on 03-02-2015 01:48:15
Running from C:\Users\Iris\Desktop
Loaded Profiles: Iris (Available profiles: Iris)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify Ltd) C:\Users\Iris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dropbox, Inc.) C:\Users\Iris\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Fujitsu Technology Solutions) C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe
(Fujitsu) C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Time Lapse Solutions) C:\ProgramData\EiTVjiBBmwA\gsEyZbUfv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\wscstub.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [PfNet] => C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6310912 2010-06-24] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [LoadFUJ02E3] => C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [162912 2009-07-08] (CyberLink Corp.)
HKLM-x32\...\Run: [DeskUpdateNotifier] => c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [97560 2010-10-13] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [AIS_MessageForYou] => C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe [1965056 2010-03-18] (Fujitsu)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-18] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [mbot_de_107] => [X]
HKLM-x32\...\Run: [gmsd_de_138] => [X]
HKLM-x32\...\Run: [mbot_de_472] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Run: [Spotify Web Helper] => C:\Users\Iris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-24] (Spotify Ltd)
HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-25] (Google Inc.)
HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Run: [Spotify] => C:\Users\Iris\AppData\Roaming\Spotify\spotify.exe [6737976 2015-01-24] (Spotify Ltd)
HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Run: [Play Now Radio] => C:\Users\Iris\AppData\Local\playnowradio\playnowradio\1.3.19.3\playnowradio.exe
Startup: C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3450306727-158836411-271950113-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3450306727-158836411-271950113-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49461;https=127.0.0.1:49461
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEU-cMTeldOutkMRm1lHMNM_I966xRj-emLdmHwZI1caMrWW96Lq0g7hHFdZIx84rWozjRGxv0CloDr3lWe7jMeMTFZbmBNzY-12ynu2JEXqu0OVK1cobnnacaRQerXIwfJipPnCt6f_FIw,,
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEU-cMTeldOutkMRm1lHMNM_I966xRj-emLdmHwZI1caMrWW96Lq0g7hHFdZIx84rWozjRGxv0CloDr3pomEMmiYxpbFoyeGjqammZp6wVVOZXMlbiG_SB4g4Ckb-gu-J7nbkifPn-JKz0A,,&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEU-cMTeldOutkMRm1lHMNM_I966xRj-emLdmHwZI1caMrWW96Lq0g7hHFdZIx84rWozjRGxv0CloDr3pomEMmiYxpbFoyeGjqammZp6wVVOZXMlbiG_SB4g4Ckb-gu-J7nbkifPn-JKz0A,,&q={searchTerms}
HKU\S-1-5-21-3450306727-158836411-271950113-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG
HKU\S-1-5-21-3450306727-158836411-271950113-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEU-cMTeldOutkMRm1lHMNM_I966xRj-emLdmHwZI1caMrWW96Lq0g7hHFdZIx84rWozjRGxv0CloDr3pomEMmiYxpbFoyeGjqammZp6wVVOZXMlbiG_SB4g4Ckb-gu-J7nbkifPn-JKz0A,,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3450306727-158836411-271950113-1001 -> {C612C47D-1465-4C0C-9B8D-E6A12DE7A613} URL = hxxp://www.bing.com/search?q={searchTerms}&r=711
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: ApppttoU -> {966aaa80-04b5-425e-bf92-1210e8b20af0} -> C:\Program Files (x86)\ApppttoU\ik6sagbY2Ht8i6.x64.dll ()
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: ApppttoU -> {966aaa80-04b5-425e-bf92-1210e8b20af0} -> C:\Program Files (x86)\ApppttoU\ik6sagbY2Ht8i6.dll ()
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3450306727-158836411-271950113-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3450306727-158836411-271950113-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992
FF Keyword.URL: 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3450306727-158836411-271950113-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\searchplugins\trovi.xml
FF Extension: CinPlus-2.4c - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\0cd1569197354ecf9be03@d3ee3bc4210848f7b5a58324f064f.com [2014-12-31]
FF Extension: compatibilityaddonsmozillaorg - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\compatibility@addons.mozilla.org [2015-01-29]
FF Extension: Security Protection - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\detgdp@gmail.com [2014-12-31]
FF Extension: iWebar1.1 - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\ROUAILDE73397174@UXGZI17268980.com [2014-12-31]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn [2012-08-25]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2 [2015-02-03]
FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\extensions\detgdp@gmail.com
FF Extension: No Name - C:\Program Files (x86)\WebEnhance\webenhance.xpi [Not Found]
FF Extension: No Name - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com [Not Found]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M3F2EFB8E-8652-43E1-A5AD-2A1CE869AE5B&SearchSource=55&CUI=&UM=2&UP=SP148E3FF6-F5F7-42C6-AF12-DBEEA8245E4B&SSPV="
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (PageRank) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfcdbaimlghobbjcnedilbjalppkblik [2014-11-21]
CHR Extension: (bpconcjcammlapcogcnnelfmaeghhagj) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2014-10-02]
CHR Extension: (Contrast Theme for Gmail) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbibcldlgllnamlpilmfleeobcgalfgi [2015-01-31]
CHR Extension: (YouTube Flags) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeammepjjllhpcfnkohocddkmdejjebc [2015-02-02]
CHR Extension: (gdbfnafnalfjconpgenohfidcaeibkoc) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdbfnafnalfjconpgenohfidcaeibkoc [2015-01-25]
CHR Extension: (Ultimate Guitar Chord Finder  Tuner) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\heaonkngmjjglodfnhecekakddbggmhi [2014-10-25]
CHR Extension: (My Movie Magnet) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpljfflibaokjcndmchkfjalpjjblioc [2013-07-30]
CHR Extension: (GNotes Extension) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idpclaojcopihmplcfnmgfkllldpajen [2015-02-02]
CHR Extension: (Financial Times News Feed) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikbgmjbblkefbdmndheohoboafbagffo [2015-01-29]
CHR Extension: (cifFix) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jclfgmgojdnckljehaliiiolimmhmoad [2014-11-09]
CHR Extension: (WhoWorks At) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeldhknnfopoiloahhpmbblbhemankjj [2014-11-09]
CHR Extension: (Object Browser) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhdjhhpjicomphhjpehdhjenbaamdpnn [2015-01-29]
CHR Extension: (PotatoSmile) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oalbpfagfhfkcmklpdanadjpbfdedndn [2015-01-29]
CHR Extension: (less2apaay) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\plgljbjjfdpaboeflppnamegkoohadeh [2015-02-02]
CHR HKLM\...\Chrome\Extension: [hpljfflibaokjcndmchkfjalpjjblioc] - C:\Users\Iris\AppData\Local\MyMovieMagnet.crx [2013-07-30]
CHR HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Chrome\Extension: [hpljfflibaokjcndmchkfjalpjjblioc] - C:\Users\Iris\AppData\Local\MyMovieMagnet.crx [2013-07-30]
CHR HKLM-x32\...\Chrome\Extension: [hpljfflibaokjcndmchkfjalpjjblioc] - C:\Users\Iris\AppData\Local\MyMovieMagnet.crx [2013-07-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 59191eaf; c:\Program Files (x86)\SystemLift\SystemLift.dll [1637376 2015-02-02] () [File not signed]
R2 AISConnect; C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe [32768 2009-01-26] () [File not signed]
R2 gsEyZbUfv; C:\ProgramData\EiTVjiBBmwA\gsEyZbUfv.exe [2726776 2014-11-09] (Time Lapse Solutions)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-11-01] (Intel Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [399432 2012-09-29] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [676936 2012-09-29] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [330240 2010-06-24] (FUJITSU LIMITED) [File not signed]
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-11-01] (Intel Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [1388120 2013-01-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-04] (Symantec Corporation)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130126.002\IDSvia64.sys [513184 2012-12-02] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130128.032\ENG64.SYS [126192 2013-01-23] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130128.032\EX64.SYS [2087664 2013-01-23] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-09-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
U2 wuaserv; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 01:47 - 2015-02-03 01:47 - 00000000 ____D () C:\Users\Iris\Desktop\FRST-OlderVersion
2015-02-03 00:22 - 2015-02-03 01:40 - 00000000 ____D () C:\AdwCleaner
2015-02-03 00:21 - 2015-02-03 00:18 - 02194432 _____ () C:\Users\Iris\Desktop\AdwCleaner_4.109.exe
2015-02-02 23:42 - 2015-02-02 23:47 - 00001270 _____ () C:\Users\Iris\Desktop\Revo Uninstaller.lnk
2015-02-02 23:42 - 2015-02-02 23:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-02 23:30 - 2015-02-02 23:30 - 00000000 ____D () C:\Program Files (x86)\YouTube Flags
2015-02-02 23:30 - 2015-02-02 23:30 - 00000000 ____D () C:\Program Files (x86)\ApppttoU
2015-02-02 23:09 - 2015-02-02 23:09 - 00000000 ____D () C:\Program Files (x86)\SystemLift
2015-02-02 23:08 - 2015-02-02 23:08 - 00000000 ____D () C:\ProgramData\3135297565
2015-02-02 23:05 - 2015-02-02 23:05 - 00001166 _____ () C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-02 22:26 - 2015-02-02 22:26 - 00000000 ____D () C:\Program Files (x86)\GNotes Extension
2015-02-02 21:33 - 2015-02-02 21:33 - 00000687 _____ () C:\awh8B3E.tmp
2015-01-31 19:50 - 2015-01-31 19:53 - 00073799 _____ () C:\Users\Iris\Desktop\Addition.txt
2015-01-31 19:45 - 2015-02-03 01:49 - 00026964 _____ () C:\Users\Iris\Desktop\FRST.txt
2015-01-31 19:45 - 2015-02-03 01:48 - 00000000 ____D () C:\FRST
2015-01-31 19:43 - 2015-01-31 19:43 - 00000687 _____ () C:\awh9443.tmp
2015-01-31 16:01 - 2015-01-31 16:01 - 00000687 _____ () C:\awhFB6E.tmp
2015-01-31 13:42 - 2015-01-31 13:42 - 00000687 _____ () C:\awhE021.tmp
2015-01-31 13:26 - 2015-01-31 13:26 - 00000000 ____D () C:\Program Files (x86)\Contrast Theme for Gmail
2015-01-31 13:21 - 2015-01-31 13:21 - 00000687 _____ () C:\awh92BD.tmp
2015-01-30 00:44 - 2015-02-03 01:43 - 00001334 _____ () C:\Windows\Tasks\YZQRCM.job
2015-01-30 00:44 - 2015-01-30 00:44 - 01317848 _____ (home) C:\Users\Iris\AppData\Roaming\YZQRCM.exe
2015-01-30 00:44 - 2015-01-30 00:44 - 00004356 _____ () C:\Windows\System32\Tasks\YZQRCM
2015-01-30 00:43 - 2015-02-03 01:43 - 00001332 _____ () C:\Windows\Tasks\CNPQO.job
2015-01-30 00:43 - 2015-01-30 00:43 - 01941464 _____ (home) C:\Users\Iris\AppData\Roaming\CNPQO.exe
2015-01-30 00:43 - 2015-01-30 00:43 - 00004354 _____ () C:\Windows\System32\Tasks\CNPQO
2015-01-30 00:40 - 2015-02-03 01:47 - 02131456 _____ (Farbar) C:\Users\Iris\Desktop\FRST64.exe
2015-01-29 11:39 - 2015-01-29 11:39 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\Iris\AppData\Roaming\YZQRCM
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\Iris\AppData\Roaming\CNPQO
2015-01-24 15:01 - 2015-01-24 15:01 - 00613057 _____ (CMI Limited) C:\Users\Iris\AppData\Local\nshB9CA.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 01:46 - 2013-01-28 19:22 - 00000000 ____D () C:\Users\Iris\AppData\Roaming\Skype
2015-02-03 01:46 - 2012-11-05 19:10 - 00000000 ____D () C:\Users\Iris\AppData\Roaming\Spotify
2015-02-03 01:45 - 2013-01-29 00:06 - 00000000 ___RD () C:\Users\Iris\Dropbox
2015-02-03 01:45 - 2013-01-29 00:02 - 00000000 ____D () C:\Users\Iris\AppData\Roaming\Dropbox
2015-02-03 01:43 - 2012-08-25 12:41 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 01:43 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 01:42 - 2010-11-21 04:47 - 00217586 _____ () C:\Windows\PFRO.log
2015-02-03 01:42 - 2009-07-14 05:51 - 00105001 _____ () C:\Windows\setupact.log
2015-02-03 01:41 - 2009-07-14 05:45 - 00031536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-03 01:41 - 2009-07-14 05:45 - 00031536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 01:38 - 2012-08-25 12:36 - 01967151 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 01:35 - 2012-09-18 00:03 - 00000000 ____D () C:\Users\Iris\AppData\Local\CrashDumps
2015-02-03 01:33 - 2009-07-14 06:08 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-03 01:33 - 2009-07-14 05:45 - 00416312 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-03 00:25 - 2012-08-25 12:50 - 00000000 ____D () C:\Users\Iris
2015-02-03 00:22 - 2012-09-15 11:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-03 00:11 - 2012-08-25 12:41 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 00:06 - 2012-11-05 19:10 - 00000000 ____D () C:\Users\Iris\AppData\Local\Spotify
2015-02-02 23:06 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-02 23:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-02-02 22:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-02 22:42 - 2012-12-27 13:15 - 00000000 ____D () C:\Program Files (x86)\Amazon
2015-02-02 22:30 - 2014-10-25 19:41 - 00002102 _____ () C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-02-02 22:30 - 2012-09-18 18:31 - 00001136 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-02 22:30 - 2012-09-15 11:29 - 00001154 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-02 22:30 - 2012-08-25 12:59 - 00001411 _____ () C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-02-02 22:30 - 2012-08-25 12:58 - 00001445 _____ () C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-02 22:29 - 2012-09-18 18:31 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-02 22:09 - 2014-09-28 19:27 - 00000000 ___HD () C:\Users\Public\Temp
2015-02-02 21:47 - 2013-07-26 23:47 - 00000092 _____ () C:\Users\Iris\AppData\Roaming\WB.CFG
2015-02-02 21:37 - 2013-12-13 23:20 - 01788292 _____ () C:\Windows\IE11_main.log
2015-01-31 13:22 - 2012-09-15 11:26 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-31 13:22 - 2012-09-15 11:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-31 13:22 - 2012-09-15 11:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-29 23:55 - 2011-02-14 13:57 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-01-29 23:55 - 2011-02-14 13:57 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-01-29 23:55 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-29 12:24 - 2012-08-25 12:56 - 00000000 ____D () C:\Windows\System32\Tasks\Fujitsu

==================== Files in the root of some directories =======

2014-11-09 20:30 - 2014-11-09 20:30 - 1528736 _____ (Object Browser) C:\Users\Iris\AppData\Roaming\BNH.exe
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Iris\AppData\Roaming\CNPQO
2015-01-30 00:43 - 2015-01-30 00:43 - 1941464 _____ (home) C:\Users\Iris\AppData\Roaming\CNPQO.exe
2014-11-09 20:29 - 2014-11-09 20:29 - 2025376 _____ (Object Browser) C:\Users\Iris\AppData\Roaming\DCIEUTUC.exe
2013-07-26 23:47 - 2015-02-02 21:47 - 0000092 _____ () C:\Users\Iris\AppData\Roaming\WB.CFG
2013-07-06 13:54 - 2013-07-06 13:54 - 0000005 _____ () C:\Users\Iris\AppData\Roaming\WBPU-Q3-TTL.DAT
2013-07-09 19:52 - 2013-07-09 19:52 - 0000005 _____ () C:\Users\Iris\AppData\Roaming\WBPU-Q4-TTL.DAT
2013-07-15 16:56 - 2014-01-03 00:55 - 0000005 _____ () C:\Users\Iris\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-06-26 12:47 - 2014-01-31 08:47 - 0000005 _____ () C:\Users\Iris\AppData\Roaming\WBPU-TTL.DAT
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Iris\AppData\Roaming\YZQRCM
2015-01-30 00:44 - 2015-01-30 00:44 - 1317848 _____ (home) C:\Users\Iris\AppData\Roaming\YZQRCM.exe
2013-07-30 23:50 - 2013-07-30 23:50 - 0081402 _____ () C:\Users\Iris\AppData\Local\MyMovieMagnet.crx
2015-01-24 15:01 - 2015-01-24 15:01 - 0613057 _____ (CMI Limited) C:\Users\Iris\AppData\Local\nshB9CA.tmp
2012-12-03 23:53 - 2012-12-04 01:00 - 95023320 ____T () C:\ProgramData\0tbpw.pad

Files to move or delete:
====================
C:\ProgramData\0tbpw.pad


Some content of TEMP:
====================
C:\Users\Iris\AppData\Local\Temp\-6n1cbhk.dll
C:\Users\Iris\AppData\Local\Temp\03qkc-gb.dll
C:\Users\Iris\AppData\Local\Temp\07cldlkl.dll
C:\Users\Iris\AppData\Local\Temp\0swdgjy6.dll
C:\Users\Iris\AppData\Local\Temp\0x6ivzz5.dll
C:\Users\Iris\AppData\Local\Temp\11dneb0y.dll
C:\Users\Iris\AppData\Local\Temp\21whhhir.dll
C:\Users\Iris\AppData\Local\Temp\2cocrb7q.dll
C:\Users\Iris\AppData\Local\Temp\2url0plq.dll
C:\Users\Iris\AppData\Local\Temp\3xdc3hpq.dll
C:\Users\Iris\AppData\Local\Temp\5-_puzu5.dll
C:\Users\Iris\AppData\Local\Temp\556tjvy5.dll
C:\Users\Iris\AppData\Local\Temp\5bpr4in_.dll
C:\Users\Iris\AppData\Local\Temp\5m_sgxhp.dll
C:\Users\Iris\AppData\Local\Temp\6y1h0n1x.dll
C:\Users\Iris\AppData\Local\Temp\74cfrk-c.dll
C:\Users\Iris\AppData\Local\Temp\7an8hst5.dll
C:\Users\Iris\AppData\Local\Temp\7pi_td1f.dll
C:\Users\Iris\AppData\Local\Temp\9fdmxb43.dll
C:\Users\Iris\AppData\Local\Temp\9irqvnmy.dll
C:\Users\Iris\AppData\Local\Temp\adqwrsrs.dll
C:\Users\Iris\AppData\Local\Temp\aiwnfegh.dll
C:\Users\Iris\AppData\Local\Temp\bui26ifb.dll
C:\Users\Iris\AppData\Local\Temp\c-vq1wxp.dll
C:\Users\Iris\AppData\Local\Temp\c0jzfjtz.dll
C:\Users\Iris\AppData\Local\Temp\c5lfzoat.dll
C:\Users\Iris\AppData\Local\Temp\cgcxk_hm.dll
C:\Users\Iris\AppData\Local\Temp\cwmnjegy.dll
C:\Users\Iris\AppData\Local\Temp\d-ngveh8.dll
C:\Users\Iris\AppData\Local\Temp\dhspkfar.dll
C:\Users\Iris\AppData\Local\Temp\dj0nk8wx.dll
C:\Users\Iris\AppData\Local\Temp\dlLogic.exe
C:\Users\Iris\AppData\Local\Temp\dltr.exe
C:\Users\Iris\AppData\Local\Temp\dmcp90rb.dll
C:\Users\Iris\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxz0cxk.dll
C:\Users\Iris\AppData\Local\Temp\dwgixoly.dll
C:\Users\Iris\AppData\Local\Temp\dx5ekkx6.dll
C:\Users\Iris\AppData\Local\Temp\e3qf0zeg.dll
C:\Users\Iris\AppData\Local\Temp\eawg2ady.dll
C:\Users\Iris\AppData\Local\Temp\efijtbof.dll
C:\Users\Iris\AppData\Local\Temp\eiohakec.dll
C:\Users\Iris\AppData\Local\Temp\eq9kcbxw.dll
C:\Users\Iris\AppData\Local\Temp\f92_h9kc.dll
C:\Users\Iris\AppData\Local\Temp\fcqlc_wc.dll
C:\Users\Iris\AppData\Local\Temp\fptl306g.dll
C:\Users\Iris\AppData\Local\Temp\fpvvql2b.dll
C:\Users\Iris\AppData\Local\Temp\g911db5f.dll
C:\Users\Iris\AppData\Local\Temp\GCVerifier.dll
C:\Users\Iris\AppData\Local\Temp\gzieybqx.dll
C:\Users\Iris\AppData\Local\Temp\hmlqiihl.dll
C:\Users\Iris\AppData\Local\Temp\hr0yvemd.dll
C:\Users\Iris\AppData\Local\Temp\hs-q5agx.dll
C:\Users\Iris\AppData\Local\Temp\hsg6ekj3.dll
C:\Users\Iris\AppData\Local\Temp\i2imjvu0.dll
C:\Users\Iris\AppData\Local\Temp\i7euamhk.dll
C:\Users\Iris\AppData\Local\Temp\i8h9-dun.dll
C:\Users\Iris\AppData\Local\Temp\igxvcxrh.dll
C:\Users\Iris\AppData\Local\Temp\in_mh9db.dll
C:\Users\Iris\AppData\Local\Temp\ip1djypd.dll
C:\Users\Iris\AppData\Local\Temp\iqb_rd2j.dll
C:\Users\Iris\AppData\Local\Temp\iwv4lfhw.dll
C:\Users\Iris\AppData\Local\Temp\j7dna38j.dll
C:\Users\Iris\AppData\Local\Temp\j8fk64wq.dll
C:\Users\Iris\AppData\Local\Temp\jahvks_7.dll
C:\Users\Iris\AppData\Local\Temp\jgamgvrw.dll
C:\Users\Iris\AppData\Local\Temp\jlgwb7jx.dll
C:\Users\Iris\AppData\Local\Temp\jorfwwfa.dll
C:\Users\Iris\AppData\Local\Temp\ju4a5a12.dll
C:\Users\Iris\AppData\Local\Temp\k01luaqt.dll
C:\Users\Iris\AppData\Local\Temp\k0arx0zi.dll
C:\Users\Iris\AppData\Local\Temp\k9-wx2ps.dll
C:\Users\Iris\AppData\Local\Temp\Launcher__10890.exe
C:\Users\Iris\AppData\Local\Temp\lbpj9ovs.dll
C:\Users\Iris\AppData\Local\Temp\lnrwahld.dll
C:\Users\Iris\AppData\Local\Temp\lwpogwzd.dll
C:\Users\Iris\AppData\Local\Temp\mekr08bg.dll
C:\Users\Iris\AppData\Local\Temp\miscdbok.dll
C:\Users\Iris\AppData\Local\Temp\mqvhjshp.dll
C:\Users\Iris\AppData\Local\Temp\n7kdafo6.dll
C:\Users\Iris\AppData\Local\Temp\nfvut6qw.dll
C:\Users\Iris\AppData\Local\Temp\npzjz1rj.dll
C:\Users\Iris\AppData\Local\Temp\onmpzyoq.dll
C:\Users\Iris\AppData\Local\Temp\oy5n2kvi.dll
C:\Users\Iris\AppData\Local\Temp\ozrkiwbw.dll
C:\Users\Iris\AppData\Local\Temp\pdo8l9i1.dll
C:\Users\Iris\AppData\Local\Temp\playsetup.exe
C:\Users\Iris\AppData\Local\Temp\pyi4ikwo.dll
C:\Users\Iris\AppData\Local\Temp\qna0wsbq.dll
C:\Users\Iris\AppData\Local\Temp\Quarantine.exe
C:\Users\Iris\AppData\Local\Temp\qvydik7m.dll
C:\Users\Iris\AppData\Local\Temp\qw6rvgiu.dll
C:\Users\Iris\AppData\Local\Temp\r7fnr7t6.dll
C:\Users\Iris\AppData\Local\Temp\rbtfieze.dll
C:\Users\Iris\AppData\Local\Temp\res.dll
C:\Users\Iris\AppData\Local\Temp\rfwuu1db.dll
C:\Users\Iris\AppData\Local\Temp\rprzekwv.dll
C:\Users\Iris\AppData\Local\Temp\rxd5yo-x.dll
C:\Users\Iris\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Iris\AppData\Local\Temp\spx67wvi.dll
C:\Users\Iris\AppData\Local\Temp\sqlite3.dll
C:\Users\Iris\AppData\Local\Temp\srv3548.exe
C:\Users\Iris\AppData\Local\Temp\srv54959.exe
C:\Users\Iris\AppData\Local\Temp\stb2t2iq.dll
C:\Users\Iris\AppData\Local\Temp\swydwbbz.dll
C:\Users\Iris\AppData\Local\Temp\teoej_uz.dll
C:\Users\Iris\AppData\Local\Temp\tow0j2ak.dll
C:\Users\Iris\AppData\Local\Temp\tthslagj.dll
C:\Users\Iris\AppData\Local\Temp\tu17p84.exe
C:\Users\Iris\AppData\Local\Temp\uasmioqj.dll
C:\Users\Iris\AppData\Local\Temp\ub4fksxh.dll
C:\Users\Iris\AppData\Local\Temp\uckqaxzk.dll
C:\Users\Iris\AppData\Local\Temp\uninst1.exe
C:\Users\Iris\AppData\Local\Temp\uoakknmj.dll
C:\Users\Iris\AppData\Local\Temp\uonpebls.dll
C:\Users\Iris\AppData\Local\Temp\us3flluh.dll
C:\Users\Iris\AppData\Local\Temp\u_6pembq.dll
C:\Users\Iris\AppData\Local\Temp\verifier.exe
C:\Users\Iris\AppData\Local\Temp\vkrnz-kt.dll
C:\Users\Iris\AppData\Local\Temp\vymak21d.dll
C:\Users\Iris\AppData\Local\Temp\w3roc5_t.dll
C:\Users\Iris\AppData\Local\Temp\w4586vnl.dll
C:\Users\Iris\AppData\Local\Temp\w9f3a4lg.dll
C:\Users\Iris\AppData\Local\Temp\wcwlalyz.dll
C:\Users\Iris\AppData\Local\Temp\wf0hif6f.dll
C:\Users\Iris\AppData\Local\Temp\wnt6np1w.dll
C:\Users\Iris\AppData\Local\Temp\ww_y7af6.dll
C:\Users\Iris\AppData\Local\Temp\x2iew6z1.dll
C:\Users\Iris\AppData\Local\Temp\x_qoettx.dll
C:\Users\Iris\AppData\Local\Temp\y9aod3tn.dll
C:\Users\Iris\AppData\Local\Temp\yotos9xb.dll
C:\Users\Iris\AppData\Local\Temp\_kmvkega.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-26 00:21

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

...und hier Addition - Editor:

bin gespannt auf den Stand der Dinge Man hat schon gemerkt wie sehr es meinem Laptop gut getan hat, als ich all die von dir aufgezählten Programme deinstalliert habe


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Iris at 2015-02-03 01:50:16
Running from C:\Users\Iris\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AIS Connect (HKLM-x32\...\AIS Connect) (Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH)
AIS Connect (x32 Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH) Hidden
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ApppttoU (HKLM-x32\...\{01B91C29-337A-1FFD-7CFC-473451D2F861}) (Version:  - ApptoU) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Contrast Theme for Gmail (HKLM-x32\...\{BA5D43C9-D633-D0EC-CFEA-2ABA974B333D}) (Version:  - "")
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1908.7636 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeskUpdate 4.11 (HKLM-x32\...\DeskUpdate_is1) (Version: 4.11.0074 - Fujitsu Technology Solutions)
Dropbox (HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Free Studio version 5.7.3.917 (HKLM-x32\...\Free Studio_is1) (Version: 5.7.3.917 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.33.1005 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.33.1005 - DVDVideoSoft Ltd.)
Fujitsu Display Manager (HKLM-x32\...\InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}) (Version:  - )
Fujitsu Display Manager (Version: 7.01.00.210 - FUJITSU LIMITED) Hidden
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}) (Version: 3.60.1.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.60.1.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version:  - )
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.000 - Ihr Firmenname) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version:  - )
Fujitsu System Extension Utility (Version: 3.1.1.0 - FUJITSU LIMITED) Hidden
GNotes Extension (HKLM-x32\...\{7BCAC0EB-3993-2416-0531-848C39DF8B65}) (Version:  - "")
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2025 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{5FE78439-7CAA-45FE-A808-2D7A0FC98643}) (Version: 11.0.2.25 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LifeBook Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version:  - )
LifeBook Application Panel (Version: 8.1.0.0 - FUJITSU LIMITED) Hidden
Malwarebytes Anti-Malware Version 1.65.1.1000 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.65.1.1000 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.7.2.3 - Symantec Corporation)
PDF24 Creator 5.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 5.3.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (Version: 5.3.001 - FUJITSU LIMITED) Hidden
Power Saving Utility (HKLM-x32\...\InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}) (Version:  - )
Power Saving Utility (Version: 31.01.11.013 - FUJITSU LIMITED) Hidden
Qtrax Connection Manager (HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Qtrax Connection Manager) (Version: 20.13.07.02 - Qtrax Inc)
Qtrax Player (HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\2826921322.portal.qtrax.com) (Version:  - portal.qtrax.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30087 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
TuneUp Utilities 2012 (HKLM-x32\...\TuneUp Utilities 2012) (Version: 12.0.3600.73 - TuneUp Software)
TuneUp Utilities 2012 (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

09-11-2014 20:34:41 Windows Update
09-11-2014 23:31:23 Windows Update
21-11-2014 14:25:50 Windows Update
31-12-2014 14:43:04 Windows Update
31-12-2014 14:47:39 Windows Modules Installer
24-01-2015 11:23:44 Windows Update
24-01-2015 11:31:26 Windows Update
25-01-2015 03:12:53 Windows Update
29-01-2015 11:46:43 Windows Update
30-01-2015 00:01:27 Windows Update
31-01-2015 13:23:08 Windows Update
31-01-2015 13:23:08 Windows Update
31-01-2015 14:01:51 Windows Update
02-02-2015 21:32:03 Windows Update
02-02-2015 21:32:03 Windows Update
02-02-2015 21:33:31 Removed Delta Chrome Toolbar
02-02-2015 21:46:28 Removed eBay
02-02-2015 23:42:54 Revo Uninstaller's restore point - DiscountLOcator
02-02-2015 23:47:08 Revo Uninstaller's restore point - DiscountLOcator
02-02-2015 23:48:48 Revo Uninstaller's restore point - Financial Times News Feed
02-02-2015 23:50:14 Revo Uninstaller's restore point - DiscountLOcator
02-02-2015 23:51:57 Revo Uninstaller's restore point - PotatoSmile
02-02-2015 23:54:12 Revo Uninstaller's restore point - SalesChhecker
02-02-2015 23:56:31 Revo Uninstaller's restore point - Web Protect for Windows

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E6AA818-5BFA-4F03-883C-5FCF6A91EC65} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {16596EF7-542F-4431-8704-1D5491B94CE0} - System32\Tasks\YZQRCM => C:\Users\Iris\AppData\Roaming\YZQRCM.exe [2015-01-30] (home) <==== ATTENTION
Task: {22F4B317-F90F-4D45-8E49-D1EFA17725F7} - System32\Tasks\CNPQO => C:\Users\Iris\AppData\Roaming\CNPQO.exe [2015-01-30] (home) <==== ATTENTION
Task: {3D61946B-23BE-42F2-A9DE-54450EA48419} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {450A4E0B-A288-4CCC-9D6C-BFCB50FA2186} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-31] (Adobe Systems Incorporated)
Task: {519F2A36-5F5A-4795-B03F-0A7202F5EFB5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {60DFF8E0-C4B6-488B-8031-28526C9F4C52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-25] (Google Inc.)
Task: {8C87204A-94CC-43A4-99FD-E026397614C5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BC27A4D8-5960-45B0-95B0-AB399C32C614} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {D3C5021A-A9F3-4B70-B947-A3A28029454C} - System32\Tasks\Fujitsu\DeskUpdateRetry => c:\Fujitsu\Programs\DeskUpdate\ducmd.exe [2010-10-13] (Fujitsu Technology Solutions)
Task: {E044AD13-0F00-42E1-ADC0-B9BCE2CB5970} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2012-05-29] (TuneUp Software)
Task: {E57DCCFA-155A-4510-909B-EE72BC0A842C} - System32\Tasks\Fujitsu\DeskUpdate => c:\Fujitsu\Programs\DeskUpdate\ducmd.exe [2010-10-13] (Fujitsu Technology Solutions)
Task: {FE922BD5-19C5-4753-B863-65E979E82ECC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-25] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CNPQO.job => C:\Users\Iris\AppData\Roaming\CNPQO.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\YZQRCM.job => C:\Users\Iris\AppData\Roaming\YZQRCM.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2009-01-26 16:49 - 2009-01-26 16:49 - 00032768 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2008-10-14 12:38 - 2008-10-14 12:38 - 00014336 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\schedutils.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00014336 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\cutils.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00025088 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\osal.dll
2009-01-26 16:49 - 2009-01-26 16:49 - 00229376 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\serviceagent.dll
2009-01-26 16:46 - 2009-01-26 16:46 - 00204800 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\messaging.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00017920 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\cmessaging.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00009216 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\threadpool.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00014336 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\utils.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00011264 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\cuxml.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00057344 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\transports.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00208896 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\ssl.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00876544 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\crypto.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00077824 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\expat.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00081920 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\registration.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00090112 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\remoteaccess.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00057344 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\scheduler.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00053248 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\pollingserver.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00045056 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\acm.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00021504 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\httpbroker.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00086016 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\monitormanager.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00053248 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\filetransfer.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00013312 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\urischeme.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00155648 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\filerepository.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00008192 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\md5c.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00258048 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\swupdate.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00053248 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\commoncfg.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00045056 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\usagejob.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00008192 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\sslinit.dll
2009-01-15 14:50 - 2009-01-15 14:50 - 00017408 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\c2sLogger.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00043008 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\httpServerConnDS.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00012288 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\sctunnel.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00017408 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\ttunnel.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00057344 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\totalaccess.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00010240 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaversions.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00014336 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\stdinstallers.dll
2009-03-25 10:23 - 2009-03-25 10:23 - 00029184 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\exectaDS.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00026112 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\winwmids.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00009728 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\pstoreds.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00057344 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\winsysinfods.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00057344 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\winvmstatds.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00025600 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\winfsinfods.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00026112 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\cmdds.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00006656 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\uadfw.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00016896 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\stdrules.dll
2008-10-14 12:38 - 2008-10-14 12:38 - 00008192 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\rulelib.dll
2012-08-27 20:33 - 2012-08-27 20:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 20:33 - 2012-08-27 20:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Iris\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-03 01:44 - 2015-02-03 01:44 - 00043008 _____ () c:\users\iris\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxz0cxk.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Iris\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Iris\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Iris\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3450306727-158836411-271950113-500 - Administrator - Disabled)
Gast (S-1-5-21-3450306727-158836411-271950113-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3450306727-158836411-271950113-1002 - Limited - Enabled)
Iris (S-1-5-21-3450306727-158836411-271950113-1001 - Administrator - Enabled) => C:\Users\Iris

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/03/2015 01:44:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2015 01:35:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Skype.exe, Version: 6.20.0.104, Zeitstempel: 0x53fd9215
Name des fehlerhaften Moduls: Skype.exe, Version: 6.20.0.104, Zeitstempel: 0x53fd9215
Ausnahmecode: 0x40000015
Fehleroffset: 0x00c079fe
ID des fehlerhaften Prozesses: 0x8b8
Startzeit der fehlerhaften Anwendung: 0xSkype.exe0
Pfad der fehlerhaften Anwendung: Skype.exe1
Pfad des fehlerhaften Moduls: Skype.exe2
Berichtskennung: Skype.exe3

Error: (02/03/2015 01:34:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2015 01:33:36 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (02/03/2015 01:29:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2015 01:28:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Skype.exe, Version: 6.20.0.104, Zeitstempel: 0x53fd9215
Name des fehlerhaften Moduls: Skype.exe, Version: 6.20.0.104, Zeitstempel: 0x53fd9215
Ausnahmecode: 0x40000015
Fehleroffset: 0x00c079fe
ID des fehlerhaften Prozesses: 0x968
Startzeit der fehlerhaften Anwendung: 0xSkype.exe0
Pfad der fehlerhaften Anwendung: Skype.exe1
Pfad des fehlerhaften Moduls: Skype.exe2
Berichtskennung: Skype.exe3

Error: (02/03/2015 01:26:25 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (02/03/2015 01:16:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514, Zeitstempel: 0x4ce7ae7f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x5315a05a
Ausnahmecode: 0x0000046b
Fehleroffset: 0x000000000000940d
ID des fehlerhaften Prozesses: 0x80c
Startzeit der fehlerhaften Anwendung: 0xwmpnetwk.exe0
Pfad der fehlerhaften Anwendung: wmpnetwk.exe1
Pfad des fehlerhaften Moduls: wmpnetwk.exe2
Berichtskennung: wmpnetwk.exe3

Error: (02/03/2015 01:14:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2015 01:11:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Skype.exe, Version: 6.20.0.104, Zeitstempel: 0x53fd9215
Name des fehlerhaften Moduls: Skype.exe, Version: 6.20.0.104, Zeitstempel: 0x53fd9215
Ausnahmecode: 0x40000015
Fehleroffset: 0x00c079fe
ID des fehlerhaften Prozesses: 0x80c
Startzeit der fehlerhaften Anwendung: 0xSkype.exe0
Pfad der fehlerhaften Anwendung: Skype.exe1
Pfad des fehlerhaften Moduls: Skype.exe2
Berichtskennung: Skype.exe3


System errors:
=============
Error: (02/03/2015 01:46:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth-Unterstützungsdienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/03/2015 01:46:01 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth-Unterstützungsdienst erreicht.

Error: (02/03/2015 01:41:11 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Dienst "Bonjour"" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1.

Error: (02/03/2015 01:38:49 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: 
%%-2147014790

Error: (02/03/2015 01:37:33 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147014790.

Error: (02/03/2015 01:37:33 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT-AUTORITÄT)
Description: Fehler beim Starten des BITS-Dienstes. Fehler: 2147952506.

Error: (02/03/2015 01:36:28 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 
%%10106

Error: (02/03/2015 01:36:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%10106

Error: (02/03/2015 01:36:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%10106

Error: (02/03/2015 01:36:27 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 
%%10106


Microsoft Office Sessions:
=========================
Error: (02/03/2015 01:44:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2015 01:35:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe6.20.0.10453fd9215Skype.exe6.20.0.10453fd92154000001500c079fe8b801d03f4922a495c9C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Skype\Phone\Skype.exe84580c85-ab3c-11e4-a552-e0ca94beb0f6

Error: (02/03/2015 01:34:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2015 01:33:36 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (02/03/2015 01:29:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2015 01:28:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe6.20.0.10453fd9215Skype.exe6.20.0.10453fd92154000001500c079fe96801d03f4822dbdde5C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Skype\Phone\Skype.exe8329e853-ab3b-11e4-a585-e0ca94beb0f6

Error: (02/03/2015 01:26:25 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (02/03/2015 01:16:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmpnetwk.exe12.0.7601.175144ce7ae7fKERNELBASE.dll6.1.7601.184095315a05a0000046b000000000000940d80c01d03f466b5d5c6eC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\KERNELBASE.dllde5720bc-ab39-11e4-8bab-e0ca94beb0f6

Error: (02/03/2015 01:14:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2015 01:11:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe6.20.0.10453fd9215Skype.exe6.20.0.10453fd92154000001500c079fe80c01d03f45e4bd248dC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Skype\Phone\Skype.exe43c2dc0c-ab39-11e4-8bab-e0ca94beb0f6


CodeIntegrity Errors:
===================================
  Date: 2015-02-02 22:12:58.659
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-02 22:12:58.481
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-02 22:04:36.712
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-02 22:04:36.493
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-02 21:34:28.489
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-02 21:34:28.302
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-02 21:26:56.727
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-02 21:26:56.555
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-02 21:21:04.741
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-02 21:21:04.507
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 46%
Total physical RAM: 3892.55 MB
Available physical RAM: 2063.75 MB
Total Pagefile: 7783.29 MB
Available Pagefile: 5838.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:463.76 GB) (Free:185.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (USB DISK) (Removable) (Total:3.73 GB) (Free:2.2 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F424250E)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=463.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Alt 04.02.2015, 00:13   #9
Bootsektor
/// TB-Ausbilder
 
Searchpage/genesis offers/ thanksforthedownload etc. - Standard

Searchpage/genesis offers/ thanksforthedownload etc.



Hallo Iris,

Zitat:
bin gespannt auf den Stand der Dinge Man hat schon gemerkt wie sehr es meinem Laptop gut getan hat, als ich all die von dir aufgezählten Programme deinstalliert habe
Der Stand der Dinge ist, dass wir noch etwas Arbeit vor uns haben.
Bitte ändere alle deine Passwörter von einem sauberen Rechner aus! Und arbeite bitte weiterhin mit.

Kannst du FRST eigentlich wieder normal von deinem Rechner aus benutzen?

Schritt 1
Bitte poste mir auch noch:


AdwCleaner[S0].txt - [44816 octets] - [03/02/2015 00:25:34]
AdwCleaner[S1].txt - [1849 octets] - [03/02/2015 01:17:51


Diese befinden sich in folgendem Verzeichnis
C:\AdwCleaner\

Schritt 2
Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Wählen Sie eine
  • Kopiere nun folgendes in die Suchleiste
    Code:
    ATTFilter
    c:\Program Files (x86)\SystemLift\SystemLift.dll
             
  • und klicke auf Öffnen.
  • Klicke auf Scannen!.
  • Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen
    Zitat:
    Diese Datei wurde bereits von VirusTotal analysiert...
    klicke auf Neu analysieren.
  • Warte bis dir das Analysedatum angezeigt wird und der Scan abgeschlossen ist.
  • Kopiere den Link aus deiner Adresszeile und poste ihn hier.
Wiederhole die selben Schritte mit folgenden Dateien:
Code:
ATTFilter
C:\ProgramData\EiTVjiBBmwA\gsEyZbUfv.exe
C:\Users\Iris\AppData\Local\Temp\in_mh9db.dll
         


Schritt 3
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Schritt 4
Starte noch einmal FRST.
  • Setze den Haken bei addition.txt und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
  • Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

Alt 24.02.2015, 01:05   #10
Irissss
 
Searchpage/genesis offers/ thanksforthedownload etc. - Standard

Searchpage/genesis offers/ thanksforthedownload etc.



Ich bin wieder da

Schritt 1:
Code:
ATTFilter
# AdwCleaner v4.109 - Bericht erstellt am 03/02/2015 um 00:25:34
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-02-02.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Iris - IRIS-PC
# Gestartet von : C:\Users\Iris\Desktop\AdwCleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : IePluginServices
[#] Dienst Gelöscht : MyOSProtect
[#] Dienst Gelöscht : ProtectMonitor
Dienst Gelöscht : Scores
Dienst Gelöscht : WindowsMangerProtect

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Browser
Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\OnlineLowDeals
Ordner Gelöscht : C:\ProgramData\ZombieInvasion
Ordner Gelöscht : C:\ProgramData\CheapCoupon
Ordner Gelöscht : C:\ProgramData\deaaL4real
Ordner Gelöscht : C:\ProgramData\less2Peayu
Ordner Gelöscht : C:\ProgramData\PriceDownloader
Ordner Gelöscht : C:\ProgramData\SalesChecker
Ordner Gelöscht : C:\ProgramData\ShopperMaster
Ordner Gelöscht : C:\ProgramData\7fee0af45c734d07
Ordner Gelöscht : C:\ProgramData\9218317531913342215
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\HDvidCodec.com
Ordner Gelöscht : C:\Program Files (x86)\Movie2KDownloader.com
Ordner Gelöscht : C:\Program Files (x86)\openit
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Program Files (x86)\WebEnhance
Ordner Gelöscht : C:\Program Files (x86)\WinZipper
Ordner Gelöscht : C:\Program Files (x86)\SaverAddon
Ordner Gelöscht : C:\Program Files (x86)\less2Peayu
Ordner Gelöscht : C:\Program Files (x86)\PriceDownloader
Ordner Gelöscht : C:\Program Files (x86)\ShopperMaster
Ordner Gelöscht : C:\Program Files (x86)\BetterPRicEEChec
Ordner Gelöscht : C:\Program Files (x86)\ExtraSihopoperu
Ordner Gelöscht : C:\Program Files (x86)\less2apaay
Ordner Gelöscht : C:\Program Files (x86)\LuckyiShOppera
Ordner Gelöscht : C:\Program Files (x86)\ROyalCCouppon
Ordner Gelöscht : C:\Program Files (x86)\RoYalCouupon
Ordner Gelöscht : C:\Program Files (x86)\savingitOYouu
Ordner Gelöscht : C:\Program Files (x86)\SmmartCompare
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Iris\Qtrax
Ordner Gelöscht : C:\Users\Iris\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Iris\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Iris\AppData\Local\playnowradio
Ordner Gelöscht : C:\Users\Iris\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\Iris\AppData\Local\SmartWeb
Ordner Gelöscht : C:\Users\Iris\AppData\Local\ZombieInvasion
Ordner Gelöscht : C:\Users\Iris\AppData\Local\Genesis_09281823
Ordner Gelöscht : C:\Users\Iris\AppData\Local\Genesis_09281825
Ordner Gelöscht : C:\Users\Iris\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Iris\AppData\Roaming\AnyProtectEx
Ordner Gelöscht : C:\Users\Iris\AppData\Roaming\ASP
Ordner Gelöscht : C:\Users\Iris\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Iris\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\Iris\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\Iris\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Iris\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Iris\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Ordner Gelöscht : C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com
Ordner Gelöscht : C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Ordner Gelöscht : C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\4e09pvdy.default-1381074144463\Extensions\faststartff@gmail.com
Ordner Gelöscht : C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com
Ordner Gelöscht : C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\a4uB@dP.edu
Ordner Gelöscht : C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\BXzm@R.com
Ordner Gelöscht : C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\DOAs@D.edu
Ordner Gelöscht : C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\mM@GPCbN35.net
Ordner Gelöscht : C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\nL@Eak.com
Ordner Gelöscht : C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\rZP@H.edu
Ordner Gelöscht : C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\U@inl.edu
Ordner Gelöscht : C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\Wy@PcOHg6F21.com
Ordner Gelöscht : C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\Y91x2u@rXO.com
Ordner Gelöscht : C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Ordner Gelöscht : C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebcpofjimbbchggpnfcaiieolloeodp
Ordner Gelöscht : C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnbcopcndefcccgdofjadnafjljgofam
Ordner Gelöscht : C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Ordner Gelöscht : C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Ordner Gelöscht : C:\ProgramData\lofihbppcacmfhnckemcphfagebhaogg
Ordner Gelöscht : C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\plgljbjjfdpaboeflppnamegkoohadeh
Datei Gelöscht : C:\END
Datei Gelöscht : C:\monitor.exe
Datei Gelöscht : C:\monitorsvc.exe
Datei Gelöscht : C:\Users\Iris\Favorites\eBay.lnk
Datei Gelöscht : C:\Windows\score.exe
Datei Gelöscht : C:\Windows\SysWOW64\installd.exe
Datei Gelöscht : C:\Windows\SysWOW64\MyOSProtect.dll
Datei Gelöscht : C:\Windows\SysWOW64\MyOSProtect.ini
Datei Gelöscht : C:\Windows\SysWOW64\MyOSProtectOff.ini
Datei Gelöscht : C:\Users\Iris\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Windows\System32\MyOSProtect64.dll
Datei Gelöscht : C:\Windows\System32\MyOSProtectOff.ini
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Iris\AppData\Local\BargainWorkbench.crx
Datei Gelöscht : C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
Datei Gelöscht : C:\Users\Iris\Desktop\Continue Live Installation.lnk
Datei Gelöscht : C:\Users\Iris\Desktop\Qtrax Player.lnk
Datei Gelöscht : C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\2f7msf6n.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\4e09pvdy.default-1381074144463\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\4e09pvdy.default-1381074144463\bprotector_prefs.js
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\delta-homes.xml
Datei Gelöscht : C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\4e09pvdy.default-1381074144463\user.js
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\omiga-plus.xml
Datei Gelöscht : C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
Datei Gelöscht : C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.triple-search.com_0.localstorage
Datei Gelöscht : C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.triple-search.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\bprotector web data
Datei Gelöscht : C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage
Datei Gelöscht : C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : APSnotifierPP1
Task Gelöscht : APSnotifierPP2
Task Gelöscht : APSnotifierPP3
Task Gelöscht : DSite
Task Gelöscht : LaunchSignup
Task Gelöscht : YTDownloader

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{38e9e285-5266-4fe2-b5b5-c14c29b0cd45}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\gebcpofjimbbchggpnfcaiieolloeodp
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\gebcpofjimbbchggpnfcaiieolloeodp
Schlüssel Gelöscht : HKLM64\SOFTWARE\Google\Chrome\Extensions\gebcpofjimbbchggpnfcaiieolloeodp
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh
Schlüssel Gelöscht : HKLM64\SOFTWARE\Google\Chrome\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [qtraxnotification]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Wert Gelöscht : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P0243c6aa_9c63_478b_8ebe_36959530e8c5_.P0243c6aa_9c63_478b_8ebe_36959530e8c5_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P0243c6aa_9c63_478b_8ebe_36959530e8c5_.P0243c6aa_9c63_478b_8ebe_36959530e8c5_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P150023d7_264b_42cb_a367_d0656604a759_.P150023d7_264b_42cb_a367_d0656604a759_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P150023d7_264b_42cb_a367_d0656604a759_.P150023d7_264b_42cb_a367_d0656604a759_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P234a6ea0_0ba8_459d_a8f3_d107e3aef29b_.P234a6ea0_0ba8_459d_a8f3_d107e3aef29b_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P234a6ea0_0ba8_459d_a8f3_d107e3aef29b_.P234a6ea0_0ba8_459d_a8f3_d107e3aef29b_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\.
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\..9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Pa36936ba_c2f9_48e2_9394_2e3ae579431c_.Pa36936ba_c2f9_48e2_9394_2e3ae579431c_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Pa36936ba_c2f9_48e2_9394_2e3ae579431c_.Pa36936ba_c2f9_48e2_9394_2e3ae579431c_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Pd09d5824_6f73_44fa_9ff7_96761222ac5c_.Pd09d5824_6f73_44fa_9ff7_96761222ac5c_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Pd09d5824_6f73_44fa_9ff7_96761222ac5c_.Pd09d5824_6f73_44fa_9ff7_96761222ac5c_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Pd142d4db_11ad_4ec8_9c2a_386d3676fd32_.Pd142d4db_11ad_4ec8_9c2a_386d3676fd32_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Pd142d4db_11ad_4ec8_9c2a_386d3676fd32_.Pd142d4db_11ad_4ec8_9c2a_386d3676fd32_.9
Schlüssel Gelöscht : HKCU\Software\52ede8cb33ebf42
Schlüssel Gelöscht : HKLM\SOFTWARE\52ede8cb33ebf42
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{59191eaf}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0243c6aa-9c63-478b-8ebe-36959530e8c5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{150023d7-264b-42cb-a367-d0656604a759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{234a6ea0-0ba8-459d-a8f3-d107e3aef29b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2ab04d8f-df1b-404c-bac7-d568a752b99e}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{74be7230-d366-4041-9467-294dbd6295f9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{a36936ba-c2f9-48e2-9394-2e3ae579431c}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{c6ae42d8-ab05-42e1-a694-40c28454de55}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{d09d5824-6f73-44fa-9ff7-96761222ac5c}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{d142d4db-11ad-4ec8-9c2a-386d3676fd32}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{234a6ea0-0ba8-459d-a8f3-d107e3aef29b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c6ae42d8-ab05-42e1-a694-40c28454de55}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d09d5824-6f73-44fa-9ff7-96761222ac5c}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{398C01F1-E584-46AD-A649-4F78B435DCFE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0243c6aa-9c63-478b-8ebe-36959530e8c5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{150023d7-264b-42cb-a367-d0656604a759}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{234a6ea0-0ba8-459d-a8f3-d107e3aef29b}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2ab04d8f-df1b-404c-bac7-d568a752b99e}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74be7230-d366-4041-9467-294dbd6295f9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c6ae42d8-ab05-42e1-a694-40c28454de55}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d142d4db-11ad-4ec8-9c2a-386d3676fd32}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{398C01F1-E584-46AD-A649-4F78B435DCFE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0243c6aa-9c63-478b-8ebe-36959530e8c5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{150023d7-264b-42cb-a367-d0656604a759}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{234a6ea0-0ba8-459d-a8f3-d107e3aef29b}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2ab04d8f-df1b-404c-bac7-d568a752b99e}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{74be7230-d366-4041-9467-294dbd6295f9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c6ae42d8-ab05-42e1-a694-40c28454de55}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d142d4db-11ad-4ec8-9c2a-386d3676fd32}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0243c6aa-9c63-478b-8ebe-36959530e8c5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{150023d7-264b-42cb-a367-d0656604a759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{234a6ea0-0ba8-459d-a8f3-d107e3aef29b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2ab04d8f-df1b-404c-bac7-d568a752b99e}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{74be7230-d366-4041-9467-294dbd6295f9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a36936ba-c2f9-48e2-9394-2e3ae579431c}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{c6ae42d8-ab05-42e1-a694-40c28454de55}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d09d5824-6f73-44fa-9ff7-96761222ac5c}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d142d4db-11ad-4ec8-9c2a-386d3676fd32}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\CLSID\{0243c6aa-9c63-478b-8ebe-36959530e8c5}
Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\CLSID\{150023d7-264b-42cb-a367-d0656604a759}
Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\CLSID\{234a6ea0-0ba8-459d-a8f3-d107e3aef29b}
Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\CLSID\{2ab04d8f-df1b-404c-bac7-d568a752b99e}
Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\CLSID\{74be7230-d366-4041-9467-294dbd6295f9}
Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\CLSID\{a36936ba-c2f9-48e2-9394-2e3ae579431c}
Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\CLSID\{c6ae42d8-ab05-42e1-a694-40c28454de55}
Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\CLSID\{d09d5824-6f73-44fa-9ff7-96761222ac5c}
Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\CLSID\{d142d4db-11ad-4ec8-9c2a-386d3676fd32}
Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Schlüssel Gelöscht : HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{234a6ea0-0ba8-459d-a8f3-d107e3aef29b}
Schlüssel Gelöscht : HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c6ae42d8-ab05-42e1-a694-40c28454de55}
Schlüssel Gelöscht : HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d09d5824-6f73-44fa-9ff7-96761222ac5c}
Wert Gelöscht : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU64\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU64\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Schlüssel Gelöscht : HKLM64\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\DataMngr
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\genesis
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\MyBestOffersToday
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\qtrax
Schlüssel Gelöscht : HKCU\Software\SupHpUISoft
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\WebEnhance
Schlüssel Gelöscht : HKCU\Software\PCTRunner
Schlüssel Gelöscht : HKCU\Software\StormWatch
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\LyricsFinder
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\delta-homesSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\hdcode
Schlüssel Gelöscht : HKLM\SOFTWARE\MyBestOffersToday
Schlüssel Gelöscht : HKLM\SOFTWARE\omiga-plusSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\supWPM
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\V9
Schlüssel Gelöscht : HKLM\SOFTWARE\winzipersvc
Schlüssel Gelöscht : HKLM\SOFTWARE\PCDRunner
Schlüssel Gelöscht : HKLM\SOFTWARE\PCTRunner
Schlüssel Gelöscht : HKLM\SOFTWARE\GAMESDESKTOP
Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D471A31-4FA7-95BA-1880-D441113ED736}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebEnhance
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE9B04F2-E9E8-162C-829B-52C116B3EFCC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{10A0E600-D246-BD63-F465-4C849C688998}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35E0D123-1F22-9AE6-F973-B7ECA46E8BFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2FA77785-00C3-A920-6452-D4FE5C9C129F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{82B558C7-2A69-D3D5-B65A-DCAB3B65AD02}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2616871-3463-BCEE-5AFA-73773317A381}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A9F7A981-09A3-C1F7-2D46-1BA20CFDF02F}
Schlüssel Gelöscht : HKLM64\SOFTWARE\ShopperPro
Schlüssel Gelöscht : HKLM64\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : HKLM64\SOFTWARE\YTDownloader
Schlüssel Gelöscht : HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta-search.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mmotraffic.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16563

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v32.0.3 (x86 de)

[26b5hbxq.default-1412446074992\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "Trovi");
[26b5hbxq.default-1412446074992\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "Trovi");
[26b5hbxq.default-1412446074992\prefs.js] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/corse/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M3F2EFB8E-8652-43E1-A5AD-2A1CE869AE5B&SearchSource=70&CUI=&SSPV=&Lay=LAY_ID&UM=2&UP=SP[...]
[26b5hbxq.default-1412446074992\prefs.js] - Zeile gelöscht : user_pref("extensions.1UIG65AmewlebVqZ.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[26b5hbxq.default-1412446074992\prefs.js] - Zeile gelöscht : user_pref("extensions.6Xd04IAbEmejMkK1.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[26b5hbxq.default-1412446074992\prefs.js] - Zeile gelöscht : user_pref("extensions.a0cd1569197354ecf9be03d3ee3bc4210848f7b5a58324f064fcom63831.63831.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22a[...]
[26b5hbxq.default-1412446074992\prefs.js] - Zeile gelöscht : user_pref("extensions.a0cd1569197354ecf9be03d3ee3bc4210848f7b5a58324f064fcom63831.63831.internaldb.__ICM_LITE__fifty_test_rules.value", "%7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.com%22%2C%22op[...]
[26b5hbxq.default-1412446074992\prefs.js] - Zeile gelöscht : user_pref("extensions.a0cd1569197354ecf9be03d3ee3bc4210848f7b5a58324f064fcom63831.63831.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D[...]
[26b5hbxq.default-1412446074992\prefs.js] - Zeile gelöscht : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
[26b5hbxq.default-1412446074992\prefs.js] - Zeile gelöscht : user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_meta.value", "%7B%22handlebars.js%22%3A%7B%22id%22%3A838651%2C%22ver%22%3A1%2C%22status%22%3A1%2C%22name%22%3A%2[...]
[26b5hbxq.default-1412446074992\prefs.js] - Zeile gelöscht : user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_resource_838660.value", "%22function%20startAskCom%28e%2Ct%2Cr%29%7Bfunction%20a%28e%29%7Bvar%20t%3Dnew%20RegExp[...]
[26b5hbxq.default-1412446074992\prefs.js] - Zeile gelöscht : user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22[...]
[26b5hbxq.default-1412446074992\prefs.js] - Zeile gelöscht : user_pref("extensions.crossrider.bic", "148dfe4e2c85c581a3f7c8eb4c1297ee");
[26b5hbxq.default-1412446074992\prefs.js] - Zeile gelöscht : user_pref("extensions.ohBxsLVFG18FIRgJ.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[26b5hbxq.default-1412446074992\prefs.js] - Zeile gelöscht : user_pref("extensions.ohBxsLVFG18FIRgJ.url", "hxxp://transferbox.info/sync2/?q=hfZ9ojVVWePKtNbPhd9FtMqLDe49CNU0mwkMCMlNhd9FqjaGrdsGrjwHrHgMBzqUojw8rdsErTsFrHnEqSh7hfs0pihPBMn0rjs8rjaEpdC7rjkHpdkGrdCGr[...]
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=980e72c3000000000000e0ca94beb0f6");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("avg.install.userSPSettings", "Delta Search");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119776&babsrc=NT_ss&mntrId=980e72c3000000000000e0ca94beb0f6");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://tikotin.com");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119776&babsrc=NT_ss&mntrId=980e72c3000000000000e0ca94beb0f6");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.admin", false);
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.bbDpng", "6");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.cntry", "DE");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.dfltLng", "en");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.hdrMd5", "A731EDACB0CB7573B27054347BCDCC99");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.id", "980e72c3000000000000e0ca94beb0f6");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.instlDay", "15753");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.lastVrsnTs", "1.8.10.022:33:40");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.newTab", false);
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.sg", "azb");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.smplGrp", "azb");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.10.0");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.10.0");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.10.022:33:40");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.enabledAddons", "ffxtlbr%40delta.com:1.5.0,plugin%40yontoo.com:1.20.02,%7B5a95a9e0-59dd-4314-bd84-4d18ca83a0e2%7D:1.26,toolbar%40gmx.net:2.7.1,%7B972ce4c6-7e08-4474-a285-3208198c[...]
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.affiliate_id", "6447");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.firstrun", "false");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.log_send_info", "false");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21087\",\"supported_sites\":{\"google\":{\"patterns\":[\"^http\\\\:\\/\\/www\\\\.google\\\\..{2,3}(\\\\\\/ig\\\\\\/firefox)\",\"[...]
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.no_trace", "false");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.server_current_mapping_version", "0.21087");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.supported_sites.amazon_product.priam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam'[...]
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.supported_sites.amazon_v2.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';wind[...]
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.supported_sites.bing.wajam_yahoo_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';win[...]
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.supported_sites.ebay_product.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';w[...]
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.supported_sites.ebay_v2.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window[...]
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.supported_sites.encryptedgoogle.wajam_google_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'W[...]
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';[...]
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.supported_sites.tripadvisor.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';wi[...]
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.supported_sites.wikipedia.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';wind[...]
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.supported_sites.yahoo.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['[...]
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.supported_sites.youtubesearch.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';[...]
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.trace_log", "1379505012754 - onFlagInfoReceived - Server mapping version: 0.21087\n1379505012755 - onFlagInfoReceived - Server mapping version (client-side): 0.21087\n13795[...]
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.unique_id", "6342BC9327B03F7CEB37C5ED26F3A94C");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.user_current_mapping_version", "0");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.version", "1.26");
[2f7msf6n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.website_version", "1.00275.0");
[4e09pvdy.default-1381074144463\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[4e09pvdy.default-1381074144463\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "Trovi search");
[4e09pvdy.default-1381074144463\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "Trovi search");
[4e09pvdy.default-1381074144463\prefs.js] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://tikotin.com");
[4e09pvdy.default-1381074144463\prefs.js] - Zeile gelöscht : user_pref("extensions.crossrider.bic", "148bd85b9d00d03844a583c30265f878");
[4e09pvdy.default-1381074144463\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[4e09pvdy.default-1381074144463\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[r0nvpq6j.default-1381074062671\prefs.js] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://tikotin.com");

-\\ Google Chrome v37.0.2062.124

[C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M3F2EFB8E-8652-43E1-A5AD-2A1CE869AE5B&SearchSource=58&CUI=&UM=2&UP=SP148E3FF6-F5F7-42C6-AF12-DBEEA8245E4B&q={searchTerms}&SSPV=
[C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1420036292&from=wpm12233&uid=ST9500325AS_S2WFP9Z5XXXXS2WFP9Z5&q={searchTerms}
         
Code:
ATTFilter
# AdwCleaner v4.109 - Bericht erstellt am 03/02/2015 um 01:17:51
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-24.3 [Local]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Iris - IRIS-PC
# Gestartet von : C:\Users\Iris\Desktop\AdwCleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Ordner Gelöscht : C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebcpofjimbbchggpnfcaiieolloeodp
Ordner Gelöscht : C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnbcopcndefcccgdofjadnafjljgofam
Ordner Gelöscht : C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Ordner Gelöscht : C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Datei Gelöscht : C:\monitor.exe

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16563


-\\ Mozilla Firefox v32.0.3 (x86 de)


-\\ Google Chrome v37.0.2062.124
         
ja, ich habe FRST auf meinem Laptop gespeichert und kann es direkt von hier nutzen.

...Leider dauert Schritt 2 ewig lang, ich hab das wohl unterschätzt.. Werde mir in den nächsten Tagen mal einige Stunden Zeit nehmen und die Schritte nebenbei abarbeiten. Freue mich auf den Tag an dem ich meinen Laptop wieder normal gebrauchen kann.. Schönen "Abend"/Nacht dir noch

Alt 24.02.2015, 10:51   #11
Bootsektor
/// TB-Ausbilder
 
Searchpage/genesis offers/ thanksforthedownload etc. - Standard

Searchpage/genesis offers/ thanksforthedownload etc.



Hallo Iris,

klasse, dass du dich wieder gemeldet hast. Ich warte dann auf die restlichen Schritte.

Alt 02.03.2015, 13:51   #12
Irissss
 
Searchpage/genesis offers/ thanksforthedownload etc. - Standard

Searchpage/genesis offers/ thanksforthedownload etc.



Schritt 2:

https://www.virustotal.com/de/file/429aded3fdbbdf45af7b5a71cfaa9f5402426f885b298f4f2779d49a6186e7c9/analysis/1425300919/

https://www.virustotal.com/de/file/1f4d1db98e8f10c5cd7e2878cf253d6bb344c6d59bf35f310874aa6f57770315/analysis/1425301232/

https://www.virustotal.com/de/file/2a05ee993bc78d11fc63ef8d418e2fc5e9131537b51439248fc83f6d2b7c8429/analysis/1425301356/

Schritt 3:

Code:
ATTFilter
ComboFix 15-03-01.01 - Iris 02.03.2015  14:24:54.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3893.1865 [GMT 1:00]
ausgeführt von:: c:\users\Iris\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ApppttoU
c:\program files (x86)\ApppttoU\ik6sagbY2Ht8i6.dat
c:\program files (x86)\ApppttoU\ik6sagbY2Ht8i6.dll
c:\program files (x86)\ApppttoU\ik6sagbY2Ht8i6.exe
c:\program files (x86)\ApppttoU\ik6sagbY2Ht8i6.tlb
c:\program files (x86)\ApppttoU\ik6sagbY2Ht8i6.x64.dll
c:\programdata\0tbpw.pad
c:\programdata\3135297565
c:\programdata\3135297565\BIT1C3A.tmp
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfcdbaimlghobbjcnedilbjalppkblik
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfcdbaimlghobbjcnedilbjalppkblik\146\background.html
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfcdbaimlghobbjcnedilbjalppkblik\146\content.js
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfcdbaimlghobbjcnedilbjalppkblik\146\lsdb.js
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfcdbaimlghobbjcnedilbjalppkblik\146\manifest.json
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfcdbaimlghobbjcnedilbjalppkblik\146\Rfi.js
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbibcldlgllnamlpilmfleeobcgalfgi
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbibcldlgllnamlpilmfleeobcgalfgi\155\background.html
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbibcldlgllnamlpilmfleeobcgalfgi\155\content.js
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbibcldlgllnamlpilmfleeobcgalfgi\155\G3syVjiKgn.js
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbibcldlgllnamlpilmfleeobcgalfgi\155\lsdb.js
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbibcldlgllnamlpilmfleeobcgalfgi\155\manifest.json
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeammepjjllhpcfnkohocddkmdejjebc
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeammepjjllhpcfnkohocddkmdejjebc\120\background.html
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeammepjjllhpcfnkohocddkmdejjebc\120\content.js
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeammepjjllhpcfnkohocddkmdejjebc\120\lsdb.js
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeammepjjllhpcfnkohocddkmdejjebc\120\manifest.json
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeammepjjllhpcfnkohocddkmdejjebc\120\vqvO4ZThb.js
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\heaonkngmjjglodfnhecekakddbggmhi
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\heaonkngmjjglodfnhecekakddbggmhi\144\background.html
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\heaonkngmjjglodfnhecekakddbggmhi\144\content.js
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\heaonkngmjjglodfnhecekakddbggmhi\144\itR7.js
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\heaonkngmjjglodfnhecekakddbggmhi\144\lsdb.js
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\heaonkngmjjglodfnhecekakddbggmhi\144\manifest.json
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idpclaojcopihmplcfnmgfkllldpajen
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idpclaojcopihmplcfnmgfkllldpajen\124\background.html
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idpclaojcopihmplcfnmgfkllldpajen\124\content.js
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idpclaojcopihmplcfnmgfkllldpajen\124\lsdb.js
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idpclaojcopihmplcfnmgfkllldpajen\124\manifest.json
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idpclaojcopihmplcfnmgfkllldpajen\124\RN.js
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikbgmjbblkefbdmndheohoboafbagffo
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikbgmjbblkefbdmndheohoboafbagffo\168\background.html
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikbgmjbblkefbdmndheohoboafbagffo\168\content.js
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikbgmjbblkefbdmndheohoboafbagffo\168\lsdb.js
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikbgmjbblkefbdmndheohoboafbagffo\168\manifest.json
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikbgmjbblkefbdmndheohoboafbagffo\168\OL6CwLMPU.js
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jclfgmgojdnckljehaliiiolimmhmoad
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jclfgmgojdnckljehaliiiolimmhmoad\165\background.html
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jclfgmgojdnckljehaliiiolimmhmoad\165\content.js
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jclfgmgojdnckljehaliiiolimmhmoad\165\JiRrIj.js
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jclfgmgojdnckljehaliiiolimmhmoad\165\lsdb.js
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jclfgmgojdnckljehaliiiolimmhmoad\165\manifest.json
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeldhknnfopoiloahhpmbblbhemankjj
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeldhknnfopoiloahhpmbblbhemankjj\174\background.html
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeldhknnfopoiloahhpmbblbhemankjj\174\content.js
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeldhknnfopoiloahhpmbblbhemankjj\174\kS5.js
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeldhknnfopoiloahhpmbblbhemankjj\174\lsdb.js
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeldhknnfopoiloahhpmbblbhemankjj\174\manifest.json
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oalbpfagfhfkcmklpdanadjpbfdedndn
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oalbpfagfhfkcmklpdanadjpbfdedndn\106\background.html
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oalbpfagfhfkcmklpdanadjpbfdedndn\106\content.js
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oalbpfagfhfkcmklpdanadjpbfdedndn\106\lsdb.js
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oalbpfagfhfkcmklpdanadjpbfdedndn\106\manifest.json
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oalbpfagfhfkcmklpdanadjpbfdedndn\106\Ps1Hkp.js
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_heaonkngmjjglodfnhecekakddbggmhi_0.localstorage-journal
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_heaonkngmjjglodfnhecekakddbggmhi_0.localstorage
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_impaepofmnammebeenafgmllpnjaiime_0.localstorage-journal
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_impaepofmnammebeenafgmllpnjaiime_0.localstorage
c:\users\Iris\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Iris\AppData\Local\nshB9CA.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-02-02 bis 2015-03-02  ))))))))))))))))))))))))))))))
.
.
2015-03-02 13:37 . 2015-03-02 13:37	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-03-02 12:48 . 2015-03-02 12:50	--------	d-----w-	c:\users\Iris\AppData\Local\ZombieInvasion
2015-02-02 23:22 . 2015-02-03 00:40	--------	d-----w-	C:\AdwCleaner
2015-02-02 22:42 . 2015-02-02 22:47	--------	d-----w-	c:\program files (x86)\VS Revo Group
2015-02-02 22:30 . 2015-02-02 22:30	--------	d-----w-	c:\program files (x86)\YouTube Flags
2015-02-02 22:09 . 2015-02-02 22:09	--------	d-----w-	c:\program files (x86)\SystemLift
2015-02-02 21:26 . 2015-02-02 21:26	--------	d-----w-	c:\program files (x86)\GNotes Extension
2015-02-02 20:33 . 2015-02-02 20:33	687	----a-w-	C:\awh8B3E.tmp
2015-01-31 18:45 . 2015-02-03 00:50	--------	d-----w-	C:\FRST
2015-01-31 18:43 . 2015-01-31 18:43	687	----a-w-	C:\awh9443.tmp
2015-01-31 15:01 . 2015-01-31 15:01	687	----a-w-	C:\awhFB6E.tmp
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-24 00:22 . 2012-09-15 10:26	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-24 00:22 . 2012-09-15 10:26	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-31 12:42 . 2015-01-31 12:42	687	----a-w-	C:\awhE021.tmp
2015-01-31 12:21 . 2015-01-31 12:21	687	----a-w-	C:\awh92BD.tmp
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Iris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2015-01-24 1676344]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-25 39408]
"Spotify"="c:\users\Iris\AppData\Roaming\Spotify\spotify.exe" [2015-01-24 6737976]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-08-27 22041192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="c:\program files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe" [2009-10-08 36712]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-09 47976]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2009-07-08 162912]
"DeskUpdateNotifier"="c:\fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe" [2010-10-13 97560]
"AIS_MessageForYou"="c:\program files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe" [2010-03-18 1965056]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-18 152392]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-07-22 162856]
.
c:\users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Iris\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-2-11 42555824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 59191eaf;SystemLift;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 AISConnect;AIS Connect Agent;c:\program files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe;c:\program files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gsEyZbUfv;gsEyZbUfv;c:\programdata\EiTVjiBBmwA\gsEyZbUfv.exe;c:\programdata\EiTVjiBBmwA\gsEyZbUfv.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130116.013\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130126.002\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130126.002\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207020.003\SYMNETS.SYS [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x]
S2 PFNService;PFNService;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe [x]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe;c:\program files\Fujitsu\PSUtility\PSUService.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys;c:\windows\SYSNATIVE\DRIVERS\FUJ02E3.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 19:12	1096520	----a-w-	c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-15 00:22]
.
2015-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-25 11:41]
.
2015-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-25 11:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-12 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-12 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-12 410136]
"PfNet"="c:\program files\Fujitsu\Plugfree NETWORK\PfNet.exe" [2010-06-24 6310912]
"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2009-07-30 188264]
"FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-11-26 164712]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2009-10-15 157544]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2009-10-15 35176]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\Iris\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Iris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\
FF - prefs.js: keyword.URL - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{966aaa80-04b5-425e-bf92-1210e8b20af0} - c:\program files (x86)\ApppttoU\ik6sagbY2Ht8i6.dll
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Play Now Radio - c:\users\Iris\AppData\Local\playnowradio\playnowradio\1.3.19.3\playnowradio.exe
Wow6432Node-HKLM-Run-mbot_de_107 - (no file)
Wow6432Node-HKLM-Run-gmsd_de_138 - (no file)
Wow6432Node-HKLM-Run-mbot_de_472 - (no file)
BHO-{966aaa80-04b5-425e-bf92-1210e8b20af0} - c:\program files (x86)\ApppttoU\ik6sagbY2Ht8i6.x64.dll
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{01B91C29-337A-1FFD-7CFC-473451D2F861} - c:\program files (x86)\ApppttoU\ik6sagbY2Ht8i6.exe
AddRemove-2826921322.portal.qtrax.com - c:\program files (x86)\Microsoft Silverlight\5.1.20513.0\Silverlight.Configuration.exe
AddRemove-Qtrax Connection Manager - c:\users\Iris\Qtrax\Player\uninstallnotification.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3450306727-158836411-271950113-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\S-1-5-21-3450306727-158836411-271950113-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DIB\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\S-1-5-21-3450306727-158836411-271950113-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3450306727-158836411-271950113-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ICO\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.ico.15.4"
.
[HKEY_USERS\S-1-5-21-3450306727-158836411-271950113-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JFIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-3450306727-158836411-271950113-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPE\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-3450306727-158836411-271950113-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPEG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-3450306727-158836411-271950113-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-3450306727-158836411-271950113-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PNG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.png.15.4"
.
[HKEY_USERS\S-1-5-21-3450306727-158836411-271950113-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\S-1-5-21-3450306727-158836411-271950113-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIFF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\S-1-5-21-3450306727-158836411-271950113-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3450306727-158836411-271950113-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WDP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.wdp.15.4"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-03-02  14:43:55
ComboFix-quarantined-files.txt  2015-03-02 13:43
.
Vor Suchlauf: 14 Verzeichnis(se), 199.529.263.104 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 201.644.597.248 Bytes frei
.
- - End Of File - - FC05E98ED07406DEDF5EE04498FB59CA
         
Schritt 4:


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by Iris (administrator) on IRIS-PC on 02-03-2015 14:47:14
Running from C:\Users\Iris\Desktop
Loaded Profiles: Iris (Available profiles: Iris)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
(Fujitsu Technology Solutions) C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe
(Fujitsu) C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoUpdateCheck.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [PfNet] => C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6310912 2010-06-24] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [LoadFUJ02E3] => C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [162912 2009-07-08] (CyberLink Corp.)
HKLM-x32\...\Run: [DeskUpdateNotifier] => c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [97560 2010-10-13] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [AIS_MessageForYou] => C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe [1965056 2010-03-18] (Fujitsu)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-18] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Run: [Spotify Web Helper] => C:\Users\Iris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-24] (Spotify Ltd)
HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-25] (Google Inc.)
HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Run: [Spotify] => C:\Users\Iris\AppData\Roaming\Spotify\spotify.exe [6737976 2015-01-24] (Spotify Ltd)
HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
Startup: C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3450306727-158836411-271950113-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3450306727-158836411-271950113-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49461;https=127.0.0.1:49461
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3450306727-158836411-271950113-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3450306727-158836411-271950113-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3450306727-158836411-271950113-1001 -> {C612C47D-1465-4C0C-9B8D-E6A12DE7A613} URL = hxxp://www.bing.com/search?q={searchTerms}&r=711
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: ApppttoU -> {966aaa80-04b5-425e-bf92-1210e8b20af0} -> C:\Program Files (x86)\ApppttoU\ik6sagbY2Ht8i6.dll No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3450306727-158836411-271950113-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3450306727-158836411-271950113-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992
FF Keyword.URL: 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3450306727-158836411-271950113-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\searchplugins\trovi.xml
FF Extension: CinPlus-2.4c - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\0cd1569197354ecf9be03@d3ee3bc4210848f7b5a58324f064f.com [2015-03-02]
FF Extension: compatibilityaddonsmozillaorg - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\compatibility@addons.mozilla.org [2015-01-29]
FF Extension: Security Protection - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\detgdp@gmail.com [2014-12-31]
FF Extension: iWebar1.1 - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\ROUAILDE73397174@UXGZI17268980.com [2015-03-02]
FF Extension: youtubeit_aechiaragmailcom - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\youtubeit_aechiara@gmail.com [2015-02-24]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn [2012-08-25]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2 [2015-03-02]
FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\extensions\detgdp@gmail.com

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (bpconcjcammlapcogcnnelfmaeghhagj) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2014-10-02]
CHR Extension: (clikkblliffbbkffahjehcdeknmedelg) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\clikkblliffbbkffahjehcdeknmedelg [2015-02-24]
CHR Extension: (gdbfnafnalfjconpgenohfidcaeibkoc) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdbfnafnalfjconpgenohfidcaeibkoc [2015-01-25]
CHR Extension: (My Movie Magnet) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpljfflibaokjcndmchkfjalpjjblioc [2013-07-30]
CHR Extension: (Object Browser) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhdjhhpjicomphhjpehdhjenbaamdpnn [2015-01-29]
CHR Extension: (No Name) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\plgljbjjfdpaboeflppnamegkoohadeh [2015-02-02]
CHR HKLM\...\Chrome\Extension: [hpljfflibaokjcndmchkfjalpjjblioc] - C:\Users\Iris\AppData\Local\MyMovieMagnet.crx [2013-07-30]
CHR HKU\S-1-5-21-3450306727-158836411-271950113-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hpljfflibaokjcndmchkfjalpjjblioc] - C:\Users\Iris\AppData\Local\MyMovieMagnet.crx [2013-07-30]
CHR HKLM-x32\...\Chrome\Extension: [hpljfflibaokjcndmchkfjalpjjblioc] - C:\Users\Iris\AppData\Local\MyMovieMagnet.crx [2013-07-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 59191eaf; c:\Program Files (x86)\SystemLift\SystemLift.dll [1637376 2015-02-02] () [File not signed]
S2 AISConnect; C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe [32768 2009-01-26] () [File not signed]
S2 gsEyZbUfv; C:\ProgramData\EiTVjiBBmwA\gsEyZbUfv.exe [2726776 2014-11-09] (Time Lapse Solutions)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-11-01] (Intel Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [399432 2012-09-29] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [676936 2012-09-29] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [330240 2010-06-24] (FUJITSU LIMITED) [File not signed]
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-11-01] (Intel Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [1388120 2013-01-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-04] (Symantec Corporation)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130126.002\IDSvia64.sys [513184 2012-12-02] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130128.032\ENG64.SYS [126192 2013-01-23] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130128.032\EX64.SYS [2087664 2013-01-23] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-09-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
U2 wuaserv; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 14:43 - 2015-03-02 14:43 - 00031174 _____ () C:\ComboFix.txt
2015-03-02 14:22 - 2015-03-02 14:43 - 00000000 ____D () C:\Qoobox
2015-03-02 14:22 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-02 14:22 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-02 14:22 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-02 14:22 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-02 14:22 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-02 14:22 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-02 14:22 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-02 14:22 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-02 14:21 - 2015-03-02 14:40 - 00000000 ____D () C:\Windows\erdnt
2015-03-02 14:20 - 2015-03-02 14:20 - 00000081 _____ () C:\Users\Iris\AppData\Roaming\mbam.context.scan
2015-03-02 14:04 - 2015-03-02 14:04 - 05612482 ____R (Swearware) C:\Users\Iris\Desktop\ComboFix.exe
2015-03-02 13:48 - 2015-03-02 13:50 - 00000000 ____D () C:\Users\Iris\AppData\Local\ZombieInvasion
2015-02-03 01:47 - 2015-03-02 14:47 - 00000000 ____D () C:\Users\Iris\Desktop\FRST-OlderVersion
2015-02-03 00:22 - 2015-02-03 01:40 - 00000000 ____D () C:\AdwCleaner
2015-02-03 00:21 - 2015-02-03 00:18 - 02194432 _____ () C:\Users\Iris\Desktop\AdwCleaner_4.109.exe
2015-02-02 23:42 - 2015-02-02 23:47 - 00001270 _____ () C:\Users\Iris\Desktop\Revo Uninstaller.lnk
2015-02-02 23:42 - 2015-02-02 23:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-02 23:30 - 2015-02-02 23:30 - 00000000 ____D () C:\Program Files (x86)\YouTube Flags
2015-02-02 23:09 - 2015-02-02 23:09 - 00000000 ____D () C:\Program Files (x86)\SystemLift
2015-02-02 23:05 - 2015-02-02 23:05 - 00001166 _____ () C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-02 22:26 - 2015-02-02 22:26 - 00000000 ____D () C:\Program Files (x86)\GNotes Extension
2015-02-02 21:33 - 2015-02-02 21:33 - 00000687 _____ () C:\awh8B3E.tmp
2015-01-31 19:50 - 2015-02-03 01:50 - 00038542 _____ () C:\Users\Iris\Desktop\Addition.txt
2015-01-31 19:45 - 2015-03-02 14:47 - 00023516 _____ () C:\Users\Iris\Desktop\FRST.txt
2015-01-31 19:45 - 2015-03-02 14:47 - 00000000 ____D () C:\FRST
2015-01-31 19:43 - 2015-01-31 19:43 - 00000687 _____ () C:\awh9443.tmp
2015-01-31 16:01 - 2015-01-31 16:01 - 00000687 _____ () C:\awhFB6E.tmp
2015-01-31 13:42 - 2015-01-31 13:42 - 00000687 _____ () C:\awhE021.tmp
2015-01-31 13:26 - 2015-01-31 13:26 - 00000000 ____D () C:\Program Files (x86)\Contrast Theme for Gmail
2015-01-31 13:21 - 2015-01-31 13:21 - 00000687 _____ () C:\awh92BD.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 14:47 - 2015-01-30 00:40 - 02092544 _____ (Farbar) C:\Users\Iris\Desktop\FRST64.exe
2015-03-02 14:43 - 2012-08-25 12:47 - 00000000 ____D () C:\Users\TxR
2015-03-02 14:43 - 2012-08-25 12:47 - 00000000 ____D () C:\Users\systemprofile
2015-03-02 14:43 - 2012-08-25 12:47 - 00000000 ____D () C:\Users\RegBack
2015-03-02 14:43 - 2012-08-25 12:47 - 00000000 ____D () C:\Users\Journal
2015-03-02 14:43 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-03-02 14:39 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-02 14:25 - 2012-08-25 12:56 - 00000000 ____D () C:\Windows\System32\Tasks\Fujitsu
2015-03-02 14:22 - 2012-09-15 11:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-02 14:11 - 2012-08-25 12:41 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-02 14:03 - 2012-08-25 12:36 - 02022577 _____ () C:\Windows\WindowsUpdate.log
2015-03-02 14:01 - 2009-07-14 05:45 - 00031536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-02 14:01 - 2009-07-14 05:45 - 00031536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-02 13:47 - 2013-01-29 00:06 - 00000000 ___RD () C:\Users\Iris\Dropbox
2015-03-02 13:47 - 2013-01-29 00:02 - 00000000 ____D () C:\Users\Iris\AppData\Roaming\Dropbox
2015-03-02 13:46 - 2013-01-28 19:22 - 00000000 ____D () C:\Users\Iris\AppData\Roaming\Skype
2015-03-02 13:46 - 2012-11-05 19:10 - 00000000 ____D () C:\Users\Iris\AppData\Roaming\Spotify
2015-03-02 13:44 - 2012-08-25 12:41 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-02 13:44 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-02 13:44 - 2009-07-14 05:51 - 00105113 _____ () C:\Windows\setupact.log
2015-02-24 01:22 - 2012-09-15 11:26 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-24 01:22 - 2012-09-15 11:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-24 01:22 - 2012-09-15 11:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-24 00:25 - 2013-01-29 00:06 - 00001021 _____ () C:\Users\Iris\Desktop\Dropbox.lnk
2015-02-24 00:25 - 2013-01-29 00:03 - 00000000 ____D () C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-24 00:22 - 2012-11-05 19:10 - 00000000 ____D () C:\Users\Iris\AppData\Local\Spotify
2015-02-24 00:19 - 2009-07-14 05:45 - 00416312 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-03 01:42 - 2010-11-21 04:47 - 00217586 _____ () C:\Windows\PFRO.log
2015-02-03 01:35 - 2012-09-18 00:03 - 00000000 ____D () C:\Users\Iris\AppData\Local\CrashDumps
2015-02-03 01:33 - 2009-07-14 06:08 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-03 00:25 - 2012-08-25 12:50 - 00000000 ____D () C:\Users\Iris
2015-02-02 23:06 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-02 23:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-02-02 22:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-02 22:42 - 2012-12-27 13:15 - 00000000 ____D () C:\Program Files (x86)\Amazon
2015-02-02 22:30 - 2014-10-25 19:41 - 00002102 _____ () C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-02-02 22:30 - 2012-09-18 18:31 - 00001136 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-02 22:30 - 2012-09-15 11:29 - 00001154 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-02 22:30 - 2012-08-25 12:59 - 00001411 _____ () C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-02-02 22:30 - 2012-08-25 12:58 - 00001445 _____ () C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-02 22:29 - 2012-09-18 18:31 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-02 22:09 - 2014-09-28 19:27 - 00000000 ___HD () C:\Users\Public\Temp
2015-02-02 21:47 - 2013-07-26 23:47 - 00000092 _____ () C:\Users\Iris\AppData\Roaming\WB.CFG
2015-02-02 21:37 - 2013-12-13 23:20 - 01788292 _____ () C:\Windows\IE11_main.log

==================== Files in the root of some directories =======

2014-11-09 20:30 - 2014-11-09 20:30 - 1528736 _____ (Object Browser) C:\Users\Iris\AppData\Roaming\BNH.exe
2014-11-09 20:29 - 2014-11-09 20:29 - 2025376 _____ (Object Browser) C:\Users\Iris\AppData\Roaming\DCIEUTUC.exe
2015-03-02 14:20 - 2015-03-02 14:20 - 0000081 _____ () C:\Users\Iris\AppData\Roaming\mbam.context.scan
2013-07-26 23:47 - 2015-02-02 21:47 - 0000092 _____ () C:\Users\Iris\AppData\Roaming\WB.CFG
2013-07-06 13:54 - 2013-07-06 13:54 - 0000005 _____ () C:\Users\Iris\AppData\Roaming\WBPU-Q3-TTL.DAT
2013-07-09 19:52 - 2013-07-09 19:52 - 0000005 _____ () C:\Users\Iris\AppData\Roaming\WBPU-Q4-TTL.DAT
2013-07-15 16:56 - 2014-01-03 00:55 - 0000005 _____ () C:\Users\Iris\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-06-26 12:47 - 2014-01-31 08:47 - 0000005 _____ () C:\Users\Iris\AppData\Roaming\WBPU-TTL.DAT
2013-07-30 23:50 - 2013-07-30 23:50 - 0081402 _____ () C:\Users\Iris\AppData\Local\MyMovieMagnet.crx

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 02:20

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-02-2015
Ran by Iris at 2015-03-02 14:48:11
Running from C:\Users\Iris\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AIS Connect (HKLM-x32\...\AIS Connect) (Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH)
AIS Connect (x32 Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH) Hidden
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ApppttoU (HKLM-x32\...\{01B91C29-337A-1FFD-7CFC-473451D2F861}) (Version:  - ApptoU) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Contrast Theme for Gmail (HKLM-x32\...\{BA5D43C9-D633-D0EC-CFEA-2ABA974B333D}) (Version:  - "")
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1908.7636 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeskUpdate 4.11 (HKLM-x32\...\DeskUpdate_is1) (Version: 4.11.0074 - Fujitsu Technology Solutions)
Dropbox (HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Free Studio version 5.7.3.917 (HKLM-x32\...\Free Studio_is1) (Version: 5.7.3.917 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.33.1005 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.33.1005 - DVDVideoSoft Ltd.)
Fujitsu Display Manager (HKLM-x32\...\InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}) (Version:  - )
Fujitsu Display Manager (Version: 7.01.00.210 - FUJITSU LIMITED) Hidden
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}) (Version: 3.60.1.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.60.1.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version:  - )
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.000 - Ihr Firmenname) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version:  - )
Fujitsu System Extension Utility (Version: 3.1.1.0 - FUJITSU LIMITED) Hidden
GNotes Extension (HKLM-x32\...\{7BCAC0EB-3993-2416-0531-848C39DF8B65}) (Version:  - "") <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2025 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{5FE78439-7CAA-45FE-A808-2D7A0FC98643}) (Version: 11.0.2.25 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LifeBook Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version:  - )
LifeBook Application Panel (Version: 8.1.0.0 - FUJITSU LIMITED) Hidden
Malwarebytes Anti-Malware Version 1.65.1.1000 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.65.1.1000 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.7.2.3 - Symantec Corporation)
PDF24 Creator 5.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 5.3.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (Version: 5.3.001 - FUJITSU LIMITED) Hidden
Power Saving Utility (HKLM-x32\...\InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}) (Version:  - )
Power Saving Utility (Version: 31.01.11.013 - FUJITSU LIMITED) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30087 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
TuneUp Utilities 2012 (HKLM-x32\...\TuneUp Utilities 2012) (Version: 12.0.3600.73 - TuneUp Software)
TuneUp Utilities 2012 (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

31-12-2014 14:43:04 Windows Update
31-12-2014 14:47:39 Windows Modules Installer
24-01-2015 11:23:44 Windows Update
24-01-2015 11:31:26 Windows Update
25-01-2015 03:12:53 Windows Update
29-01-2015 11:46:43 Windows Update
30-01-2015 00:01:27 Windows Update
31-01-2015 13:23:08 Windows Update
31-01-2015 13:23:08 Windows Update
31-01-2015 14:01:51 Windows Update
02-02-2015 21:32:03 Windows Update
02-02-2015 21:32:03 Windows Update
02-02-2015 21:33:31 Removed Delta Chrome Toolbar
02-02-2015 21:46:28 Removed eBay
02-02-2015 23:42:54 Revo Uninstaller's restore point - DiscountLOcator
02-02-2015 23:47:08 Revo Uninstaller's restore point - DiscountLOcator
02-02-2015 23:48:48 Revo Uninstaller's restore point - Financial Times News Feed
02-02-2015 23:50:14 Revo Uninstaller's restore point - DiscountLOcator
02-02-2015 23:51:57 Revo Uninstaller's restore point - PotatoSmile
02-02-2015 23:54:12 Revo Uninstaller's restore point - SalesChhecker
02-02-2015 23:56:31 Revo Uninstaller's restore point - Web Protect for Windows
24-02-2015 00:27:17 Windows Update
24-02-2015 00:27:17 Windows Update
02-03-2015 13:57:31 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-03-02 14:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E6AA818-5BFA-4F03-883C-5FCF6A91EC65} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {3D61946B-23BE-42F2-A9DE-54450EA48419} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {450A4E0B-A288-4CCC-9D6C-BFCB50FA2186} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-24] (Adobe Systems Incorporated)
Task: {519F2A36-5F5A-4795-B03F-0A7202F5EFB5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {60DFF8E0-C4B6-488B-8031-28526C9F4C52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-25] (Google Inc.)
Task: {8C87204A-94CC-43A4-99FD-E026397614C5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BC27A4D8-5960-45B0-95B0-AB399C32C614} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {E044AD13-0F00-42E1-ADC0-B9BCE2CB5970} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2012-05-29] (TuneUp Software)
Task: {E57DCCFA-155A-4510-909B-EE72BC0A842C} - System32\Tasks\Fujitsu\DeskUpdate => c:\Fujitsu\Programs\DeskUpdate\ducmd.exe [2010-10-13] (Fujitsu Technology Solutions)
Task: {FE922BD5-19C5-4753-B863-65E979E82ECC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-25] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-08-27 20:33 - 2012-08-27 20:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 20:33 - 2012-08-27 20:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-14 14:26 - 2014-09-25 19:57 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3450306727-158836411-271950113-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3450306727-158836411-271950113-500 - Administrator - Disabled)
Gast (S-1-5-21-3450306727-158836411-271950113-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3450306727-158836411-271950113-1002 - Limited - Enabled)
Iris (S-1-5-21-3450306727-158836411-271950113-1001 - Administrator - Enabled) => C:\Users\Iris

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/02/2015 01:45:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2015 00:20:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2015 01:44:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2015 01:35:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Skype.exe, Version: 6.20.0.104, Zeitstempel: 0x53fd9215
Name des fehlerhaften Moduls: Skype.exe, Version: 6.20.0.104, Zeitstempel: 0x53fd9215
Ausnahmecode: 0x40000015
Fehleroffset: 0x00c079fe
ID des fehlerhaften Prozesses: 0x8b8
Startzeit der fehlerhaften Anwendung: 0xSkype.exe0
Pfad der fehlerhaften Anwendung: Skype.exe1
Pfad des fehlerhaften Moduls: Skype.exe2
Berichtskennung: Skype.exe3

Error: (02/03/2015 01:34:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2015 01:33:36 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (02/03/2015 01:29:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2015 01:28:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Skype.exe, Version: 6.20.0.104, Zeitstempel: 0x53fd9215
Name des fehlerhaften Moduls: Skype.exe, Version: 6.20.0.104, Zeitstempel: 0x53fd9215
Ausnahmecode: 0x40000015
Fehleroffset: 0x00c079fe
ID des fehlerhaften Prozesses: 0x968
Startzeit der fehlerhaften Anwendung: 0xSkype.exe0
Pfad der fehlerhaften Anwendung: Skype.exe1
Pfad des fehlerhaften Moduls: Skype.exe2
Berichtskennung: Skype.exe3

Error: (02/03/2015 01:26:25 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (02/03/2015 01:16:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514, Zeitstempel: 0x4ce7ae7f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x5315a05a
Ausnahmecode: 0x0000046b
Fehleroffset: 0x000000000000940d
ID des fehlerhaften Prozesses: 0x80c
Startzeit der fehlerhaften Anwendung: 0xwmpnetwk.exe0
Pfad der fehlerhaften Anwendung: wmpnetwk.exe1
Pfad des fehlerhaften Moduls: wmpnetwk.exe2
Berichtskennung: wmpnetwk.exe3


System errors:
=============
Error: (03/02/2015 02:38:57 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (03/02/2015 02:36:18 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (03/02/2015 02:32:16 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (03/02/2015 02:24:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AIS Connect Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/02/2015 02:21:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "gsEyZbUfv" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/02/2015 01:50:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (03/02/2015 01:46:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bluetooth-Unterstützungsdienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (03/02/2015 01:46:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth-Unterstützungsdienst erreicht.

Error: (02/24/2015 00:29:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Internet Explorer 11 für Windows 7 für x64-basierte Systeme

Error: (02/24/2015 00:22:41 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "MANUEL-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{E9CC9E2C-DA11-431A-8FC2-902B8166105B}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office Sessions:
=========================
Error: (03/02/2015 01:45:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2015 00:20:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2015 01:44:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2015 01:35:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe6.20.0.10453fd9215Skype.exe6.20.0.10453fd92154000001500c079fe8b801d03f4922a495c9C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Skype\Phone\Skype.exe84580c85-ab3c-11e4-a552-e0ca94beb0f6

Error: (02/03/2015 01:34:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2015 01:33:36 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (02/03/2015 01:29:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2015 01:28:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe6.20.0.10453fd9215Skype.exe6.20.0.10453fd92154000001500c079fe96801d03f4822dbdde5C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Skype\Phone\Skype.exe8329e853-ab3b-11e4-a585-e0ca94beb0f6

Error: (02/03/2015 01:26:25 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (02/03/2015 01:16:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmpnetwk.exe12.0.7601.175144ce7ae7fKERNELBASE.dll6.1.7601.184095315a05a0000046b000000000000940d80c01d03f466b5d5c6eC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\KERNELBASE.dllde5720bc-ab39-11e4-8bab-e0ca94beb0f6


CodeIntegrity Errors:
===================================
  Date: 2015-03-02 14:36:18.022
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-02 14:36:17.850
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-02 22:12:58.659
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-02 22:12:58.481
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-02 22:04:36.712
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-02 22:04:36.493
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-02 21:34:28.489
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-02 21:34:28.302
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-02 21:26:56.727
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-02 21:26:56.555
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 53%
Total physical RAM: 3892.55 MB
Available physical RAM: 1827.94 MB
Total Pagefile: 7783.29 MB
Available Pagefile: 5680.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:463.76 GB) (Free:187.89 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F424250E)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=463.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 02.03.2015, 21:28   #13
Bootsektor
/// TB-Ausbilder
 
Searchpage/genesis offers/ thanksforthedownload etc. - Standard

Searchpage/genesis offers/ thanksforthedownload etc.



Hallo,

was machst du da immer mit... das ist ja schon wieder voll mit Adware.
Schritt 1
Bitte deinstalliere folgende Programme (falls vorhanden) :
ApppttoU
GNotes Extension

Dazu gehe auf:
den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen

Falls du ein Programm nicht deinstallieren kannst, lade dir von hier den Revo-uninstaller herunter und deinstalliere es damit, wähle dabei den moderaten Modus.

Schritt 2

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3450306727-158836411-271950113-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3450306727-158836411-271950113-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49461;https=127.0.0.1:49461
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: ApppttoU -> {966aaa80-04b5-425e-bf92-1210e8b20af0} -> C:\Program Files (x86)\ApppttoU\ik6sagbY2Ht8i6.dll No File
FF SearchPlugin: C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\searchplugins\trovi.xml
FF Extension: CinPlus-2.4c - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\0cd1569197354ecf9be03@d3ee3bc4210848f7b5a58324f064f.com [2015-03-02]
FF Extension: Security Protection - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\detgdp@gmail.com [2014-12-31]
FF Extension: iWebar1.1 - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\ROUAILDE73397174@UXGZI17268980.com [2015-03-02]
FF Extension: youtubeit_aechiaragmailcom - FF Extension: youtubeit_aechiaragmailcom - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\youtubeit_aechiara@gmail.com [2015-02-24][2015-02-24]
FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\extensions\detgdp@gmail.com
CHR Extension: (No Name) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\plgljbjjfdpaboeflppnamegkoohadeh [2015-02-02]
CHR HKLM\...\Chrome\Extension: [hpljfflibaokjcndmchkfjalpjjblioc] - C:\Users\Iris\AppData\Local\MyMovieMagnet.crx [2013-07-30]
CHR HKU\S-1-5-21-3450306727-158836411-271950113-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hpljfflibaokjcndmchkfjalpjjblioc] - C:\Users\Iris\AppData\Local\MyMovieMagnet.crx [2013-07-30]
CHR HKLM-x32\...\Chrome\Extension: [hpljfflibaokjcndmchkfjalpjjblioc] - C:\Users\Iris\AppData\Local\MyMovieMagnet.crx [2013-07-30]
S2 59191eaf; c:\Program Files (x86)\SystemLift\SystemLift.dll [1637376 2015-02-02] () [File not signed]
S2 gsEyZbUfv; C:\ProgramData\EiTVjiBBmwA\gsEyZbUfv.exe [2726776 2014-11-09] (Time Lapse Solutions)
C:\Users\Iris\AppData\Local\MyMovieMagnet.crx
C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\plgljbjjfdpaboeflppnamegkoohadeh 
C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\youtubeit_aechiara@gmail.com 
C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\extensions\detgdp@gmail.com
C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\youtubeit_aechiara@gmail.com 
C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\ROUAILDE73397174@UXGZI17268980.com 
C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\0cd1569197354ecf9be03@d3ee3bc4210848f7b5a58324f064f.com 
C:\Program Files (x86)\ApppttoU
C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\detgdp@gmail.com
c:\Program Files (x86)\SystemLift\SystemLift.dll 
C:\ProgramData\EiTVjiBBmwA\gsEyZbUfv.exe
REG: reg query "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
REG: reg query "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections"
emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 3
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Klicke im Anschluss auf Suchlauf, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf jetzt starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Aktionen anwenden.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Wähle Exportieren auf Textdatei (.txt) und speichere die Datei als mbam.txt auf dem Desktop ab.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 4
Starte noch einmal FRST.
  • Setze den Haken bei addition.txt und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
  • Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

Alt 16.06.2015, 18:17   #14
Irissss
 
Searchpage/genesis offers/ thanksforthedownload etc. - Standard

Searchpage/genesis offers/ thanksforthedownload etc.



Hallo Sandra,

riesengroßes Sorry dass ich mich jetzt erst wieder melde!! Ich werde die nächsten Male nicht mehr als eine Woche verstreichen lassen bis ich die Schritte durchgeführt habe.
Also weiter im Text:

Ich habe keine Ahnung wieso der jetzt wieder voll mit Adware ist.. Hab ihn ganz normal benutzt

Zu Schritt 1: leider konnte ich weder über "systemsteuerung" noch über den Revouninstaller GNotes Extension deinstallieren. Das Programm ist trotzdem noch drauf.

Schritt 2:

Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Iris at 2015-06-16 16:20:44 Run:2
Running from C:\Users\Iris\Desktop
Loaded Profiles: Iris (Available Profiles: Iris)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3450306727-158836411-271950113-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3450306727-158836411-271950113-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49461;https=127.0.0.1:49461
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: ApppttoU -> {966aaa80-04b5-425e-bf92-1210e8b20af0} -> C:\Program Files (x86)\ApppttoU\ik6sagbY2Ht8i6.dll No File
FF SearchPlugin: C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\searchplugins\trovi.xml
FF Extension: CinPlus-2.4c - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\0cd1569197354ecf9be03@d3ee3bc4210848f7b5a58324f064f.com [2015-03-02]
FF Extension: Security Protection - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\detgdp@gmail.com [2014-12-31]
FF Extension: iWebar1.1 - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\ROUAILDE73397174@UXGZI17268980.com [2015-03-02]
FF Extension: youtubeit_aechiaragmailcom - FF Extension: youtubeit_aechiaragmailcom - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\youtubeit_aechiara@gmail.com [2015-02-24][2015-02-24]
FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\extensions\detgdp@gmail.com
CHR Extension: (No Name) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\plgljbjjfdpaboeflppnamegkoohadeh [2015-02-02]
CHR HKLM\...\Chrome\Extension: [hpljfflibaokjcndmchkfjalpjjblioc] - C:\Users\Iris\AppData\Local\MyMovieMagnet.crx [2013-07-30]
CHR HKU\S-1-5-21-3450306727-158836411-271950113-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hpljfflibaokjcndmchkfjalpjjblioc] - C:\Users\Iris\AppData\Local\MyMovieMagnet.crx [2013-07-30]
CHR HKLM-x32\...\Chrome\Extension: [hpljfflibaokjcndmchkfjalpjjblioc] - C:\Users\Iris\AppData\Local\MyMovieMagnet.crx [2013-07-30]
S2 59191eaf; c:\Program Files (x86)\SystemLift\SystemLift.dll [1637376 2015-02-02] () [File not signed]
S2 gsEyZbUfv; C:\ProgramData\EiTVjiBBmwA\gsEyZbUfv.exe [2726776 2014-11-09] (Time Lapse Solutions)
C:\Users\Iris\AppData\Local\MyMovieMagnet.crx
C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\plgljbjjfdpaboeflppnamegkoohadeh 
C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\youtubeit_aechiara@gmail.com 
C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\extensions\detgdp@gmail.com
C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\youtubeit_aechiara@gmail.com 
C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\ROUAILDE73397174@UXGZI17268980.com 
C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\0cd1569197354ecf9be03@d3ee3bc4210848f7b5a58324f064f.com 
C:\Program Files (x86)\ApppttoU
C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\detgdp@gmail.com
c:\Program Files (x86)\SystemLift\SystemLift.dll 
C:\ProgramData\EiTVjiBBmwA\gsEyZbUfv.exe
REG: reg query "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
REG: reg query "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections"
emptytemp:
         


*****************

HKLM\SOFTWARE\Policies\Google => key not found. 
HKU\S-1-5-21-3450306727-158836411-271950113-1001\SOFTWARE\Policies\Google => key not found. 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\S-1-5-21-3450306727-158836411-271950113-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{966aaa80-04b5-425e-bf92-1210e8b20af0} => key not found. 
HKCR\Wow6432Node\CLSID\{966aaa80-04b5-425e-bf92-1210e8b20af0} => key not found. 
"FF SearchPlugin: C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\searchplugins\trovi.xml" => not found.
C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\0cd1569197354ecf9be03@d3ee3bc4210848f7b5a58324f064f.com not found.
C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\detgdp@gmail.com not found.
C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\ROUAILDE73397174@UXGZI17268980.com not found.
C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\youtubeit_aechiara@gmail.com not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\detgdp@gmail.com => value not found.
C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\plgljbjjfdpaboeflppnamegkoohadeh folder not found
HKLM\SOFTWARE\Google\Chrome\Extensions\hpljfflibaokjcndmchkfjalpjjblioc => key not found. 
"C:\Users\Iris\AppData\Local\MyMovieMagnet.crx" => File/Folder not found.
HKU\S-1-5-21-3450306727-158836411-271950113-1001\SOFTWARE\Google\Chrome\Extensions\hpljfflibaokjcndmchkfjalpjjblioc => key not found. 
"C:\Users\Iris\AppData\Local\MyMovieMagnet.crx" => File/Folder not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hpljfflibaokjcndmchkfjalpjjblioc => key not found. 
"C:\Users\Iris\AppData\Local\MyMovieMagnet.crx" => File/Folder not found.
59191eaf => Service not found.
gsEyZbUfv => Service not found.
"C:\Users\Iris\AppData\Local\MyMovieMagnet.crx" => File/Folder not found.
"C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\plgljbjjfdpaboeflppnamegkoohadeh" => File/Folder not found.
"C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\youtubeit_aechiara@gmail.com" => File/Folder not found.
"C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\extensions\detgdp@gmail.com" => File/Folder not found.
"C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\youtubeit_aechiara@gmail.com" => File/Folder not found.
"C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\ROUAILDE73397174@UXGZI17268980.com" => File/Folder not found.
"C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\0cd1569197354ecf9be03@d3ee3bc4210848f7b5a58324f064f.com" => File/Folder not found.
"C:\Program Files (x86)\ApppttoU" => File/Folder not found.
"C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\detgdp@gmail.com" => File/Folder not found.
"c:\Program Files (x86)\SystemLift\SystemLift.dll" => File/Folder not found.
"C:\ProgramData\EiTVjiBBmwA\gsEyZbUfv.exe" => File/Folder not found.

========= reg query "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings" =========


HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    EnableNegotiate    REG_DWORD    0x1
    User Agent    REG_SZ    Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    IE5_UA_Backup_Flag    REG_SZ    5.0
    ZonesSecurityUpgrade    REG_BINARY    B6A118893F04CA01
    ProxyOverride    REG_SZ    <-loopback>

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones


========= End of Reg: =========


========= reg query "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" =========


HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings    REG_BINARY    46000000FF080000030000002A000000687474703D3132372E302E302E313A34393436313B68747470733D3132372E302E302E313A34393436310B0000003C2D6C6F6F706261636B3E000000000000000000000000721064A417D5CF010000000000000000000000000200000002000000C0A801120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000200100009D386ABD3404177AA27E80A10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    DefaultConnectionSettings    REG_BINARY    4600000006030000030000002A000000687474703D3132372E302E302E313A34393436313B68747470733D3132372E302E302E313A34393436310B0000003C2D6C6F6F706261636B3E000000000000000000000000721064A417D5CF010000000000000000000000000200000002000000C0A801120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000200100009D386ABD3404177AA27E80A10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000



========= End of Reg: =========

EmptyTemp: => 752.7 MB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 16:22:50 ====
         
Schritt 3

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Update, 16.06.2015 17:56:32, SYSTEM, IRIS-PC, Manual, Remediation Database, 2015.3.9.1, 2015.6.15.1, 
Update, 16.06.2015 17:56:32, SYSTEM, IRIS-PC, Manual, IP Database, 0.0.0.0, 2015.6.12.1, 
Update, 16.06.2015 17:56:32, SYSTEM, IRIS-PC, Manual, Domain Database, 0.0.0.0, 2015.6.12.1, 
Update, 16.06.2015 17:56:32, SYSTEM, IRIS-PC, Manual, Rootkit Database, 2015.2.25.1, 2015.6.15.1, 
Update, 16.06.2015 17:56:39, SYSTEM, IRIS-PC, Manual, Malware Database, 2015.3.9.5, 2015.6.16.4, 
Scan, 16.06.2015 18:47:06, SYSTEM, IRIS-PC, Manual, Start: 16.06.2015 17:57:06, Dauer: 42 Minuten 58 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "252" nicht-Malwareerkennung, 
Error, 16.06.2015 18:50:16, SYSTEM, IRIS-PC, Protection, IsLicensed, 13, 
Protection, 16.06.2015 18:50:16, SYSTEM, IRIS-PC, Protection, Malware Protection, Stopping, 
Protection, 16.06.2015 18:50:16, SYSTEM, IRIS-PC, Protection, Malware Protection, Stopped, 

(end)
         
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 16.06.2015
Suchlauf-Zeit: 17:57:06
Logdatei: mbam2.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.16.04
Rootkit Datenbank: v2015.06.15.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Iris

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 486566
Verstrichene Zeit: 42 Min, 58 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert
         
schritt 4:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Iris (administrator) on IRIS-PC on 16-06-2015 19:05:08
Running from C:\Users\Iris\Desktop
Loaded Profiles: Iris (Available Profiles: Iris)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Spotify Ltd) C:\Users\Iris\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\Iris\AppData\Roaming\Spotify\Spotify.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
(Dropbox, Inc.) C:\Users\Iris\AppData\Roaming\Dropbox\bin\Dropbox.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
(Fujitsu Technology Solutions) C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe
(Fujitsu) C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
(Spotify Ltd) C:\Users\Iris\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Iris\AppData\Roaming\Spotify\Spotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [PfNet] => C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6310912 2010-06-24] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [LoadFUJ02E3] => C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [162912 2009-07-08] (CyberLink Corp.)
HKLM-x32\...\Run: [DeskUpdateNotifier] => c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [97560 2010-10-13] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [AIS_MessageForYou] => C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe [1965056 2010-03-18] (Fujitsu)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-18] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Run: [Spotify Web Helper] => C:\Users\Iris\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-06-16] (Spotify Ltd)
HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-25] (Google Inc.)
HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Run: [Spotify] => C:\Users\Iris\AppData\Roaming\Spotify\Spotify.exe [7323192 2015-06-16] (Spotify Ltd)
Startup: C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-06-28]
ShortcutTarget: Dropbox.lnk -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:49461;https=127.0.0.1:49461
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3450306727-158836411-271950113-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3450306727-158836411-271950113-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG
SearchScopes: HKU\S-1-5-21-3450306727-158836411-271950113-1001 -> {C612C47D-1465-4C0C-9B8D-E6A12DE7A613} URL = hxxp://www.bing.com/search?q={searchTerms}&r=711
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-06-16] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL [2011-03-31] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-06-16] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-06-16] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-06-16] (Google Inc.)
Toolbar: HKU\S-1-5-21-3450306727-158836411-271950113-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3450306727-158836411-271950113-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-06-16] (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992
FF Keyword.URL: 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-01-09] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3450306727-158836411-271950113-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll [2012-12-07] (Amazon.com, Inc.)
FF Extension: compatibilityaddonsmozillaorg - C:\Users\Iris\AppData\Roaming\Mozilla\Firefox\Profiles\26b5hbxq.default-1412446074992\Extensions\compatibility@addons.mozilla.org [2015-01-29]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn [2012-08-25]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2 [2015-06-16]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-19]
CHR Extension: (Google Docs) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-19]
CHR Extension: (Google Drive) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-19]
CHR Extension: (YouTube) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-19]
CHR Extension: (Google Search) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-19]
CHR Extension: (Google Sheets) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-19]
CHR Extension: (Gmail) - C:\Users\Iris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AISConnect; C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe [32768 2009-01-26] () [File not signed]
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-11-01] (Intel Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [330240 2010-06-24] (FUJITSU LIMITED) [File not signed]
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-11-01] (Intel Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [1388120 2013-01-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-01-23] (Symantec Corporation)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130126.002\IDSvia64.sys [513184 2012-12-02] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-16] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130128.032\ENG64.SYS [126192 2013-01-23] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130128.032\EX64.SYS [2087664 2013-01-23] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-09-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
U2 wuaserv; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-16 19:02 - 2015-06-16 19:02 - 00062724 _____ C:\Users\Iris\Desktop\mbam2.txt
2015-06-16 19:00 - 2015-06-16 19:00 - 00001009 _____ C:\Users\Iris\Desktop\mbam.txt
2015-06-16 17:56 - 2015-06-16 18:58 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-16 17:56 - 2015-06-16 17:56 - 00001108 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-16 17:56 - 2015-06-16 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-16 17:56 - 2015-06-16 17:56 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-16 17:56 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-16 17:56 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-16 17:53 - 2015-06-16 17:53 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Iris\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-16 14:42 - 2015-06-16 17:44 - 00000000 ____D C:\ProgramData\7fee0af45c734d07
2015-06-15 15:23 - 2015-06-15 15:23 - 00000000 ____D C:\Users\Iris\AppData\Local\{B0C300E8-8885-4C47-ACAD-F42A948553C0}
2015-06-15 11:44 - 2015-06-15 11:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-15 10:37 - 2015-06-15 10:37 - 00003026 _____ C:\Windows\avmadd32.log
2015-06-15 10:37 - 2015-06-15 10:37 - 00002542 _____ C:\Windows\avmadd321.log
2015-06-15 10:37 - 2015-06-15 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Box
2015-06-15 10:37 - 2015-06-15 10:37 - 00000000 ____D C:\Program Files (x86)\FRITZ!BoxPrint
2015-06-15 10:37 - 2015-06-15 10:37 - 00000000 ____D C:\Program Files (x86)\FRITZ!Box
2015-06-15 10:37 - 2006-12-14 14:42 - 00069120 ____R (AVM Berlin) C:\Windows\SysWOW64\avmadd32.dll
2015-06-15 10:37 - 2006-05-29 03:00 - 00016384 ____R (AVM Berlin GmbH) C:\Windows\SysWOW64\avmprmon.dll
2015-06-15 10:26 - 2015-06-15 10:26 - 00017480 _____ C:\Windows\AVMInstall.Log
2015-06-15 10:26 - 2015-06-15 10:26 - 00000370 _____ C:\Windows\avmacc.log
2015-06-15 10:26 - 2015-06-15 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN
2015-06-15 10:26 - 2015-06-15 10:26 - 00000000 ____D C:\Program Files (x86)\avmwlanstick
2015-06-15 10:12 - 2015-06-15 10:12 - 00000000 ____D C:\Users\Iris\AppData\Local\Apps\2.0

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-16 19:06 - 2015-01-31 20:45 - 00022654 _____ C:\Users\Iris\Desktop\FRST.txt
2015-06-16 19:05 - 2015-01-31 20:45 - 00000000 ____D C:\FRST
2015-06-16 19:03 - 2012-08-25 13:36 - 01556892 _____ C:\Windows\WindowsUpdate.log
2015-06-16 19:00 - 2009-07-14 06:45 - 00031536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-16 19:00 - 2009-07-14 06:45 - 00031536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-16 18:53 - 2013-01-29 01:06 - 00000000 ___RD C:\Users\Iris\Dropbox
2015-06-16 18:53 - 2013-01-29 01:02 - 00000000 ____D C:\Users\Iris\AppData\Roaming\Dropbox
2015-06-16 18:52 - 2013-01-28 20:22 - 00000000 ____D C:\Users\Iris\AppData\Roaming\Skype
2015-06-16 18:52 - 2012-11-05 20:10 - 00000000 ____D C:\Users\Iris\AppData\Roaming\Spotify
2015-06-16 18:51 - 2012-11-05 20:10 - 00000000 ____D C:\Users\Iris\AppData\Local\Spotify
2015-06-16 18:50 - 2012-08-25 13:41 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-16 18:50 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-16 18:50 - 2009-07-14 06:45 - 00416312 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-16 18:49 - 2010-11-21 05:47 - 00243108 _____ C:\Windows\PFRO.log
2015-06-16 18:49 - 2009-07-14 06:51 - 00105841 _____ C:\Windows\setupact.log
2015-06-16 18:47 - 2015-02-03 00:30 - 00000000 ____D C:\Program Files (x86)\YouTube Flags
2015-06-16 18:47 - 2015-02-02 23:26 - 00000000 ____D C:\Program Files (x86)\GNotes Extension
2015-06-16 18:47 - 2015-01-31 14:26 - 00000000 ____D C:\Program Files (x86)\Contrast Theme for Gmail
2015-06-16 18:22 - 2012-09-15 12:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-16 18:17 - 2012-08-25 13:41 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-16 17:56 - 2012-12-04 02:26 - 00000000 ____D C:\Users\Iris\AppData\Roaming\Malwarebytes
2015-06-16 17:56 - 2012-12-04 02:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-16 17:56 - 2012-12-04 02:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-06-16 16:25 - 2012-09-18 19:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-16 16:23 - 2012-09-15 12:29 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-16 16:12 - 2012-08-25 13:41 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-16 16:12 - 2012-08-25 13:41 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-16 15:46 - 2012-09-18 01:03 - 00000000 ____D C:\Users\Iris\AppData\Local\CrashDumps
2015-06-16 15:45 - 2015-02-03 00:09 - 00000000 ____D C:\Program Files (x86)\SystemLift
2015-06-16 15:43 - 2015-02-03 02:47 - 00000000 ____D C:\Users\Iris\Desktop\FRST-OlderVersion
2015-06-16 15:43 - 2015-01-30 01:40 - 02109952 _____ (Farbar) C:\Users\Iris\Desktop\FRST64.exe
2015-06-16 14:22 - 2012-09-15 12:26 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-16 14:22 - 2012-09-15 12:26 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-16 14:22 - 2012-09-15 12:26 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-16 13:23 - 2013-12-14 00:20 - 01838573 _____ C:\Windows\IE11_main.log
2015-06-15 17:04 - 2012-12-19 18:30 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-06-15 13:58 - 2015-03-19 00:33 - 00000020 _____ C:\Users\Iris\AppData\Roaming\appdataFr3.bin
2015-06-15 13:32 - 2011-02-14 14:57 - 00699666 _____ C:\Windows\system32\perfh007.dat
2015-06-15 13:32 - 2011-02-14 14:57 - 00149774 _____ C:\Windows\system32\perfc007.dat
2015-06-15 13:32 - 2009-07-14 07:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-15 11:28 - 2012-08-25 13:56 - 00000000 ____D C:\Windows\System32\Tasks\Fujitsu

==================== Files in the root of some directories =======

2015-03-19 00:33 - 2015-06-15 13:58 - 0000020 _____ () C:\Users\Iris\AppData\Roaming\appdataFr3.bin
2015-03-02 15:20 - 2015-03-02 15:20 - 0000081 _____ () C:\Users\Iris\AppData\Roaming\mbam.context.scan
2013-07-27 00:47 - 2015-02-02 22:47 - 0000092 _____ () C:\Users\Iris\AppData\Roaming\WB.CFG
2013-07-06 14:54 - 2013-07-06 14:54 - 0000005 _____ () C:\Users\Iris\AppData\Roaming\WBPU-Q3-TTL.DAT
2013-07-09 20:52 - 2013-07-09 20:52 - 0000005 _____ () C:\Users\Iris\AppData\Roaming\WBPU-Q4-TTL.DAT
2013-07-15 17:56 - 2014-01-03 01:55 - 0000005 _____ () C:\Users\Iris\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-06-26 13:47 - 2014-01-31 09:47 - 0000005 _____ () C:\Users\Iris\AppData\Roaming\WBPU-TTL.DAT

Some files in TEMP:
====================
C:\Users\Iris\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5tdqnm.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-06 21:27

==================== End of log ============================
         
Addition:

[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Iris at 2015-06-16 19:07:06
Running from C:\Users\Iris\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3450306727-158836411-271950113-500 - Administrator - Disabled)
Gast (S-1-5-21-3450306727-158836411-271950113-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3450306727-158836411-271950113-1002 - Limited - Enabled)
Iris (S-1-5-21-3450306727-158836411-271950113-1001 - Administrator - Enabled) => C:\Users\Iris

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
AIS Connect (HKLM-x32\...\AIS Connect) (Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH)
AIS Connect (x32 Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH) Hidden
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1908.7636 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeskUpdate 4.11 (HKLM-x32\...\DeskUpdate_is1) (Version: 4.11.0074 - Fujitsu Technology Solutions)
Dropbox (HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Free Studio version 5.7.3.917 (HKLM-x32\...\Free Studio_is1) (Version: 5.7.3.917 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.33.1005 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.33.1005 - DVDVideoSoft Ltd.)
Fujitsu Display Manager (HKLM-x32\...\InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}) (Version:  - )
Fujitsu Display Manager (Version: 7.01.00.210 - FUJITSU LIMITED) Hidden
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}) (Version: 3.60.1.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.60.1.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version:  - )
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.000 - Ihr Firmenname) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version:  - )
Fujitsu System Extension Utility (Version: 3.1.1.0 - FUJITSU LIMITED) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2025 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{5FE78439-7CAA-45FE-A808-2D7A0FC98643}) (Version: 11.0.2.25 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LifeBook Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version:  - )
LifeBook Application Panel (Version: 8.1.0.0 - FUJITSU LIMITED) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.7.2.3 - Symantec Corporation)
PDF24 Creator 5.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 5.3.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (Version: 5.3.001 - FUJITSU LIMITED) Hidden
Power Saving Utility (HKLM-x32\...\InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}) (Version:  - )
Power Saving Utility (Version: 31.01.11.013 - FUJITSU LIMITED) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30087 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3450306727-158836411-271950113-1001\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
TuneUp Utilities 2012 (HKLM-x32\...\TuneUp Utilities 2012) (Version: 12.0.3600.73 - TuneUp Software)
TuneUp Utilities 2012 (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3450306727-158836411-271950113-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Iris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

09-04-2015 20:34:22 Windows Update
10-04-2015 21:12:19 Windows Update
10-04-2015 23:55:05 Windows Update
11-04-2015 21:19:44 Windows Update
12-04-2015 00:24:41 Windows Update
10-05-2015 22:18:40 Windows Update
10-05-2015 23:58:54 Windows Update
15-06-2015 15:37:09 Windows Update
15-06-2015 20:40:18 Windows Update
16-06-2015 13:17:48 Windows Update
16-06-2015 14:48:52 Revo Uninstaller's restore point - GNotes Extension
16-06-2015 15:06:26 Revo Uninstaller's restore point - GNotes Extension
16-06-2015 15:09:08 Revo Uninstaller's restore point - GNotes Extension
16-06-2015 15:10:18 Revo Uninstaller's restore point - GNotes Extension
16-06-2015 15:13:21 Revo Uninstaller's restore point - GNotes Extension
16-06-2015 17:43:07 Revo Uninstaller's restore point - GNotes Extension
16-06-2015 18:23:58 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-03-02 15:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E6AA818-5BFA-4F03-883C-5FCF6A91EC65} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {3D61946B-23BE-42F2-A9DE-54450EA48419} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {450A4E0B-A288-4CCC-9D6C-BFCB50FA2186} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-16] (Adobe Systems Incorporated)
Task: {60DFF8E0-C4B6-488B-8031-28526C9F4C52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-16] (Google Inc.)
Task: {8C87204A-94CC-43A4-99FD-E026397614C5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BC27A4D8-5960-45B0-95B0-AB399C32C614} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {E044AD13-0F00-42E1-ADC0-B9BCE2CB5970} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2012-05-29] (TuneUp Software)
Task: {E57DCCFA-155A-4510-909B-EE72BC0A842C} - System32\Tasks\Fujitsu\DeskUpdate => c:\Fujitsu\Programs\DeskUpdate\ducmd.exe [2010-10-13] (Fujitsu Technology Solutions)
Task: {E8FDE3E0-5B7E-499F-9BD6-E7EF2DD6BE08} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2013-02-16] (Microsoft Corporation)
Task: {FE922BD5-19C5-4753-B863-65E979E82ECC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-16] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2009-01-26 17:49 - 2009-01-26 17:49 - 00032768 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2008-10-14 13:38 - 2008-10-14 13:38 - 00014336 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\schedutils.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00014336 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\cutils.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00025088 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\osal.dll
2009-01-26 17:49 - 2009-01-26 17:49 - 00229376 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\serviceagent.dll
2009-01-26 17:46 - 2009-01-26 17:46 - 00204800 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\messaging.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00017920 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\cmessaging.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00009216 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\threadpool.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00014336 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\utils.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00011264 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\cuxml.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00057344 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\transports.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00208896 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\ssl.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00876544 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\crypto.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00077824 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\expat.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00081920 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\registration.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00090112 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\remoteaccess.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00057344 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\scheduler.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00053248 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\pollingserver.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00045056 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\acm.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00021504 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\httpbroker.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00086016 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\monitormanager.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00053248 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\filetransfer.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00013312 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\urischeme.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00155648 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\filerepository.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00008192 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\md5c.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00258048 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\swupdate.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00053248 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\commoncfg.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00045056 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\usagejob.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00008192 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\sslinit.dll
2009-01-15 15:50 - 2009-01-15 15:50 - 00017408 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\c2sLogger.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00043008 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\httpServerConnDS.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00012288 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\sctunnel.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00017408 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\ttunnel.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00057344 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\totalaccess.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00010240 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaversions.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00014336 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\stdinstallers.dll
2009-03-25 11:23 - 2009-03-25 11:23 - 00029184 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\exectaDS.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00026112 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\winwmids.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00009728 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\pstoreds.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00057344 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\winsysinfods.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00057344 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\winvmstatds.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00025600 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\winfsinfods.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00026112 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\cmdds.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00006656 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\uadfw.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00016896 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\stdrules.dll
2008-10-14 13:38 - 2008-10-14 13:38 - 00008192 _____ () C:\Program Files (x86)\Fujitsu\AIS Connect\bin\rulelib.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-03-05 04:09 - 2015-06-16 13:05 - 41287224 _____ () C:\Users\Iris\AppData\Roaming\Spotify\libcef.dll
2015-06-16 18:51 - 2015-06-16 18:51 - 00043008 _____ () c:\users\iris\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5tdqnm.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Iris\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Iris\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Iris\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Iris\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-05 04:09 - 2015-06-16 13:05 - 01488440 _____ () C:\Users\Iris\AppData\Roaming\Spotify\libglesv2.dll
2015-03-05 04:09 - 2015-06-16 13:05 - 00079928 _____ () C:\Users\Iris\AppData\Roaming\Spotify\libegl.dll
2015-03-05 04:09 - 2015-03-05 04:09 - 09305656 _____ () C:\Users\Iris\AppData\Roaming\Spotify\pdf.dll
2015-06-16 14:22 - 2015-06-16 14:22 - 16867504 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service" <==== ATTENTION

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3450306727-158836411-271950113-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Iris\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3463A621-0476-41C3-B104-79360348A239}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{80F8FBF2-A3F1-4758-988B-A9BE50F12FD6}] => (Allow) LPort=2869
FirewallRules: [{250BCB3A-04C3-4322-AA5F-478C912CBB78}] => (Allow) LPort=1900
FirewallRules: [{5BED5BF1-0B39-462F-A717-2AB5255C8837}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{82BC0D85-7D68-4B2A-8DDC-97F3F0CDE57E}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{FE49B5AE-6911-498F-ACF9-ED422B7530D9}] => (Allow) C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe
FirewallRules: [{AB6195E4-7CD4-40C8-9C27-C15D16D63B6A}] => (Allow) C:\Program Files (x86)\Fujitsu\AIS Connect\UltraVNC\winvnc.exe
FirewallRules: [{5D1B2A80-075E-4199-8FEA-CA7EF942D726}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{556C4B7E-439F-410D-B9F1-319284AE55C7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7A05AA52-252A-4AAA-B252-99959B93782C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3090294F-040B-450F-B986-4F10B0E6C04C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A521F4FE-E15D-4954-B061-CAFFF7B12C56}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{32C7E965-991B-48BC-A2C0-DFC840255E53}C:\users\iris\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\iris\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{42C66296-3019-42D8-8097-1B50E026753D}C:\users\iris\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\iris\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{E31E8B6D-926F-46BE-A01D-FDEDE69CAAB8}C:\users\iris\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\iris\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{867794A5-F181-46C2-8D67-E9E09ED67EB9}C:\users\iris\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\iris\appdata\roaming\spotify\spotify.exe
FirewallRules: [{2CCE55CB-FDEA-48BC-BF67-77E1A62E0BD7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A0D297C0-2C65-4456-98C1-CC9782EFB380}] => (Allow) C:\Users\Iris\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2FCA4B2C-672D-4B44-9D7C-FC825683C0FA}] => (Allow) C:\Users\Iris\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{91940B5E-03DA-422A-AE37-418304E9132D}C:\users\iris\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\iris\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{38A7C870-35DA-472C-B2AB-3D7CAB4F54AF}C:\users\iris\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\iris\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{94576F00-0E3C-4BD3-B881-AFC1E4AF1D70}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{F4BF226B-52DA-4CEC-B2E3-1529B824022D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{039D6338-7CFC-4687-9F37-40B716DF3232}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{99110F47-0FA0-42BD-9623-67D847C171AD}] => (Allow) F:\fsetup.exe
FirewallRules: [{421C2E06-823D-420D-917E-76254FD32B62}] => (Allow) F:\fsetup.exe
FirewallRules: [{FC00B7A1-3B43-4A3B-9A81-FC226B5F93F0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/16/2015 06:51:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2015 04:27:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2015 04:18:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 13.6.2015.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 27b8

Startzeit: 01d0a83a7d0a71b0

Endzeit: 14

Anwendungspfad: C:\Users\Iris\Desktop\FRST64.exe

Berichts-ID: 93eb2bff-1432-11e5-952c-e0ca94beb0f6

Error: (06/16/2015 03:45:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 38.0.5.5623, Zeitstempel: 0x5563c49a
Name des fehlerhaften Moduls: mozalloc.dll, Version: 38.0.5.5623, Zeitstempel: 0x5563b229
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0x17d8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (06/16/2015 03:44:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 38.0.5.5623, Zeitstempel: 0x5563c49a
Name des fehlerhaften Moduls: mozalloc.dll, Version: 38.0.5.5623, Zeitstempel: 0x5563b229
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0x1dc4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (06/16/2015 01:05:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/15/2015 07:09:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 937956

Error: (06/15/2015 07:09:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 937956

Error: (06/15/2015 07:09:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/15/2015 07:09:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 936957


System errors:
=============
Error: (06/16/2015 06:56:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (06/16/2015 06:47:17 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {60A90A2F-858D-42AF-8929-82BE9D99E8A1}

Error: (06/16/2015 04:23:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {60A90A2F-858D-42AF-8929-82BE9D99E8A1}

Error: (06/16/2015 01:23:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 11 für Windows 7 für x64-basierte Systeme

Error: (06/16/2015 01:10:13 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (06/15/2015 09:50:39 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}

Error: (05/11/2015 00:02:31 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 11 für Windows 7 für x64-basierte Systeme

Error: (05/10/2015 10:11:02 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (04/30/2015 02:26:47 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (04/30/2015 02:18:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Adobe Flash Player Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%109


Microsoft Office:
=========================
Error: (06/16/2015 06:51:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2015 04:27:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2015 04:18:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe13.6.2015.027b801d0a83a7d0a71b014C:\Users\Iris\Desktop\FRST64.exe93eb2bff-1432-11e5-952c-e0ca94beb0f6

Error: (06/16/2015 03:45:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.5.56235563c49amozalloc.dll38.0.5.56235563b2298000000300001aa117d801d0a82603a8c769C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlle60642a1-142d-11e5-952c-e0ca94beb0f6

Error: (06/16/2015 03:44:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.5.56235563c49amozalloc.dll38.0.5.56235563b2298000000300001aa11dc401d0a82f1df7dd11C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlle1131913-142d-11e5-952c-e0ca94beb0f6

Error: (06/16/2015 01:05:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/15/2015 07:09:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 937956

Error: (06/15/2015 07:09:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 937956

Error: (06/15/2015 07:09:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/15/2015 07:09:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 936957


CodeIntegrity Errors:
===================================
  Date: 2015-03-02 14:36:18.022
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-02 14:36:17.850
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-02 22:12:58.659
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-02 22:12:58.481
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-02 22:04:36.712
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-02 22:04:36.493
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-02 21:34:28.489
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-02 21:34:28.302
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-02 21:26:56.727
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-02 21:26:56.555
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nethfdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 68%
Total physical RAM: 3892.55 MB
Available physical RAM: 1213.19 MB
Total Pagefile: 7783.29 MB
Available Pagefile: 4954 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:463.76 GB) (Free:188.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F424250E)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=463.8 GB) - (Type=07 NTFS)

==================== End of log ============================
         
--- --- ---

Ich hoffe die aktuellen Ergebnisse sehen nicht ganz so schlimm aus

Danke dir!!

Alt 12.07.2015, 23:27   #15
Irissss
 
Searchpage/genesis offers/ thanksforthedownload etc. - Standard

Searchpage/genesis offers/ thanksforthedownload etc.



Hallo Sandra,

ich wollte mich kurz erkundigen, ob ich noch mit Hilfe auf eurer Plattform rechnen kann oder nicht? Würde mich über eine Antwort freuen und dann auch wieder regelmäßig mitarbeiten

Viele Grüße,
Iris

Antwort

Themen zu Searchpage/genesis offers/ thanksforthedownload etc.
board, browser, dateien, defragmentieren, erhalte, erhalten, fenster, fenster und seiten öffnen sich, installer, langsam, langsamer, laptop, lieben, monate, reinigen, retten, schließe, seite, seiten, tiere, troja, trojaner, trojaner board, urteil, version, versucht, öffnen



Ähnliche Themen: Searchpage/genesis offers/ thanksforthedownload etc.


  1. Ads by Name Offers entfernen
    Anleitungen, FAQs & Links - 03.09.2015 (2)
  2. Ads by Suprize Offers entfernen
    Anleitungen, FAQs & Links - 15.08.2015 (2)
  3. Windows 7 Starter: Popups und Werbung via best offers in Firefox trotz Adblock Plus machen Surfen unerträglich
    Log-Analyse und Auswertung - 22.06.2015 (11)
  4. Internet langsam, Immer wieder öffnet sich http://offers.bycontext.com
    Plagegeister aller Art und deren Bekämpfung - 07.06.2015 (25)
  5. unerwünschte Werbebanner in Chrome (Offers.ByContext.com)
    Log-Analyse und Auswertung - 16.03.2015 (11)
  6. werde Spyhunter 4 und Offers by Context nicht mehr los :(
    Plagegeister aller Art und deren Bekämpfung - 28.12.2014 (3)
  7. Genesis-offers.com öffnet selbständig Internet Explorer Fenster.
    Log-Analyse und Auswertung - 02.11.2014 (32)
  8. Browser öffnet von allein Werbeseiten (genesis offers), ändert die Standardsuchmaschine/Startseite ungefragt
    Plagegeister aller Art und deren Bekämpfung - 12.08.2014 (13)
  9. Genesis offers lassen sich nicht entfernen / und spammen alles zu, verändern Einstelungen etc.
    Plagegeister aller Art und deren Bekämpfung - 11.08.2014 (3)
  10. Offers.ByContext.com entfernen
    Anleitungen, FAQs & Links - 08.07.2014 (2)
  11. "Special Offers" entfernen
    Anleitungen, FAQs & Links - 27.05.2014 (2)
  12. Best Offers und Coupon Compagnion Malware
    Alles rund um Windows - 14.12.2013 (1)
  13. Win7: Avira Fund: Java/Dldr.Obfshlp.JC, Malwarbytes Funde: Hijack.SearchPage in Quarantäne - 35 Funde insgesamt
    Log-Analyse und Auswertung - 06.10.2013 (5)
  14. Adware BEST OFFERS
    Log-Analyse und Auswertung - 22.07.2007 (3)
  15. Problem mit "The best Offers"
    Log-Analyse und Auswertung - 04.05.2006 (1)
  16. u.a. "Best offers"-Popup im IE bei FF-Nutzung
    Log-Analyse und Auswertung - 04.04.2006 (2)
  17. not-a-virus:AdWare.SearchPage
    Plagegeister aller Art und deren Bekämpfung - 19.08.2005 (7)

Zum Thema Searchpage/genesis offers/ thanksforthedownload etc. - Hallo liebes Trojaner Board, mein Laptop ist innerhalb von einigen Monaten immer langsamer geworden, anschließend habe ich versucht ihn zu "reinigen", Dateien zu defragmentieren (ich meine, dass es so hieß) - Searchpage/genesis offers/ thanksforthedownload etc....
Archiv
Du betrachtest: Searchpage/genesis offers/ thanksforthedownload etc. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.