Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows 7 - Trojaner will Java aktualisieren (https://www.trojaner-board.de/160889-windows-7-trojaner-will-java-aktualisieren.html)

wurm44 18.11.2014 15:14
Windows 7 - Trojaner will Java aktualisieren
 
Hallo,

ich habe seit 3 Tagen das Problem, das bei meinen Browsern, egal ob Firefox oder Chrome, immer eine Meldung erscheint das meine Java-Version veraltet ist und das ich es aktualisieren soll. Daraufhin hab ich mein Virenprogramm durchlaufen lassen und tatsächlich hat es auch einen Trojaner gefunden, denn ich dann beseitigt habe. Ich dachte damit hätte sich das Problem gelöst, aber es blieb alles beim alten. Die Browser und allgemein das ganze Notebook reagieren extrem langsam und es tauchen immer wieder Pop-Up Fenster mit Werbung auf.

Ich hoffe ihr könnt mir helfen, da ich mein Notebook auch relativ bald wieder für die Uni brauche und ich es in diesem Zustand kaum benutzen kann...

schrauber 18.11.2014 16:01
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


wurm44 18.11.2014 19:06
Danke erstmal für die schnelle Antwort!

Frst.txt:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014
Ran by Cyrus Zeller (administrator) on CYRUS-LENOVO44 on 18-11-2014 18:42:28
Running from C:\Users\Cyrus Zeller\Desktop
Loaded Profile: Cyrus Zeller (Available profiles: Cyrus Zeller)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Akamai Technologies, Inc.) C:\Users\Cyrus Zeller\AppData\Local\Akamai\netsession_win.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Akamai Technologies, Inc.) C:\Users\Cyrus Zeller\AppData\Local\Akamai\netsession_win.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dropbox, Inc.) C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(Windows Net) C:\Users\Cyrus Zeller\AppData\Roaming\Windows Net Data\net.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-07-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2731304 2011-03-24] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [54632 2011-01-14] (Lenovo Group Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [fst_nl_48] => [X]
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4873248 2014-11-15] (Emsisoft GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-02-06] (Samsung Electronics)
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\Run: [Facebook Update] => C:\Users\Cyrus Zeller\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-05-13] (Facebook Inc.)
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Cyrus Zeller\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\Run: [GoogleChromeAutoLaunch_FD521468AF20D2427D07A216851C2D37] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-05-14] (Google Inc.)
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\MountPoints2: E - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\MountPoints2: F - F:\CDLaunch\shelexec.exe \SP1INST.HTM
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\MountPoints2: {12da45b9-31a7-11e3-956e-d156611909e7} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\MountPoints2: {4d6e10d2-30c5-11e3-b19b-e53640028bf2} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\MountPoints2: {4d745487-ccbf-11e3-ade9-60d819b31590} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\MountPoints2: {5d241ab4-acb1-11e2-80d7-089e01197ee7} - F:\CDLaunch\shelexec.exe \SP1INST.HTM
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\MountPoints2: {5f7d2f2f-3955-11e4-b0b4-60d819b31590} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\MountPoints2: {e90c4838-e3cb-11e1-a1a3-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Cyrus Zeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Cyrus Zeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\Cyrus Zeller\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
Startup: C:\Users\Cyrus Zeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1416005213&from=ild&uid=WDCXWD3200BEKT-08PVMT1_WD-WX61C32S2161S2161
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1416005213&from=ild&uid=WDCXWD3200BEKT-08PVMT1_WD-WX61C32S2161S2161
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1416005213&from=ild&uid=WDCXWD3200BEKT-08PVMT1_WD-WX61C32S2161S2161&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1416005213&from=ild&uid=WDCXWD3200BEKT-08PVMT1_WD-WX61C32S2161S2161
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1416005213&from=ild&uid=WDCXWD3200BEKT-08PVMT1_WD-WX61C32S2161S2161
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1416005213&from=ild&uid=WDCXWD3200BEKT-08PVMT1_WD-WX61C32S2161S2161&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1416005213&from=ild&uid=WDCXWD3200BEKT-08PVMT1_WD-WX61C32S2161S2161&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1416005213&from=ild&uid=WDCXWD3200BEKT-08PVMT1_WD-WX61C32S2161S2161
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1416005213&from=ild&uid=WDCXWD3200BEKT-08PVMT1_WD-WX61C32S2161S2161
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1416005213&from=ild&uid=WDCXWD3200BEKT-08PVMT1_WD-WX61C32S2161S2161&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1402592685&from=wpm0612&uid=WDCXWD3200BEKT-08PVMT1_WD-WX61C32S2161S2161
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1416005213&from=ild&uid=WDCXWD3200BEKT-08PVMT1_WD-WX61C32S2161S2161&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1416005213&from=ild&uid=WDCXWD3200BEKT-08PVMT1_WD-WX61C32S2161S2161&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=3EF37CE9D3F634F7&affID=120524&tsp=5037
SearchScopes: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_de___DE527
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: mystartsearch
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&CUI=UN11109573473801228&UM=2&SearchSource=3&q={searchTerms}
FF SelectedSearchEngine: mystartsearch
FF Homepage: hxxp://google.de/
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&SearchSource=2&CUI=UN11109573473801228&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3413402405-1960818121-2446029348-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Cyrus Zeller\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\searchplugins\entrusted-customized-web-search.xml
FF SearchPlugin: C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\searchplugins\iminent.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\delta-homes.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml
FF Extension: Plus-HD-3.8 - C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com [2014-07-28]
FF Extension: Plus-HD-3.8c - C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\Extensions\castro.ja@aol.com [2014-11-18]
FF Extension: pricealarm - C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM [2013-09-04]
FF Extension: Fast Start - C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\Extensions\faststartff@gmail.com [2014-07-12]
FF Extension: topbuyer - C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\Extensions\uH54@ol5OC.edu [2014-11-15]
FF Extension: entrusted  - C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\Extensions\{e44a1809-4d10-4ab8-b343-3326b64c7cdd} [2013-09-11]
FF Extension: FoxyDeal - C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\Extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D} [2013-09-04]
FF Extension: PricePeep - C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\Extensions\pricepeep@getpricepeep.com.xpi [2013-08-30]
FF Extension: NoScript - C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-11-28]
FF Extension: Adblock Plus - C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-14]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\faststartff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [shortcutff@gmail.com] - C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\shortcutff@gmail.com
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.mystartsearch.com/?type=sc&ts=1416005213&from=ild&uid=WDCXWD3200BEKT-08PVMT1_WD-WX61C32S2161S2161

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-08-04]
CHR Extension: (ShowIp) - C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoljmemkbciolpigpabjfkagboolkcj [2014-11-15]
CHR Extension: (Extended Protection) - C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml [2014-01-09]
CHR Extension: (AdBlock) - C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-15]
CHR Extension: (Skype Click to Call) - C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-07]
CHR Extension: (deal4real) - C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndcoaehegapnjkdjdilmcdkcncjjaai [2014-11-15]
CHR Extension: (Google Wallet) - C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.mystartsearch.com/?type=sc&ts=1416005213&from=ild&uid=WDCXWD3200BEKT-08PVMT1_WD-WX61C32S2161S2161

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4816568 2014-11-15] (Emsisoft GmbH)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-05-31] (Duplex Secure Ltd.)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [205952 2009-11-23] (SMI)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 18:42 - 2014-11-18 18:43 - 00027484 _____ () C:\Users\Cyrus Zeller\Desktop\FRST.txt
2014-11-18 18:42 - 2014-11-18 18:43 - 00000000 ____D () C:\FRST
2014-11-18 18:41 - 2014-11-18 18:41 - 02117120 _____ (Farbar) C:\Users\Cyrus Zeller\Desktop\FRST64.exe
2014-11-17 17:06 - 2014-11-17 17:06 - 00000618 _____ () C:\Windows\PFRO.log
2014-11-16 22:09 - 2014-11-16 22:09 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-16 22:09 - 2014-11-16 22:09 - 00002030 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-11-16 22:08 - 2014-11-16 22:08 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-16 21:05 - 2014-11-18 10:55 - 00000168 _____ () C:\Windows\setupact.log
2014-11-16 21:05 - 2014-11-16 21:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-16 18:25 - 2014-11-16 18:24 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-15 22:31 - 2014-11-15 22:31 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-11-15 22:26 - 2014-11-16 17:52 - 00002210 _____ () C:\EamClean.log
2014-11-15 20:05 - 2014-11-15 20:05 - 00001106 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-11-15 20:05 - 2014-11-15 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-11-15 20:04 - 2014-11-18 18:31 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-11-15 20:04 - 2014-11-15 20:04 - 00000000 ____D () C:\Users\Cyrus Zeller\Documents\Anti-Malware
2014-11-15 20:01 - 2014-11-15 20:03 - 232169488 _____ (Emsisoft GmbH ) C:\Users\Cyrus Zeller\Desktop\EmsisoftAntiMalwareSetup_solvusoft.exe
2014-11-15 15:55 - 2014-11-15 15:55 - 00000000 _____ () C:\Windows\SysWOW64\RENC4A9.tmp
2014-11-15 15:55 - 2014-11-15 15:55 - 00000000 _____ () C:\Windows\SysWOW64\RENC499.tmp
2014-11-15 15:55 - 2014-11-15 15:55 - 00000000 _____ () C:\Windows\SysWOW64\RENC498.tmp
2014-11-15 15:55 - 2014-11-15 15:55 - 00000000 _____ () C:\Windows\system32\REN193E.tmp
2014-11-15 15:55 - 2014-11-15 15:55 - 00000000 _____ () C:\Windows\system32\REN193D.tmp
2014-11-15 15:55 - 2014-11-15 15:55 - 00000000 _____ () C:\Windows\system32\REN193C.tmp
2014-11-15 15:22 - 2014-11-15 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-11-15 15:22 - 2014-11-15 15:22 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-11-15 15:21 - 2014-11-15 15:22 - 00001942 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-11-15 15:21 - 2014-11-15 15:22 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-11-15 15:21 - 2014-11-15 15:21 - 00000000 ____D () C:\ProgramData\McAfee
2014-11-15 15:13 - 2014-11-15 15:13 - 00001065 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk
2014-11-15 15:13 - 2014-11-15 15:13 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft
2014-11-15 15:13 - 2014-11-15 15:13 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Roaming\Cliqz
2014-11-15 15:13 - 2014-11-15 15:13 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Roaming\Abelssoft
2014-11-15 15:13 - 2014-11-15 15:13 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Local\Abelssoft
2014-11-15 15:13 - 2014-11-15 15:13 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-11-15 15:13 - 2014-11-15 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2014-11-15 15:13 - 2014-11-15 15:13 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2014-11-15 15:13 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-11-15 15:13 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-11-15 15:12 - 2014-11-15 15:13 - 13485202 _____ () C:\Users\Cyrus Zeller\Downloads\hitmanpro379.zip
2014-11-15 15:11 - 2014-11-15 15:11 - 01125200 _____ () C:\Users\Cyrus Zeller\Desktop\Hitman Pro - CHIP-Installer.exe
2014-11-15 04:25 - 2014-11-15 04:25 - 00000000 _____ () C:\Windows\SysWOW64\shoDA1E.tmp
2014-11-15 00:32 - 2014-11-15 00:32 - 00000000 ____D () C:\ProgramData\374311380
2014-11-15 00:30 - 2014-11-15 00:30 - 00000000 ____D () C:\Program Files (x86)\downloaditkeep
2014-11-15 00:29 - 2014-11-15 00:29 - 00000000 ____D () C:\ProgramData\CouponFactory
2014-11-15 00:28 - 2014-11-15 13:59 - 00000000 ____D () C:\ProgramData\downloaditkeep
2014-11-15 00:28 - 2014-11-15 00:30 - 00000000 ____D () C:\ProgramData\1cd6f3d5f6997293
2014-11-14 23:47 - 2014-11-14 23:47 - 00000000 ____D () C:\Users\Cyrus Zeller\Documents\Optimizer Pro
2014-11-14 23:47 - 2014-11-14 23:47 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-11-14 23:46 - 2014-11-18 10:56 - 00001364 _____ () C:\Windows\Tasks\YNMXE.job
2014-11-14 23:46 - 2014-11-14 23:46 - 00004416 _____ () C:\Windows\System32\Tasks\YNMXE
2014-11-14 23:45 - 2014-11-18 10:56 - 00001366 _____ () C:\Windows\Tasks\LDJRVK.job
2014-11-14 23:45 - 2014-11-14 23:45 - 00004418 _____ () C:\Windows\System32\Tasks\LDJRVK
2014-11-14 23:44 - 2014-11-18 18:30 - 00001358 _____ () C:\Windows\Tasks\VC.job
2014-11-14 23:44 - 2014-11-14 23:44 - 00004410 _____ () C:\Windows\System32\Tasks\VC
2014-11-14 23:43 - 2014-11-18 14:48 - 00001364 _____ () C:\Windows\Tasks\NUQRZ.job
2014-11-14 23:43 - 2014-11-15 17:50 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-11-14 23:43 - 2014-11-15 00:32 - 00000000 ____D () C:\Program Files (x86)\9fa6574c-5405-418d-9390-94a8a0461326
2014-11-14 23:43 - 2014-11-14 23:43 - 00004416 _____ () C:\Windows\System32\Tasks\NUQRZ
2014-11-14 23:43 - 2014-11-14 23:43 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Local\globalUpdate
2014-11-14 23:41 - 2014-11-14 23:42 - 00071608 _____ () C:\Users\Cyrus Zeller\Downloads\HDVidCodec.exe
2014-11-14 14:10 - 2014-11-14 14:26 - 00000000 ____D () C:\Users\Cyrus Zeller\Desktop\Märtyrer
2014-11-14 13:36 - 2014-11-18 10:58 - 00000000 ___RD () C:\Users\Cyrus Zeller\Dropbox
2014-11-14 13:36 - 2014-11-14 13:36 - 00001064 _____ () C:\Users\Cyrus Zeller\Desktop\Dropbox.lnk
2014-11-14 13:35 - 2014-11-14 13:35 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 13:34 - 2014-11-18 10:58 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox
2014-11-14 13:33 - 2014-11-14 13:33 - 00323712 _____ (Dropbox, Inc.) C:\Users\Cyrus Zeller\Desktop\DropboxInstaller.exe
2014-11-14 09:58 - 2014-11-15 15:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-12 03:46 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 03:46 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 03:46 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 03:46 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 03:46 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 03:46 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 03:46 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 03:46 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 03:46 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 03:46 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 03:46 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 03:46 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 03:46 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 03:46 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 03:45 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 03:45 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 03:45 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 03:45 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 03:45 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 03:45 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 03:45 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 03:45 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 03:45 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 03:45 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 03:45 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 03:45 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 03:45 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 03:45 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 03:45 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 03:45 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 03:45 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 03:45 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 03:45 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 03:45 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 03:45 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 03:45 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 03:45 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 03:45 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 03:45 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 03:45 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 03:45 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 03:45 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 03:45 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 03:45 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 03:45 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 03:45 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 03:45 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 03:45 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 03:45 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 03:45 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 03:45 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 03:45 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 03:45 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 03:45 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 03:45 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 03:45 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 03:45 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 03:45 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 03:45 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 03:45 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 03:45 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 03:45 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 03:45 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 03:45 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 03:45 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 03:45 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 03:45 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 03:45 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 03:45 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 03:45 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 03:44 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 03:44 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 03:44 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 03:44 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 03:44 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 03:44 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 03:44 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 03:44 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 03:44 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 03:44 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 03:44 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 03:44 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 03:44 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 03:44 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 03:44 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 03:43 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 03:43 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 03:43 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 03:43 - 2014-09-19 10:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-12 03:43 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 03:43 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 03:43 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 03:43 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 03:43 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 03:43 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-12 03:43 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 03:43 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 03:43 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 03:43 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 03:43 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 03:43 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 03:42 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 03:42 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-07 16:00 - 2014-11-07 22:39 - 00023259 _____ () C:\Users\Cyrus Zeller\Desktop\facebook-fallstudie.odt
2014-11-04 15:10 - 2014-11-04 15:12 - 00000000 ____D () C:\Users\Cyrus Zeller\Desktop\Sahbas zeug
2014-10-28 20:27 - 2014-11-07 17:41 - 00175272 _____ () C:\Users\Cyrus Zeller\Desktop\sap-ausarbeitung.odt
2014-10-23 15:08 - 2014-10-23 15:08 - 00001227 _____ () C:\Users\Public\Desktop\SAP Logon Pad.lnk
2014-10-23 15:08 - 2014-10-23 15:08 - 00000000 ____D () C:\Users\Cyrus Zeller\Documents\SAP
2014-10-23 15:08 - 2014-10-23 15:08 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Roaming\SAP
2014-10-23 15:06 - 2014-10-23 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAP Front End
2014-10-23 15:05 - 2011-11-23 01:23 - 01064960 _____ () C:\Windows\SysWOW64\h5krnl32.dll
2014-10-23 15:05 - 2011-11-23 01:23 - 00188928 _____ () C:\Windows\SysWOW64\h5icon32.dll
2014-10-23 15:05 - 2011-11-23 01:23 - 00175616 _____ () C:\Windows\SysWOW64\h5menu32.dll
2014-10-23 15:05 - 2011-11-23 01:23 - 00114688 _____ (heilerSoftware) C:\Windows\SysWOW64\h5dlg32.dll
2014-10-23 15:05 - 2011-11-23 01:23 - 00095744 _____ () C:\Windows\SysWOW64\h5rtf32.dll
2014-10-23 15:05 - 2011-11-23 01:23 - 00051200 _____ () C:\Windows\SysWOW64\h5tool32.dll
2014-10-23 15:05 - 2011-03-24 08:11 - 00659264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomct2.ocx
2014-10-23 15:05 - 2009-03-24 11:52 - 01069376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomctl.ocx
2014-10-23 15:05 - 2009-03-24 11:52 - 00614992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.ocx
2014-10-23 15:05 - 2009-03-24 11:52 - 00443488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshflxgd.ocx
2014-10-23 15:05 - 2009-03-24 11:52 - 00415552 _____ (Microsoft Corporation ) C:\Windows\SysWOW64\comct332.ocx
2014-10-23 15:05 - 2009-03-24 11:52 - 00278352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdatgrd.ocx
2014-10-23 15:05 - 2009-03-24 11:52 - 00258880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msflxgrd.ocx
2014-10-23 15:05 - 2009-03-24 11:52 - 00221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tabctl32.ocx
2014-10-23 15:05 - 2009-03-24 11:52 - 00218432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\richtx32.ocx
2014-10-23 15:05 - 2009-03-24 11:52 - 00170080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comct232.ocx
2014-10-23 15:05 - 2009-03-24 11:52 - 00155984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2014-10-23 15:05 - 2009-03-24 11:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msstdfmt.dll
2014-10-23 15:05 - 2004-02-23 15:31 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tlbinf32.dll
2014-10-23 15:05 - 2003-03-18 19:05 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ATL71.dll
2014-10-23 15:05 - 1999-04-29 12:04 - 01355776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvbvm50.dll
2014-10-23 15:05 - 1998-06-26 20:22 - 00094744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\grid32.ocx
2014-10-23 15:05 - 1998-06-24 10:57 - 00067376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysinfo.ocx
2014-10-23 15:05 - 1998-06-18 11:58 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msstkprp.dll
2014-10-23 15:04 - 2014-10-23 15:04 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Local\SAP
2014-10-23 15:04 - 2014-03-10 10:53 - 04440064 _____ (SAP AG) C:\Windows\SysWOW64\librfc32.dll
2014-10-23 15:04 - 2014-02-27 13:34 - 01722432 _____ (SAP, Walldorf) C:\Windows\SysWOW64\SAPbtmp.dll
2014-10-23 15:04 - 2003-03-18 21:20 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2014-10-23 15:04 - 1995-05-19 08:15 - 00133904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcans32.dll
2014-10-23 14:57 - 2014-10-23 15:07 - 00000000 ____D () C:\Program Files (x86)\SAP
2014-10-19 18:11 - 2014-10-19 18:11 - 00000126 ____H () C:\Users\Cyrus Zeller\Downloads\.~lock.lol.ppt#

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 18:44 - 2013-09-04 17:44 - 00001918 _____ () C:\Windows\Tasks\Plus-HD-3.8-chromeinstaller.job
2014-11-18 18:44 - 2013-09-04 17:44 - 00001842 _____ () C:\Windows\Tasks\Plus-HD-3.8-firefoxinstaller.job
2014-11-18 18:44 - 2013-09-04 17:44 - 00001304 _____ () C:\Windows\Tasks\Plus-HD-3.8-updater.job
2014-11-18 18:44 - 2013-09-04 17:44 - 00001210 _____ () C:\Windows\Tasks\Plus-HD-3.8-codedownloader.job
2014-11-18 18:44 - 2013-09-04 17:44 - 00001108 _____ () C:\Windows\Tasks\Plus-HD-3.8-enabler.job
2014-11-18 18:42 - 2012-08-11 16:51 - 01766152 _____ () C:\Windows\WindowsUpdate.log
2014-11-18 18:41 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-18 18:41 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-18 18:36 - 2014-05-13 17:31 - 00000956 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3413402405-1960818121-2446029348-1001UA.job
2014-11-18 18:36 - 2014-05-13 17:31 - 00000934 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3413402405-1960818121-2446029348-1001Core.job
2014-11-18 18:30 - 2013-03-14 20:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-18 18:30 - 2012-08-11 17:20 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-18 10:56 - 2012-08-11 17:20 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-18 10:55 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-16 23:57 - 2012-08-11 17:08 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-16 23:56 - 2013-03-14 16:37 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Roaming\Adobe
2014-11-16 22:10 - 2013-03-25 12:29 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Local\Adobe
2014-11-16 18:25 - 2014-10-11 13:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-16 18:25 - 2014-10-11 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-15 22:27 - 2009-07-14 05:45 - 00351440 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-15 15:57 - 2014-05-31 03:11 - 00638888 _____ (Oracle Corporation) C:\Users\Cyrus Zeller\Desktop\jxpiinstall.exe
2014-11-15 15:55 - 2012-08-11 17:15 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-15 15:55 - 2012-08-11 17:14 - 00000000 ____D () C:\Program Files\Java
2014-11-15 15:54 - 2014-10-11 13:56 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-15 15:54 - 2014-10-11 13:56 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-15 15:54 - 2014-10-11 13:56 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-15 15:54 - 2014-10-11 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-11-15 15:27 - 2013-04-05 22:26 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Local\CrashDumps
2014-11-15 15:27 - 2011-02-15 10:42 - 00000000 ____D () C:\Windows\Panther
2014-11-15 15:21 - 2013-03-14 20:56 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-15 15:21 - 2013-03-14 20:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-15 15:21 - 2013-03-14 20:56 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-15 15:13 - 2013-03-14 16:16 - 00087168 _____ () C:\Users\Cyrus Zeller\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-14 23:46 - 2013-03-14 20:25 - 00001392 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-14 23:46 - 2013-03-14 20:25 - 00001380 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-14 23:46 - 2013-03-14 16:19 - 00001654 _____ () C:\Users\Cyrus Zeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-14 22:57 - 2014-02-04 17:45 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-11-14 22:57 - 2013-03-14 20:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-14 16:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 15:16 - 2013-03-14 22:49 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-11-14 13:36 - 2013-03-14 16:15 - 00000000 ____D () C:\Users\Cyrus Zeller
2014-11-14 09:44 - 2014-05-21 16:38 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Local\Akamai
2014-11-13 15:14 - 2014-05-07 00:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 03:09 - 2013-07-12 01:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 03:02 - 2013-03-17 12:47 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-04 15:10 - 2013-05-15 21:17 - 00000000 ____D () C:\Users\Cyrus Zeller\Desktop\Studium
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 14:46 - 2012-08-12 02:34 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-10-29 14:46 - 2012-08-12 02:34 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-10-29 14:46 - 2009-07-14 06:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-28 19:54 - 2013-04-07 20:04 - 00000000 ____D () C:\Users\Cyrus Zeller\Desktop\Musik
2014-10-23 15:05 - 2009-07-14 03:34 - 00021259 _____ () C:\Windows\system32\Drivers\etc\services
2014-10-19 12:12 - 2014-10-17 21:33 - 00000000 ____D () C:\ProgramData\Apple
2014-10-19 12:06 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

Some content of TEMP:
====================
C:\Users\Cyrus Zeller\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjhgta4.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 17:18

==================== End Of Log ============================
--- --- ---



Addition.txt:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2014
Ran by Cyrus Zeller at 2014-11-18 18:44:54
Running from C:\Users\Cyrus Zeller\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
337 GAMES (HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\337Games) (Version: 1.1.1.0 - ) <==== ATTENTION
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.60.03 - )
AVG PC TuneUp Language Pack (de-DE) (x32 Version: 12.0.4000.108 - AVG Technologies) Hidden
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Canon MX370 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX370_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.35 - Abelssoft)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco Packet Tracer 5.3 (HKLM-x32\...\Cisco Packet Tracer 5.3_is1) (Version:  - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
CouponFactory (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - CouponFactory) <==== ATTENTION
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DMUninstaller (HKLM-x32\...\DMUninstaller) (Version:  - ) <==== ATTENTION
Dropbox (HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FUSSBALL MANAGER 12 (HKLM-x32\...\FUSSBALL MANAGER 12) (Version: 1.0.0.0 - Electronic Arts)
GoforFiles (HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\GoforFiles) (Version: 1.7.1 - hxxp://www.goforfiles.com/) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
H2 (HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\H2) (Version:  - )
Integrated Camera (HKLM-x32\...\{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}) (Version: 5.50.2.7 - Silicon Motion)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 17 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170170}) (Version: 1.7.0.170 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0004.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband (HKLM-x32\...\{4330AAE7-1893-42F9-BC38-539A1A60530B}) (Version: 3.6.0034 - Lenovo)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\MyFreeCodec) (Version:  - )
olsr.org (HKLM-x32\...\olsr.org) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Plus-HD-3.8 (HKLM-x32\...\Plus-HD-3.8) (Version: 1.27.153.11 - Plus HD) <==== ATTENTION
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6146 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.18.0 - SAMSUNG Electronics Co., Ltd.)
SAP GUI for Windows 7.30 (Patch 8) (HKLM-x32\...\SAPGUI710) (Version: 7.30 Compilation 3 - SAP AG)
Secure Download Manager (HKLM-x32\...\{AA57D6F1-6360-4397-B2D9-B21C69863D97}) (Version: 3.1.0 - Kivuto Solutions Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SupTab (HKLM-x32\...\SupTab) (Version: 1.1.1.0 - ) <==== ATTENTION
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1400 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.30 - )
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.60.0.4 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.19.0 - )
ThinkPad Wireless LAN Adapter Software (HKLM-x32\...\{9D3D2C60-A55F-4fed-B2B9-17311226DF01}) (Version: 1.00.0029.5 - REALTEK Semiconductor Corp.)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 1.43 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.74 - Lenovo)
Update Service SimpleFiles (HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\Update Service SimpleFiles) (Version: 15.14.42 - hxxp://www.simple-files.info)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (02/25/2010 6.2.0.9419) (HKLM\...\85CE3A3657FAE5FD305B143E90E6FC89BA53001C) (Version: 02/25/2010 6.2.0.9419 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (01/19/2010 6.2.0.1417) (HKLM\...\7341A1B43E7FE58942EB1E820A17C18305DFBCE6) (Version: 01/19/2010 6.2.0.1417 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Utils (HKLM-x32\...\Windows Utils) (Version:  - )
Windows-Treiberpaket - Intel (iaStor) hdc  (01/15/2010 9.5.7.1002) (HKLM\...\C39A7AFB5CAF49F10B9573FFE2E981F1AB2074B6) (Version: 01/15/2010 9.5.7.1002 - Intel)
Windows-Treiberpaket - Intel hdc  (06/04/2009 7.0.0.1013) (HKLM\...\1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31) (Version: 06/04/2009 7.0.0.1013 - Intel)
Windows-Treiberpaket - Intel System  (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows-Treiberpaket - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows-Treiberpaket - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows-Treiberpaket - Intel USB  (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows-Treiberpaket - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows-Treiberpaket - Realtek Semiconductor Corp. HD Audio Driver (06/29/2010 6.0.1.6146) (HKLM\...\03A7DBDC77B53F52C7EA041F531310CFC5E2AD9E) (Version: 06/29/2010 6.0.1.6146 - Realtek Semiconductor Corp.)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (03/24/2011 15.2.19.0) (HKLM\...\5DF942712DC7660AE4A1B04809A1C3F67B0CA27C) (Version: 03/24/2011 15.2.19.0 - Synaptics)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
yEd Graph Editor 3.12.2 (HKLM-x32\...\3309-7404-0599-8908) (Version: 3.12.2 - yWorks GmbH)
Yontoo 2.051 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 2.051 - Yontoo LLC) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

09-11-2014 23:11:31 Windows Update
13-11-2014 02:00:52 Windows Update
14-11-2014 08:46:59 Windows Update
15-11-2014 14:57:36 Removed Java 8 Update 25
17-11-2014 16:19:22 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {078C864A-EFB2-42D7-8BC3-75E2AA6E1267} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-09-12] (Adobe Systems Incorporated)
Task: {0E158322-C7BF-42B8-95FE-98D752646941} - System32\Tasks\Update Service SimpleFiles => C:\Program Files (x86)\SimpleFilesUpdater\SimpleFilesUpdater.exe [2014-10-17] (hxxp://simple-files.com/)
Task: {1612CEFF-45F9-4971-9FD4-603112DF20AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {2A2C5E9E-2553-4B40-92AE-0C9DCF49F912} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {2A74B2CC-5F18-4714-BE55-9CE31C3CB522} - System32\Tasks\Plus-HD-3.8-firefoxinstaller => C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-firefoxinstaller.exe <==== ATTENTION
Task: {42E3C1AE-9668-4DA5-8121-0A411EC03627} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {4AEB3665-7315-489B-9D6B-781B5073F930} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {69A423F5-3037-447F-BE5E-1F73206B970C} - System32\Tasks\NUQRZ => C:\Users\Cyrus Zeller\AppData\Roaming\NUQRZ.exe <==== ATTENTION
Task: {6B806626-9D80-4527-AD1B-E4666A6AC017} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe [2014-11-10] (CHIP)
Task: {6EC7E7DE-2C67-442A-B130-0B61F60A2DBF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3413402405-1960818121-2446029348-1001Core => C:\Users\Cyrus Zeller\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-05-13] (Facebook Inc.)
Task: {78262E6B-860B-4324-86C1-AEE0339D8052} - System32\Tasks\YNMXE => C:\Users\Cyrus Zeller\AppData\Roaming\YNMXE.exe <==== ATTENTION
Task: {7ADDECBD-0D1E-4F0A-88E5-78C8DFEAF473} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {87FC2DA5-0BB6-4825-B305-7AF8F47B9BA8} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2010-08-24] (Lenovo Group Limited)
Task: {91985D9B-6028-44B0-8B9A-F1C73FDD0CEF} - System32\Tasks\Plus-HD-3.8-updater => C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-updater.exe <==== ATTENTION
Task: {943B3EE6-1512-4660-96DE-4FB570B1E5CB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9941840C-EE03-495A-A114-1CCFEB6C5E43} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
Task: {9C640DAD-E324-43A0-AE9C-61A0DA89B58A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-15] (Adobe Systems Incorporated)
Task: {A018C5AB-FF03-4284-8FA4-61B5794658AC} - System32\Tasks\Plus-HD-3.8-chromeinstaller => C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-chromeinstaller.exe <==== ATTENTION
Task: {AAEAC9D9-F670-4B26-8FC1-AECC152DD226} - System32\Tasks\Plus-HD-3.8-enabler => C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-enabler.exe <==== ATTENTION
Task: {B66212C0-B85F-4458-AD5F-E18404E53A48} - System32\Tasks\LDJRVK => C:\Users\Cyrus Zeller\AppData\Roaming\LDJRVK.exe <==== ATTENTION
Task: {E1564ABA-03AA-4ABB-8474-A6A0D6F49487} - System32\Tasks\VC => C:\Users\Cyrus Zeller\AppData\Roaming\VC.exe <==== ATTENTION
Task: {E1ABAC4F-A34F-436D-A61A-17D0BCE1C416} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3413402405-1960818121-2446029348-1001UA => C:\Users\Cyrus Zeller\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-05-13] (Facebook Inc.)
Task: {E2048021-54F2-4EA8-BB7E-F7A889D78C2D} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
Task: {E9DD3230-69B1-4288-8BC8-8FEA2E7A29F8} - System32\Tasks\JavaUpdateSched => C:\Windows\SysWOW64\jusched.exe
Task: {EE8542D3-6C95-4AAC-9FED-DCEAFCA7B187} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {F2BCD348-6617-4AF6-AD64-26FB98D9A9B2} - System32\Tasks\Plus-HD-3.8-codedownloader => C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-codedownloader.exe <==== ATTENTION
Task: {F5D7AADB-ED6F-454D-9EBA-0ECFDF1D8A8A} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3413402405-1960818121-2446029348-1001Core.job => C:\Users\Cyrus Zeller\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3413402405-1960818121-2446029348-1001UA.job => C:\Users\Cyrus Zeller\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\LDJRVK.job => C:\Users\Cyrus Zeller\AppData\Roaming\LDJRVK.exe <==== ATTENTION
Task: C:\Windows\Tasks\NUQRZ.job => C:\Users\Cyrus Zeller\AppData\Roaming\NUQRZ.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-3.8-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-3.8-codedownloader.job => C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-3.8-enabler.job => C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-3.8-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-3.8-updater.job => C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\VC.job => C:\Users\Cyrus Zeller\AppData\Roaming\VC.exe <==== ATTENTION
Task: C:\Windows\Tasks\YNMXE.job => C:\Users\Cyrus Zeller\AppData\Roaming\YNMXE.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2012-08-11 17:03 - 2010-08-24 19:30 - 00047616 _____ () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2012-08-12 02:29 - 2011-03-24 11:48 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2010-02-17 22:26 - 2010-02-17 22:26 - 00173344 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2009-05-27 21:09 - 2009-05-27 21:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2014-11-15 20:19 - 2014-11-15 20:19 - 00775400 _____ () C:\Program Files (x86)\Emsisoft Anti-Malware\fw32.dll
2014-11-18 10:58 - 2014-11-18 10:58 - 00043008 _____ () c:\Users\Cyrus Zeller\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjhgta4.dll
2014-11-14 13:35 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\libcef.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-11-14 09:58 - 2014-11-14 09:58 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-15 15:21 - 2014-11-15 15:21 - 16840880 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

========================= Accounts: ==========================

Administrator (S-1-5-21-3413402405-1960818121-2446029348-500 - Administrator - Disabled)
Cyrus Zeller (S-1-5-21-3413402405-1960818121-2446029348-1001 - Administrator - Enabled) => C:\Users\Cyrus Zeller
Gast (S-1-5-21-3413402405-1960818121-2446029348-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3413402405-1960818121-2446029348-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/18/2014 10:57:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2014 05:08:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 05:54:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 03:11:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2014 10:28:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2014 07:55:54 PM) (Source: MsiInstaller) (EventID: 11722) (User: Cyrus-Lenovo44)
Description: Product: Java 8 Update 25 -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action installexe, location: C:\Windows\Installer\MSI9DEC.tmp, command: /s INSTALLDIR="C:\Program Files (x86)\Java\jre1.8.0_25\\" REPAIRMODE=0

Error: (11/15/2014 06:38:17 PM) (Source: Google Update) (EventID: 20) (User: Cyrus-Lenovo44)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (11/15/2014 03:59:35 PM) (Source: MsiInstaller) (EventID: 11722) (User: Cyrus-Lenovo44)
Description: Product: Java 8 Update 25 -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action installexe, location: C:\Windows\Installer\MSI71F4.tmp, command: /s INSTALLDIR="C:\Program Files (x86)\Java\jre1.8.0_25\\" REPAIRMODE=0

Error: (11/15/2014 02:01:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 11:45:44 PM) (Source: MsiInstaller) (EventID: 11309) (User: Cyrus-Lenovo44)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.


System errors:
=============
Error: (11/18/2014 02:48:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (11/18/2014 10:56:51 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (11/17/2014 05:10:00 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005

Error: (11/17/2014 05:10:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (11/17/2014 05:08:21 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (11/16/2014 05:54:36 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (11/16/2014 05:53:52 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (11/16/2014 03:11:55 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (11/15/2014 10:28:50 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (11/15/2014 10:28:16 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (11/18/2014 10:57:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2014 05:08:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 05:54:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 03:11:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2014 10:28:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2014 07:55:54 PM) (Source: MsiInstaller) (EventID: 11722) (User: Cyrus-Lenovo44)
Description: Product: Java 8 Update 25 -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action installexe, location: C:\Windows\Installer\MSI9DEC.tmp, command: /s INSTALLDIR="C:\Program Files (x86)\Java\jre1.8.0_25\\" REPAIRMODE=0 (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/15/2014 06:38:17 PM) (Source: Google Update) (EventID: 20) (User: Cyrus-Lenovo44)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (11/15/2014 03:59:35 PM) (Source: MsiInstaller) (EventID: 11722) (User: Cyrus-Lenovo44)
Description: Product: Java 8 Update 25 -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action installexe, location: C:\Windows\Installer\MSI71F4.tmp, command: /s INSTALLDIR="C:\Program Files (x86)\Java\jre1.8.0_25\\" REPAIRMODE=0 (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/15/2014 02:01:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 11:45:44 PM) (Source: MsiInstaller) (EventID: 11309) (User: Cyrus-Lenovo44)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 77%
Total physical RAM: 3892.55 MB
Available physical RAM: 868.65 MB
Total Pagefile: 7783.28 MB
Available Pagefile: 3415.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:284.91 GB) (Free:213.69 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:11.72 GB) (Free:2.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1BB360F7)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=284.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 19.11.2014 16:28
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    337 GAMES

    CouponFactory

    DMUninstaller

    GoforFiles

    Plus-HD-3.8

    SupTab

    Yontoo 2.051


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

wurm44 23.11.2014 00:08
Code:
ComboFix 14-11-18.01 - Cyrus Zeller 22.11.2014  23:56:39.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3893.1999 [GMT 1:00]
ausgeführt von:: c:\users\Cyrus Zeller\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files (x86)\Buzz_Words
c:\programdata\374311380
c:\programdata\374311380\BIT8B20.tmp
c:\programdata\ntuser.pol
c:\users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
c:\users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences
c:\users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoljmemkbciolpigpabjfkagboolkcj
c:\users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoljmemkbciolpigpabjfkagboolkcj\186\background.html
c:\users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoljmemkbciolpigpabjfkagboolkcj\186\content.js
c:\users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoljmemkbciolpigpabjfkagboolkcj\186\lsdb.js
c:\users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoljmemkbciolpigpabjfkagboolkcj\186\manifest.json
c:\users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoljmemkbciolpigpabjfkagboolkcj\186\Tzw.js
c:\users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndcoaehegapnjkdjdilmcdkcncjjaai
c:\users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndcoaehegapnjkdjdilmcdkcncjjaai\1.4\background.html
c:\users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndcoaehegapnjkdjdilmcdkcncjjaai\1.4\content.js
c:\users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndcoaehegapnjkdjdilmcdkcncjjaai\1.4\kWdSGAJJY.js
c:\users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndcoaehegapnjkdjdilmcdkcncjjaai\1.4\lsdb.js
c:\users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndcoaehegapnjkdjdilmcdkcncjjaai\1.4\manifest.json
c:\users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_agoljmemkbciolpigpabjfkagboolkcj_0.localstorage
c:\users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
c:\users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_impaepofmnammebeenafgmllpnjaiime_0.localstorage-journal
c:\users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_impaepofmnammebeenafgmllpnjaiime_0.localstorage
c:\users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome.manifest
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\asyncDB.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\background.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\browserAction.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\contextMenu.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\dbManager.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\dom_bg.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\fileManager.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\firefox.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\firefoxNotifications.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\firefoxOmnibox.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\message.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\pageAction.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\request.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\tabs.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\webRequest.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\background.html
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\baseObject.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\browser.xul
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\console.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\consts.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\delegate.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\httpObserver.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\IDBWrapper.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\installer.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\pluginsManager.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\prefs.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\progressListenerObserver.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\registry.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\reloadObserver.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\reports.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\requestObject.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\searchSettings.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\uninstallObserver.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\updateManager.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\utils.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\xhr.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\dialog.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\extensionCode\backgroundCode.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\extensionCode\pageCode.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\main.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\options.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\options.xul
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\search_dialog.xul
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\defaults\preferences\prefs.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\manifest.xml
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins.json
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\1_base.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\101_cortica_m.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\102_dealply_m.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\103_intext_5_m.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\104_jollywallet_m.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\105_corticas_m.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\107_coupish_m.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\108_icm_m.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\116_ads_only_5_m.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\119_similar_web_m.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\120_luck_m.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\123_intext_adv_m.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\125_arcadi2_m.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\126_revizer_ws_m.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\127_revizer_p_m.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\129_widdit_m.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\135_arcadi3_m.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\138_getdeal_m.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\142_intext_fa_m.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\155_ibario_pops_m.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\17_jQuery.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\21_debug.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\22_resources.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\28_initializer.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\47_resources_background.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\64_appApiMessage.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\72_appApiValidation.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\92_superfish_m.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\98_omniCommands.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\userCode\background.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\userCode\extension.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\install.rdf
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\locale\en-US\translations.dtd
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\button1.png
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\button2.png
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\button3.png
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\button4.png
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\button5.png
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\crossrider_statusbar.png
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\icon128.png
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\icon16.png
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\icon24.png
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\icon48.png
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\panelarrow-up.png
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\popup.html
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\skin.css
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\update.css
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\pricepeep@getpricepeep.com.xpi
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\uH54@ol5OC.edu
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\uH54@ol5OC.edu\bootstrap.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\uH54@ol5OC.edu\chrome.manifest
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\uH54@ol5OC.edu\content\bg.js
c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\uH54@ol5OC.edu\install.rdf
c:\users\Cyrus Zeller\AppData\Roaming\Windows Net Data
c:\users\Cyrus Zeller\AppData\Roaming\Windows Net Data\id.dat
c:\users\Cyrus Zeller\AppData\Roaming\Windows Net Data\net.exe
c:\users\Cyrus Zeller\AppData\Roaming\Windows Net Data\uninstaller.exe
c:\users\Cyrus Zeller\Desktop\Search.lnk
Q:\AUTORUN.INF
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-10-22 bis 2014-11-22  ))))))))))))))))))))))))))))))
.
.
2014-11-22 23:03 . 2014-11-22 23:03        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-11-20 22:06 . 2014-09-16 21:57        1188440        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{679261D2-575E-4E59-94D4-ACA5373E837C}\gapaengine.dll
2014-11-20 22:05 . 2014-11-02 04:20        11632448        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2EA4184-7B23-4D8A-B1A4-EA6F1171A6E1}\mpengine.dll
2014-11-20 16:38 . 2014-11-20 16:38        --------        d-----w-        c:\program files (x86)\VS Revo Group
2014-11-19 19:36 . 2014-11-02 04:20        11632448        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-19 12:04 . 2014-11-11 03:08        241152        ----a-w-        c:\windows\system32\pku2u.dll
2014-11-19 12:04 . 2014-11-11 03:08        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-11-19 12:04 . 2014-11-11 02:44        186880        ----a-w-        c:\windows\SysWow64\pku2u.dll
2014-11-19 12:04 . 2014-11-11 02:44        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-11-18 17:42 . 2014-11-18 17:46        --------        d-----w-        C:\FRST
2014-11-16 21:08 . 2014-11-16 21:09        --------        d-----w-        c:\program files (x86)\Common Files\Adobe
2014-11-16 17:25 . 2014-11-16 17:25        --------        d-----w-        c:\program files (x86)\Common Files\Java
2014-11-16 17:25 . 2014-11-16 17:24        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-15 21:31 . 2014-11-15 21:31        --------        d-----w-        c:\programdata\Emsisoft
2014-11-15 19:04 . 2014-11-22 22:46        --------        d-----w-        c:\program files (x86)\Emsisoft Anti-Malware
2014-11-15 14:55 . 2014-11-15 14:55        0        ----a-w-        c:\windows\system32\REN193E.tmp
2014-11-15 14:55 . 2014-11-15 14:55        0        ----a-w-        c:\windows\system32\REN193D.tmp
2014-11-15 14:55 . 2014-11-15 14:55        0        ----a-w-        c:\windows\system32\REN193C.tmp
2014-11-15 14:55 . 2014-11-15 14:55        0        ----a-w-        c:\windows\SysWow64\RENC4A9.tmp
2014-11-15 14:55 . 2014-11-15 14:55        0        ----a-w-        c:\windows\SysWow64\RENC499.tmp
2014-11-15 14:55 . 2014-11-15 14:55        0        ----a-w-        c:\windows\SysWow64\RENC498.tmp
2014-11-15 14:22 . 2014-11-15 14:22        --------        d-----w-        c:\program files\McAfee Security Scan
2014-11-15 14:21 . 2014-11-15 14:22        --------        d-----w-        c:\programdata\McAfee Security Scan
2014-11-15 14:21 . 2014-11-15 14:21        --------        d-----w-        c:\programdata\McAfee
2014-11-15 14:13 . 2014-11-15 14:13        --------        d-----w-        c:\users\Cyrus Zeller\AppData\Roaming\Abelssoft
2014-11-15 14:13 . 2014-11-15 14:13        --------        d-----w-        c:\programdata\XDMessagingv4
2014-11-15 14:13 . 2011-03-25 18:42        338432        ----a-w-        c:\windows\SysWow64\sqlite36_engine.dll
2014-11-15 14:13 . 2014-11-15 14:13        --------        d-----w-        c:\users\Cyrus Zeller\AppData\Local\Abelssoft
2014-11-15 14:13 . 2011-05-13 10:16        493056        ----a-w-        c:\windows\SysWow64\dhRichClient3.dll
2014-11-15 14:13 . 2014-11-15 14:13        --------        d-----w-        c:\users\Cyrus Zeller\AppData\Roaming\Cliqz
2014-11-15 03:25 . 2014-11-15 03:25        0        ----a-w-        c:\windows\SysWow64\shoDA1E.tmp
2014-11-14 23:30 . 2014-11-14 23:30        --------        d-----w-        c:\program files (x86)\downloaditkeep
2014-11-14 23:28 . 2014-11-15 12:59        --------        d-----w-        c:\programdata\downloaditkeep
2014-11-14 23:28 . 2014-11-14 23:30        --------        d-----w-        c:\programdata\1cd6f3d5f6997293
2014-11-14 22:47 . 2014-11-14 22:47        --------        d-----w-        c:\programdata\WindowsMangerProtect
2014-11-14 22:43 . 2014-11-14 23:32        --------        d-----w-        c:\program files (x86)\9fa6574c-5405-418d-9390-94a8a0461326
2014-11-14 22:43 . 2014-11-15 16:50        --------        d-----w-        c:\program files (x86)\globalUpdate
2014-11-14 22:43 . 2014-11-14 22:43        --------        d-----w-        c:\users\Cyrus Zeller\AppData\Local\globalUpdate
2014-11-14 12:36 . 2014-11-22 22:48        --------        d-----r-        c:\users\Cyrus Zeller\Dropbox
2014-11-14 12:34 . 2014-11-22 22:48        --------        d-----w-        c:\users\Cyrus Zeller\AppData\Roaming\Dropbox
2014-11-12 02:45 . 2014-11-06 03:12        47616        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2014-11-12 02:44 . 2014-08-21 06:43        1882624        ----a-w-        c:\windows\system32\msxml3.dll
2014-11-12 02:43 . 2014-09-19 09:42        309760        ----a-w-        c:\windows\system32\ncrypt.dll
2014-11-12 02:42 . 2014-10-18 02:05        861696        ----a-w-        c:\windows\system32\oleaut32.dll
2014-11-12 02:42 . 2014-10-18 01:33        571904        ----a-w-        c:\windows\SysWow64\oleaut32.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-15 14:21 . 2013-03-14 19:56        701104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-15 14:21 . 2013-03-14 19:56        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-13 02:02 . 2013-03-17 11:47        103374192        ----a-w-        c:\windows\system32\MRT.exe
2014-10-30 11:25 . 2010-11-21 03:27        275080        ------w-        c:\windows\system32\MpSigStub.exe
2014-09-25 02:08 . 2014-10-01 19:50        371712        ----a-w-        c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 19:50        519680        ----a-w-        c:\windows\SysWow64\qdvd.dll
2014-09-16 21:57 . 2014-01-24 12:54        1188440        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-09 22:11 . 2014-09-23 18:15        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-23 18:15        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-09-04 05:23 . 2014-10-16 10:41        424448        ----a-w-        c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-16 10:41        372736        ----a-w-        c:\windows\SysWow64\rastls.dll
2014-08-30 01:58 . 2010-06-24 09:33        23256        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-02-13 1509232]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2013-02-06 578560]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Akamai NetSession Interface"="c:\users\Cyrus Zeller\AppData\Local\Akamai\netsession_win.exe" [2014-10-29 4673432]
"GoogleChromeAutoLaunch_FD521468AF20D2427D07A216851C2D37"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-05-13 860488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-08-24 1129832]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-13 4351712]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-02-13 310128]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-09-12 959176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
c:\users\Cyrus Zeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-11-14 35419192]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-2-17 1083680]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbsmi;Integrated Camera;c:\windows\system32\DRIVERS\SMIksdrv.sys;c:\windows\SYSNATIVE\DRIVERS\SMIksdrv.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-26 18:26        1091912        ----a-w-        c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-14 14:21]
.
2014-11-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3413402405-1960818121-2446029348-1001Core.job
- c:\users\Cyrus Zeller\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-05-13 16:31]
.
2014-11-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3413402405-1960818121-2446029348-1001UA.job
- c:\users\Cyrus Zeller\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-05-13 16:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10        164760        ----a-w-        c:\users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10        164760        ----a-w-        c:\users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10        164760        ----a-w-        c:\users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10        164760        ----a-w-        c:\users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10        164760        ----a-w-        c:\users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10        164760        ----a-w-        c:\users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10        164760        ----a-w-        c:\users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10        164760        ----a-w-        c:\users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-15 11049576]
"TpShocks"="TpShocks.exe" [2011-01-14 380776]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-30 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-30 414744]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-14 54632]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.mystartsearch.com/?type=hp&ts=1416005213&from=ild&uid=WDCXWD3200BEKT-08PVMT1_WD-WX61C32S2161S2161
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1416005213&from=ild&uid=WDCXWD3200BEKT-08PVMT1_WD-WX61C32S2161S2161&q={searchTerms}
mDefault_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1416005213&from=ild&uid=WDCXWD3200BEKT-08PVMT1_WD-WX61C32S2161S2161
mStart Page = hxxp://www.mystartsearch.com/?type=hp&ts=1416005213&from=ild&uid=WDCXWD3200BEKT-08PVMT1_WD-WX61C32S2161S2161
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1416005213&from=ild&uid=WDCXWD3200BEKT-08PVMT1_WD-WX61C32S2161S2161&q={searchTerms}
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{049D7231-EB88-426C-894B-AD66A42FCDF3}\366746: DhcpNameServer = 10.10.202.1
FF - ProfilePath - c:\users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&CUI=UN11109573473801228&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - mystartsearch
FF - prefs.js: browser.startup.homepage - hxxp://google.de/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&SearchSource=2&CUI=UN11109573473801228&UM=2&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-fst_nl_48 - (no file)
c:\users\Cyrus Zeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk - c:\users\Cyrus Zeller\AppData\Roaming\Windows Net Data\net.exe
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Windows Utils - c:\users\Cyrus Zeller\AppData\Roaming\Windows Net Data\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-11-23  00:05:15
ComboFix-quarantined-files.txt  2014-11-22 23:05
.
Vor Suchlauf: 16 Verzeichnis(se), 231.309.332.480 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 230.806.876.160 Bytes frei
.
- - End Of File - - 719378B952D3D767BC98785B9FF25A5F

schrauber 23.11.2014 15:01
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

wurm44 03.12.2014 12:57
mbam.txt:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 01.12.2014
Suchlauf-Zeit: 22:30:19
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.12.01.07
Rootkit Datenbank: v2014.12.01.02
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Cyrus Zeller

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 341184
Verstrichene Zeit: 23 Min, 38 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 1
PUP.Optional.DownloadItKeep.A, C:\ProgramData\downloaditkeep, In Quarantäne, [dfcced70cbb1c76f218a380931d24bb5],

Dateien: 11
PUP.Optional.SmartBar.A, C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_amfclgbdpgndipgoegfpkkgobahigbcl_0.localstorage, In Quarantäne, [9912362796e6f93d0bc12f13b251817f],
PUP.Optional.LiveLyrics.A, C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage, In Quarantäne, [c8e3a1bc403c9f97c36380e87d8656aa],
PUP.Optional.LiveLyrics.A, C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal, In Quarantäne, [5a51ee6fc4b89f97c06622468f74bf41],
PUP.Optional.ReMarkable.A, C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, In Quarantäne, [c1ea7edfd6a6f343f21949747292ef11],
PUP.Optional.ReMarkable.A, C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, In Quarantäne, [f0bbd28bb2ca1b1bc843754857add030],
PUP.Optional.QuickStart.A, C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), Ersetzt,[703b9fbec0bce4528ca8cac97e87d729]
PUP.Optional.CrossRider.A, C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "140e9ddf9f24690e6a5842ddaaac21a2");), Ersetzt,[e5c63f1efc80e3534829108451b4718f]
PUP.Optional.Conduit.A, C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&SearchSource=2&CUI=UN11109573473801228&UM=2&q=");), Ersetzt,[e3c8cb92d5a773c386430c886c999967]
PUP.Optional.Conduit.A, C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&CUI=UN11109573473801228&UM=2&SearchSource=3&q={searchTerms}");), Ersetzt,[7635c8953d3f94a224b897fd897ccd33]
PUP.Optional.Conduit.A, C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\prefs.js, Gut: (), Schlecht: (user_pref("CT3281675.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&SearchSource=2&CUI=UN11109573473801228&UM=2&q=");), Ersetzt,[317aaeaf582452e41ac32d670ef7738d]
PUP.Optional.Conduit.A, C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\prefs.js, Gut: (), Schlecht: (user_pref("CT3281675.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3281675&octid=CT3281675&SearchSource=15&CUI=UN11109573473801228&SSPV=&Lay=1&UM=2\"}");), Ersetzt,[6249124bceaeff375893167e43c2e31d]

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

AdwCleaner.txt:

Code:
# AdwCleaner v4.103 - Bericht erstellt am 01/12/2014 um 23:57:49
# Aktualisiert 01/12/2014 von Xplode
# Database : 2014-12-01.2 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Cyrus Zeller - CYRUS-LENOVO44
# Gestartet von : C:\Users\Cyrus Zeller\Desktop\AdwCleaner_4.103.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\SearchProtect
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\1cd6f3d5f6997293
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\orbitdownloader
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\Common Files\337
Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Users\Cyrus Zeller\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Cyrus Zeller\AppData\Roaming\SimpleFiles
Ordner Gelöscht : C:\Users\Cyrus Zeller\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
Ordner Gelöscht : C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Datei Gelöscht : C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\invalidprefs.js

***** [ Tasks ] *****

Task Gelöscht : Desk 365 RunAsStdUser
Task Gelöscht : GoforFilesUpdate
Task Gelöscht : Update Service SimpleFiles

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Cyrus Zeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Cyrus Zeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Cyrus Zeller\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Cyrus Zeller\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Cyrus Zeller\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [shortcutff@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\.
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\..9
Schlüssel Gelöscht : HKCU\Software\585388dae268ee10
Schlüssel Gelöscht : HKLM\SOFTWARE\585388dae268ee10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00100000-2001-0051-B4B6-006094B9D64F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00100000-2001-0054-B4B6-006094B9D64F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00100000-2001-0057-B4B6-006094B9D64F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2b4f05d6-0e0b-4a74-a96c-c85693149e19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322902230}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355905530}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366906630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344904430}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2b4f05d6-0e0b-4a74-a96c-c85693149e19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{2b4f05d6-0e0b-4a74-a96c-c85693149e19}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355905530}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366906630}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Orbit
Schlüssel Gelöscht : HKCU\Software\SimpleFiles
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\superlyrics
Schlüssel Gelöscht : HKLM\SOFTWARE\Desksvc
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\hdcode
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\Orbit
Schlüssel Gelöscht : HKLM\SOFTWARE\SimpleFiles
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\V9
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C52B8B6-FFA2-12F6-0A5A-E8301F96A568}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v33.1 (x86 de)

[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.1000082.isPlayDisplay", "true");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.1000234.TWC_TMP_city", "BERLIN");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.1000234.TWC_TMP_country", "DE");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.1000234.TWC_country", "GERMANY");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.1000234.TWC_locId", "GMXX0007");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.1000234.TWC_location", "Berlin, Germany");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.1000234.TWC_region", "DE");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.1000234.TWC_temp_dis", "c");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.1000234.TWC_wind_dis", "kmh");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.1000234.weatherData", "{\"icon\":\"34.png\",\"temperature\":\"20?C\",\"temperatureClear\":\"20?C\",\"highTemperature\":\"20?C\",\"lowTemperature\":\"12?C\",\"feelsLike\":\"20?C\",[...]
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.FF19Solved", "true");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.FirstTime", "true");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.FirstTimeFF3", "true");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.PG_ENABLE.enc", "dHJ1ZQ==");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.SF_JUST_INSTALLED.enc", "RkFMU0U=");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.SF_STATUS.enc", "RU5BQkxFRA==");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.SF_USER_ID.enc", "Y2lkXzI1NDIwMTMxNjEwMTk2OTgzMzIy");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&SearchSource=2&CUI=UN11109573473801228&UM=2&q=");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.UserID", "UN11109573473801228");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.addressBarTakeOverEnabledInHidden", "true");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.amazonNew_All.enc", "NDAwNTk2MSwzOTc4MzExLDQwMTE4NjEsMzk4NTQzMSwyMDEzMTE0bW5ZN2FKMGNRSkdHNERFM244MTZQUSwzNzc3MjQxLDQwMTM1NDEsMzg5NzAyMSwzOTY0MzcxLDM4MTQyMzEsNDAwNTAyMSw0MDA0OTUxLD[...]
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.appButtonDisablenull.enc", "MA==");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.autoDisableScopes", -1);
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.browser.search.defaultthis.engineName", "true");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.countryCode", "DE");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.defaultSearch", "true");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.enableAlerts", "true");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.enableFix404ByUser", "FALSE");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.enableSearchFromAddressBar", "true");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.firstTimeDialogOpened", "true");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.fixPageNotFoundError", "true");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.fixPageNotFoundErrorByUser", "true");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.fixPageNotFoundErrorInHidden", "true");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.fixUrls", true);
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.fullUserID", "UN11109573473801228.UP.20130625080230");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.homepageuserchanged", true);
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.hxxp___pinterest_aot_im.isEnabled.enc", "WQ==");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.installDate", "24/4/2013 23:27:36");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.installId", "stub.exe");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.installType", "conduitnsisintegration");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.installUsage", "2013-04-25T17:10:11.9105484+03:00");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.installUsageEarly", "2013-04-25T17:10:10.6605164+03:00");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.installerVersion", "1.3.7.3");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.isCheckedStartAsHidden", true);
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.isFirstTimeToolbarLoading", "false");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.keyword", true);
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3281675&octid=CT3281675&SearchSource=15&CUI=UN11109573473801228&SSPV=&Lay=1&UM=2\"}");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.lastVersion", "10.20.0.513");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.mam_gk_appStateReportTime.enc", "MTM2Njg5OTAxODExMw==");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.mam_gk_appState_CouponBuddy.enc", "b24=");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.mam_gk_appState_Easytobook.enc", "b24=");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.mam_gk_appState_Easytobook_targeted.enc", "b24=");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.mam_gk_appState_PriceGong.enc", "b24=");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.mam_gk_appState_WindowShopper.enc", "b24=");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IldpbmRvd1Nob3BwZXIiLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiI2MTkzOWRmZS03OTg4LTQ1NTEtOGM1NC03MzRlOWMyYjQ1MzIiLCJkb21haW5[...]
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.mam_gk_currentVersion.enc", "MS40LjQuNg==");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.mam_gk_eventsCache.enc", "eyJjZmI0NWFhYy1kNmU2LTQ4NTYtODI4ZC00Y2E5N2ExOTkyN2EiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlvbiI6IlZpZXcifSwidW5pcXVlS[...]
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.mam_gk_first_time.enc", "MQ==");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.mam_gk_gadgetOpen.enc", "MA==");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.mam_gk_lastLoginTime.enc", "MTM2Njg5OTAxODExNQ==");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50LVJpY2h0bGluaWUifSwiZ2FkZ2V0RGVzY3JpcHRpb25QcmltYXJ5Ijp7IlRleHQiOiJWYWx1ZSBBcHBzIGJlcmVpY2hlcnQgSWhy[...]
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.mam_gk_userId.enc", "MDkxYTk5ZjktOWY3YS00MjIwLTg4MmMtOWEwN2U0NThmNTBj");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.migrateAppsAndComponents", true);
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Ablank\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://entrusted.OurToolbar.com/[...]
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.openThankYouPage", "false");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.openUninstallPage", "true");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&SearchSource=2&CUI=UN11109573473801228&UM=&q=");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.originalSearchEngine", "Web Search");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.price-gong.isManagedApp", "true");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.revertSettingsEnabled", "false");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.search.searchAppId", "130036105453116013");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.search.searchCount", "0");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.searchFromAddressBarEnabledByUser", "true");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.searchInNewTabEnabledByUser", "true");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.searchInNewTabEnabledInHidden", "true");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.searchSuggestEnabledByUser", "true");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.searchUserMode", "2");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3281675\"}");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://entrusted.OurToolbar.com//xpi\"}");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"entrusted \"}");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_services_Configuration_lastUpdate", "1387141210889");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1366899010063");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_services_appsMetadata_lastUpdate", "1366899009938");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1366899009848");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1366899008314");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1366899010638");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_services_location_lastUpdate", "1372103175434");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_services_login_10.15.2.23_lastUpdate", "1366906975482");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_services_login_10.15.2.523_lastUpdate", "1368180004898");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_services_login_10.16.1.521_lastUpdate", "1368459888737");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372103175266");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_services_login_10.16.4.519_lastUpdate", "1373317357772");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_services_login_10.16.7.524_lastUpdate", "1374618494836");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_services_login_10.16.70.505_lastUpdate", "1377036901347");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378637024936");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_services_login_10.20.0.513_lastUpdate", "1387210704019");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_services_menu_bfd1c71334f926ecd0bf043e0f822c7e_lastUpdate", "1366899010082");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1366899009347");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_services_searchAPI_lastUpdate", "1387141210882");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_services_serviceMap_lastUpdate", "1387141210959");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_services_toolbarContextMenu_lastUpdate", "1366899009163");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_services_toolbarSettings_lastUpdate", "1387210700825");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.serviceLayer_services_translation_lastUpdate", "1387141210869");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.settingsINI", true);
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.shouldFirstTimeDialog", "false");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.showToolbarPermission", "false");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.smartbar.CTID", "CT3281675");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.smartbar.Uninstall", "0");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.smartbar.homepage", true);
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.smartbar.isHidden", true);
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.smartbar.toolbarName", "entrusted ");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.startPage", "true");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.toolbarBornServerTime", "25-4-2013");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.toolbarCurrentServerTime", "16-12-2013");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.toolbarDisabled", "true");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.toolbarLoginClientTime", "Thu Apr 25 2013 16:10:10 GMT+0200");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675.url_history0001.enc", "aHR0cDovL3d3dy5zcG94LmNvbS9kZS9zcG9ydC91c3Nwb3J0L25iYS8xMzA0L0FydGlrZWwvYW5hbHlzZS1va2xhaG9tYS1jaXR5LXRodW5kZXItYmVzaWVnZW4taG91c3Rvbi1yb2NrZXRzLWluLXNwaWVs[...]
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("CT3281675_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1387210699546,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3281675&octid=CT3281675&SearchSource=61&CUI=UN11109573473801228&UM=2&UP=SP96675DDE-912C-40A6-AB1D-E016A54F42AD");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT3281675");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119994&babsrc=HP_ss&mntrId=3EF37CE9D3F634F7");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("avg.install.userSPSettings", "Delta Search");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "mystartsearch");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "entrusted Customized Web Search");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&CUI=UN11109573473801228&UM=2&SearchSource=3&q={searchTerms}");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "mystartsearch");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.9Wabyl7YDpxKeSsq.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.backgroundjs", "\n\n/*****************************************************************************[...]
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.cookie.previous_page.value", "%22hxxp%3A//www.mystartsearch.com/%3Ftype%3Dsc%26ts%3D1416005213%26f[...]
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.js", "\n\n  /************************************************************************************\[...]
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_119.code", "appAPI.internal.monetization = appAPI.internal.monetization  {};\nif [...]
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_13.name", "CrossriderAppUtils");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_14.name", "CrossriderUtils");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"isBackground!==true)&&(typeof _[...]
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1[...]
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());[...]
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_78.name", "CrossriderInfo");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_9.code", "appAPI.hooks.addHook(\"searchEngine\",(function(a){return function(){var [...]
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_91.code", "(function(K){var y=[].slice;var x={};var a=function(ap){if(typeof ap==\"[...]
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.crossrider.bic", "140e9ddf9f24690e6a5842ddaaac21a2");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.admin", false);
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.id", "3ef3fd2a0000000000007ce9d3f634f7");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.instlDay", "15994");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.newTab", false);
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.6");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.623:45:08");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.6");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=120524&tsp=5037");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.Country", "DE");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.LastHiddenTime", 22814692);
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", true);
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.UserID", "CountryISO");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.Visibility", false);
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.countryiso", "de");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.downloadprovider", "quickobrw");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.installationid", "a10c3e8d-136b-47a6-95c8-1afed96cecfc");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.installdate", "04/04/2013");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.publisher", "quickobrw");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.admin", false);
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.aflt", "orgnl");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.autoRvrt", "false");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.dfltLng", "");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.excTlbr", false);
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.ffxUnstlRst", false);
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.id", "3ef3fd2a0000000000007ce9d3f634f7");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.instlDay", "15994");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.instlRef", "");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.newTab", false);
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.prdct", "iminent");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.prtnrId", "iminent");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.rvrt", "false");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.smplGrp", "none");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.tlbrId", "base");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.vrsn", "1.8.25.0");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.vrsnTs", "1.8.25.022:56:08");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.vrsni", "1.8.25.0");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("extentions.y2layers.installId", "e82307a9-6a5e-41ba-9a86-25cb46960537");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&SearchSource=2&CUI=UN11109573473801228&UM=2&q=");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("smartbar.addressBarOwnerCTID", "CT3281675");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3281675&octid=CT3281675&SearchSource=61&CUI=UN11109573473801228&UM=2&UP=SP96675DDE-912C-40A6-AB1D-E016A54F42AD,hxxp://searc[...]
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&SearchSource=2&CUI=UN11109573473801228&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("smartbar.defaultSearchOwnerCTID", "CT3281675");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("smartbar.machineId", "A7RHYFOYO1SDCDA53E9L2YFM+DNEJESFF++XKCSCFCB+ZIE4EB1V0BUXYHBYAC+CMAETZQX2PV2BXO2AN+XRRA");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3281675&octid=CT3281675&SearchSource=61&CUI=UN11109573473801228&UM=2&UP=SP96675DDE-912C-40A6-AB1D-E016A54F42AD");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("smartbar.originalSearchAddressUrl", "");
[nmfhvxzu.default\prefs.js] - Zeile gelöscht : user_pref("smartbar.originalSearchEngine", "");

-\\ Google Chrome v35.0.1916.114

[C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=3EF37CE9D3F634F7&affID=120524&tsp=5037
[C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1402592685&from=wpm0612&uid=WDCXWD3200BEKT-08PVMT1_WD-WX61C32S2161S2161&q={searchTerms}
[C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1416005213&from=ild&uid=WDCXWD3200BEKT-08PVMT1_WD-WX61C32S2161S2161&q={searchTerms}
[C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1416005213&from=ild&uid=WDCXWD3200BEKT-08PVMT1_WD-WX61C32S2161S2161&q={searchTerms}
[C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl

*************************

AdwCleaner[R0].txt - [47652 octets] - [01/12/2014 23:53:10]
AdwCleaner[S0].txt - [49658 octets] - [01/12/2014 23:57:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [49719 octets] ##########


JRT.txt:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Cyrus Zeller on 03.12.2014 at 12:45:30,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311901130}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
Successfully deleted: [Empty Folder] C:\Users\Cyrus Zeller\appdata\local\{12C7E109-303F-4DD8-A6E4-98E5B701045A}
Successfully deleted: [Empty Folder] C:\Users\Cyrus Zeller\appdata\local\{2B668B1D-B845-4E85-A15B-84C1165E9D75}
Successfully deleted: [Empty Folder] C:\Users\Cyrus Zeller\appdata\local\{72B48CB0-57BC-48D0-8793-BF6DC8546B21}



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Cyrus Zeller\AppData\Roaming\mozilla\firefox\profiles\nmfhvxzu.default\smartbar
Emptied folder: C:\Users\Cyrus Zeller\AppData\Roaming\mozilla\firefox\profiles\nmfhvxzu.default\minidumps [213 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.12.2014 at 12:50:04,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


FRST.txt:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014 (ATTENTION: ====> FRST version is 16 days old and could be outdated)
Ran by Cyrus Zeller (administrator) on CYRUS-LENOVO44 on 03-12-2014 12:52:14
Running from C:\Users\Cyrus Zeller\Desktop
Loaded Profile: Cyrus Zeller (Available profiles: Cyrus Zeller)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Akamai Technologies, Inc.) C:\Users\Cyrus Zeller\AppData\Local\Akamai\netsession_win.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Akamai Technologies, Inc.) C:\Users\Cyrus Zeller\AppData\Local\Akamai\netsession_win.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Dropbox, Inc.) C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Thisisu) C:\Users\Cyrus Zeller\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-07-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2731304 2011-03-24] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [54632 2011-01-14] (Lenovo Group Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-02-06] (Samsung Electronics)
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Cyrus Zeller\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\Run: [GoogleChromeAutoLaunch_FD521468AF20D2427D07A216851C2D37] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-05-14] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Cyrus Zeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Cyrus Zeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_de___DE527
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default
FF Homepage: hxxp://google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3413402405-1960818121-2446029348-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Cyrus Zeller\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\searchplugins\google-maps.xml
FF Extension: entrusted  - C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\Extensions\{e44a1809-4d10-4ab8-b343-3326b64c7cdd} [2013-09-11]
FF Extension: FoxyDeal - C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\Extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D} [2013-09-04]
FF Extension: NoScript - C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-11-28]
FF Extension: Adblock Plus - C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-20]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-03]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-08-04]
CHR Extension: (AdBlock) - C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-15]
CHR Extension: (Google Wallet) - C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-05-31] (Duplex Secure Ltd.)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [205952 2009-11-23] (SMI)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-03 12:52 - 2014-12-03 12:52 - 00020239 _____ () C:\Users\Cyrus Zeller\Desktop\FRST.txt
2014-12-03 12:50 - 2014-12-03 12:50 - 00001460 _____ () C:\Users\Cyrus Zeller\Desktop\JRT.txt
2014-12-03 12:45 - 2014-12-03 12:45 - 00000000 ____D () C:\Windows\ERUNT
2014-12-03 00:29 - 2014-12-03 00:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-03 00:24 - 2014-12-03 00:24 - 01707646 _____ (Thisisu) C:\Users\Cyrus Zeller\Desktop\JRT.exe
2014-12-02 00:06 - 2014-12-02 00:06 - 00050052 _____ () C:\Users\Cyrus Zeller\Desktop\AdwCleaner[S0].txt
2014-12-01 23:52 - 2014-12-01 23:58 - 00000000 ____D () C:\AdwCleaner
2014-12-01 22:31 - 2014-12-01 22:31 - 02154496 _____ () C:\Users\Cyrus Zeller\Desktop\AdwCleaner_4.103.exe
2014-11-26 23:57 - 2014-11-26 23:57 - 00076085 _____ () C:\Users\Cyrus Zeller\Desktop\sahba ethik.odt
2014-11-25 16:26 - 2014-11-25 16:26 - 02148864 _____ () C:\Users\Cyrus Zeller\Desktop\AdwCleaner_4.102.exe
2014-11-25 16:25 - 2014-12-01 23:41 - 00004258 _____ () C:\Users\Cyrus Zeller\Desktop\mbam.txt
2014-11-24 17:27 - 2014-12-03 12:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-24 17:27 - 2014-11-24 17:27 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-24 17:27 - 2014-11-24 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-24 17:27 - 2014-11-24 17:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-24 17:27 - 2014-11-24 17:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-24 17:27 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-24 17:27 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-24 17:27 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-24 17:25 - 2014-11-24 17:25 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Cyrus Zeller\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-23 00:05 - 2014-11-23 00:05 - 00053364 _____ () C:\ComboFix.txt
2014-11-22 23:54 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-22 23:54 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-22 23:54 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-22 23:54 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-22 23:54 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-22 23:54 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-22 23:54 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-22 23:54 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-22 21:07 - 2014-11-23 00:05 - 00000000 ____D () C:\Qoobox
2014-11-22 21:06 - 2014-11-23 00:04 - 00000000 ____D () C:\Windows\erdnt
2014-11-21 08:11 - 2014-11-21 08:11 - 00001227 _____ () C:\Users\Public\Desktop\SAP Logon.lnk
2014-11-20 22:55 - 2014-11-20 22:55 - 05598306 ____R (Swearware) C:\Users\Cyrus Zeller\Desktop\ComboFix.exe
2014-11-20 17:38 - 2014-11-20 17:38 - 00001279 _____ () C:\Users\Cyrus Zeller\Desktop\Revo Uninstaller.lnk
2014-11-20 17:38 - 2014-11-20 17:38 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-20 17:36 - 2014-11-20 17:36 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Cyrus Zeller\Desktop\revosetup95.exe
2014-11-19 13:04 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 13:04 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 13:04 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 13:04 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 18:42 - 2014-12-03 12:52 - 00000000 ____D () C:\FRST
2014-11-18 18:41 - 2014-11-18 18:41 - 02117120 _____ (Farbar) C:\Users\Cyrus Zeller\Desktop\FRST64.exe
2014-11-17 17:06 - 2014-12-02 00:00 - 00112314 _____ () C:\Windows\PFRO.log
2014-11-16 22:09 - 2014-11-16 22:09 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-16 22:09 - 2014-11-16 22:09 - 00002030 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-11-16 22:08 - 2014-11-16 22:08 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-16 21:05 - 2014-12-03 12:37 - 00003541 _____ () C:\Windows\setupact.log
2014-11-16 21:05 - 2014-11-16 21:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-16 18:25 - 2014-11-16 18:24 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-15 22:31 - 2014-11-15 22:31 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-11-15 22:26 - 2014-11-16 17:52 - 00002210 _____ () C:\EamClean.log
2014-11-15 20:04 - 2014-11-22 23:46 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-11-15 20:04 - 2014-11-22 21:22 - 00000000 ____D () C:\Users\Cyrus Zeller\Documents\Anti-Malware
2014-11-15 20:01 - 2014-11-15 20:03 - 232169488 _____ (Emsisoft GmbH ) C:\Users\Cyrus Zeller\Desktop\EmsisoftAntiMalwareSetup_solvusoft.exe
2014-11-15 15:55 - 2014-11-15 15:55 - 00000000 _____ () C:\Windows\SysWOW64\RENC4A9.tmp
2014-11-15 15:55 - 2014-11-15 15:55 - 00000000 _____ () C:\Windows\SysWOW64\RENC499.tmp
2014-11-15 15:55 - 2014-11-15 15:55 - 00000000 _____ () C:\Windows\SysWOW64\RENC498.tmp
2014-11-15 15:55 - 2014-11-15 15:55 - 00000000 _____ () C:\Windows\system32\REN193E.tmp
2014-11-15 15:55 - 2014-11-15 15:55 - 00000000 _____ () C:\Windows\system32\REN193D.tmp
2014-11-15 15:55 - 2014-11-15 15:55 - 00000000 _____ () C:\Windows\system32\REN193C.tmp
2014-11-15 15:22 - 2014-11-15 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-11-15 15:22 - 2014-11-15 15:22 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-11-15 15:21 - 2014-11-15 15:22 - 00001942 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-11-15 15:21 - 2014-11-15 15:22 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-11-15 15:21 - 2014-11-15 15:21 - 00000000 ____D () C:\ProgramData\McAfee
2014-11-15 15:13 - 2014-11-15 15:13 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft
2014-11-15 15:13 - 2014-11-15 15:13 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Roaming\Cliqz
2014-11-15 15:13 - 2014-11-15 15:13 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Roaming\Abelssoft
2014-11-15 15:13 - 2014-11-15 15:13 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Local\Abelssoft
2014-11-15 15:13 - 2014-11-15 15:13 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-11-15 15:13 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-11-15 15:13 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-11-15 15:12 - 2014-11-15 15:13 - 13485202 _____ () C:\Users\Cyrus Zeller\Downloads\hitmanpro379.zip
2014-11-15 15:11 - 2014-11-15 15:11 - 01125200 _____ () C:\Users\Cyrus Zeller\Desktop\Hitman Pro - CHIP-Installer.exe
2014-11-15 04:25 - 2014-11-15 04:25 - 00000000 _____ () C:\Windows\SysWOW64\shoDA1E.tmp
2014-11-15 00:30 - 2014-11-15 00:30 - 00000000 ____D () C:\Program Files (x86)\downloaditkeep
2014-11-14 23:43 - 2014-11-15 00:32 - 00000000 ____D () C:\Program Files (x86)\9fa6574c-5405-418d-9390-94a8a0461326
2014-11-14 23:41 - 2014-11-14 23:42 - 00071608 _____ () C:\Users\Cyrus Zeller\Downloads\HDVidCodec.exe
2014-11-14 13:36 - 2014-12-03 12:39 - 00000000 ___RD () C:\Users\Cyrus Zeller\Dropbox
2014-11-14 13:36 - 2014-11-14 13:36 - 00001064 _____ () C:\Users\Cyrus Zeller\Desktop\Dropbox.lnk
2014-11-14 13:35 - 2014-11-14 13:35 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 13:34 - 2014-12-03 12:39 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox
2014-11-14 13:33 - 2014-11-14 13:33 - 00323712 _____ (Dropbox, Inc.) C:\Users\Cyrus Zeller\Desktop\DropboxInstaller.exe
2014-11-12 03:46 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 03:46 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 03:46 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 03:46 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 03:46 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 03:46 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 03:46 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 03:46 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 03:46 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 03:46 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 03:46 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 03:46 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 03:46 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 03:46 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 03:45 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 03:45 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 03:45 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 03:45 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 03:45 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 03:45 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 03:45 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 03:45 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 03:45 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 03:45 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 03:45 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 03:45 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 03:45 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 03:45 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 03:45 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 03:45 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 03:45 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 03:45 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 03:45 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 03:45 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 03:45 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 03:45 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 03:45 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 03:45 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 03:45 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 03:45 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 03:45 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 03:45 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 03:45 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 03:45 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 03:45 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 03:45 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 03:45 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 03:45 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 03:45 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 03:45 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 03:45 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 03:45 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 03:45 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 03:45 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 03:45 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 03:45 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 03:45 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 03:45 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 03:45 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 03:45 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 03:45 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 03:45 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 03:45 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 03:45 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 03:45 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 03:45 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 03:45 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 03:45 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 03:45 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 03:45 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 03:44 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 03:44 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 03:44 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 03:44 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 03:44 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 03:44 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 03:44 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 03:44 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 03:44 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 03:44 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 03:44 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 03:44 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 03:44 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 03:44 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 03:44 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 03:43 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 03:43 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 03:43 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 03:43 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 03:43 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 03:43 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 03:43 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 03:43 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 03:43 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 03:43 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 03:43 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 03:43 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 03:43 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 03:43 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 03:42 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 03:42 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-04 15:10 - 2014-11-04 15:12 - 00000000 ____D () C:\Users\Cyrus Zeller\Desktop\Sahbas zeug

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-03 12:44 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-03 12:44 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-03 12:42 - 2013-03-14 20:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-03 12:40 - 2012-08-11 16:51 - 01564063 _____ () C:\Windows\WindowsUpdate.log
2014-12-03 12:37 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-03 03:36 - 2014-05-13 17:31 - 00000956 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3413402405-1960818121-2446029348-1001UA.job
2014-12-03 03:30 - 2013-03-14 20:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-03 00:28 - 2014-05-13 17:31 - 00000934 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3413402405-1960818121-2446029348-1001Core.job
2014-12-01 23:57 - 2013-03-14 20:25 - 00001076 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-01 23:57 - 2013-03-14 20:25 - 00001064 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-01 23:57 - 2013-03-14 16:19 - 00001020 _____ () C:\Users\Cyrus Zeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-01 23:57 - 2012-08-11 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-27 14:32 - 2012-08-12 02:34 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-11-27 14:32 - 2012-08-12 02:34 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-11-27 14:32 - 2009-07-14 06:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-26 23:30 - 2013-03-14 20:56 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 23:30 - 2013-03-14 20:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 23:30 - 2013-03-14 20:56 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-25 16:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2014-11-24 23:45 - 2013-05-15 21:17 - 00000000 ____D () C:\Users\Cyrus Zeller\Desktop\Studium
2014-11-23 00:03 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-21 08:11 - 2014-10-23 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAP Front End
2014-11-20 23:10 - 2014-10-23 15:08 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Roaming\SAP
2014-11-20 18:14 - 2013-04-03 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\GoforFiles
2014-11-20 17:37 - 2013-04-07 20:04 - 00000000 ____D () C:\Users\Cyrus Zeller\Desktop\Musik
2014-11-16 23:57 - 2012-08-11 17:08 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-16 23:56 - 2013-03-14 16:37 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Roaming\Adobe
2014-11-16 22:10 - 2013-03-25 12:29 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Local\Adobe
2014-11-16 18:25 - 2014-10-11 13:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-16 18:25 - 2014-10-11 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-15 22:27 - 2009-07-14 05:45 - 00351440 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-15 15:57 - 2014-05-31 03:11 - 00638888 _____ (Oracle Corporation) C:\Users\Cyrus Zeller\Desktop\jxpiinstall.exe
2014-11-15 15:55 - 2012-08-11 17:15 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-15 15:55 - 2012-08-11 17:14 - 00000000 ____D () C:\Program Files\Java
2014-11-15 15:54 - 2014-10-11 13:56 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-15 15:54 - 2014-10-11 13:56 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-15 15:54 - 2014-10-11 13:56 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-15 15:54 - 2014-10-11 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-11-15 15:27 - 2013-04-05 22:26 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Local\CrashDumps
2014-11-15 15:27 - 2011-02-15 10:42 - 00000000 ____D () C:\Windows\Panther
2014-11-15 15:13 - 2013-03-14 16:16 - 00087168 _____ () C:\Users\Cyrus Zeller\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-14 16:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 15:16 - 2013-03-14 22:49 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-11-14 13:36 - 2013-03-14 16:15 - 00000000 ____D () C:\Users\Cyrus Zeller
2014-11-14 09:44 - 2014-05-21 16:38 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Local\Akamai
2014-11-13 15:14 - 2014-05-07 00:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 03:09 - 2013-07-12 01:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 03:02 - 2013-03-17 12:47 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Cyrus Zeller\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiqaveg.dll
C:\Users\Cyrus Zeller\AppData\Local\Temp\NativeUtilities-x86-0.dll
C:\Users\Cyrus Zeller\AppData\Local\Temp\Quarantine.exe
C:\Users\Cyrus Zeller\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 16:10

==================== End Of Log ============================
--- --- ---

schrauber 04.12.2014 09:51

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

wurm44 28.12.2014 01:07
Hey sry das ich erst so spät antworte aber hatte einiges um die Ohren und mit meinem Notebook lässt sich schon auch arbeiten aber immer noch ziemlich langsam, was mir vor allem das anschauen von Videos erschwert. Dazu erscheint auch immer noch unsinnige Werbung...

Also hier erstmal das logfile vom Eset Scan:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=05fcd3c57024d240ab2b416e88cf86e3
# engine=21725
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-27 09:51:37
# local_time=2014-12-27 10:51:37 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 8483446 42697491 0 0
# scanned=182806
# found=39
# cleaned=39
# scan_time=4073
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="Variante von Win32/Adware.Yontoo.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=75DFDC05C5D5F0C3B930B5B6871B6528EC9C22EA ft=1 fh=cff868ace0c06f1a vn="Variante von Win32/Adware.Yontoo.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir"
sh=B5BB0DA729529768DE7593120BBBF493891E2207 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoljmemkbciolpigpabjfkagboolkcj\186\Tzw.js.vir"
sh=2EB27EED71BA24E15A28500F36D1A765862C159F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndcoaehegapnjkdjdilmcdkcncjjaai\1.4\kWdSGAJJY.js.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\102_dealply_m.js.vir"
sh=91A6607DBD508E202138D84D346DE82921F06C9B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\107_coupish_m.js.vir"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\108_icm_m.js.vir"
sh=5C5A008E55F177D6F69D40492574390E4EADCF7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=2CAA8A9B9F1D7D41CAD7CD1DE9C253EF4411A15E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\120_luck_m.js.vir"
sh=4E356A3537E9A4B3814169EBE549D1C2AB3EC78F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\125_arcadi2_m.js.vir"
sh=E254E0BD5C202A441B4F7415C762F7D537A79E24 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=5B79E1012732BA64F2D1FDF7DBF44CAD28FE7CDD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\142_intext_fa_m.js.vir"
sh=786B0C8D3A9F6EFBCDB103B0FA7F9460D38C5D7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=CB95B247FABF95831A2974B87B334DBE4597CEB2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\92_superfish_m.js.vir"
sh=9200578E0A1027E0EE00111B9545601BC953C1A7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=6BDB7728D7BB9ABD31543CC08C8C1D94EEF57E84 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\uH54@ol5OC.edu\content\bg.js.vir"
sh=59B75674AAEF50E83C61888F1273DDB29AE57E5F ft=1 fh=5ce9675199bc82b0 vn="Win32/AdWare.1ClickDownload.AT Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000"
sh=7347094BB7355D843C3B590B6944158EF33010C2 ft=1 fh=d6498a4cb5105e4e vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\{e44a1809-4d10-4ab8-b343-3326b64c7cdd}\Plugins\npConduitFirefoxPlugin.dll"
sh=08608454866D03305FD21AA04E405ABD37CD33D5 ft=1 fh=27705230a7c01f6c vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Cyrus Zeller\Downloads\avg-anti-virus-free-2013-0-2897.exe"
sh=3F1E40FDB1B3A340CEB69741B945D932C5BC1DF3 ft=1 fh=3af429c7a855eb2d vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Cyrus Zeller\Downloads\CCleaner - CHIP-Downloader.exe"
sh=B4A1633EB14523596976601429C7DBA53A52787E ft=1 fh=18b2bbd96249e1bb vn="NSIS/TrojanDownloader.Adload.AC Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Cyrus Zeller\Downloads\HDVidCodec.exe"
sh=A81C68264A18B8D43557E868B953330F452A7611 ft=1 fh=f90b8d2e5e75e9d2 vn="MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Cyrus Zeller\Downloads\Smartbar.Installer.Mini (1).exe"
sh=A81C68264A18B8D43557E868B953330F452A7611 ft=1 fh=f90b8d2e5e75e9d2 vn="MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Cyrus Zeller\Downloads\Smartbar.Installer.Mini (2).exe"
sh=A81C68264A18B8D43557E868B953330F452A7611 ft=1 fh=f90b8d2e5e75e9d2 vn="MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Cyrus Zeller\Downloads\Smartbar.Installer.Mini.exe"
checkup.txt

Code:
Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials 
  (On Access scanning disabled!)
 Error obtaining update status for antivirus! 
`````````Anti-malware/Other Utilities Check:`````````
 AVG PC TuneUp Language Pack (de-DE)
 Java 8 Update 25 
 Java version 32-bit out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
  Adobe Flash Player 15.0.0.246 Flash Player out of Date! 
 Adobe Reader XI 
 Mozilla Firefox (34.0)
 Google Chrome 34.0.1847.137 Google Chrome out of date! 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

Frst.txt:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2014
Ran by Cyrus Zeller (administrator) on CYRUS-LENOVO44 on 28-12-2014 01:04:49
Running from C:\Users\Cyrus Zeller\Desktop
Loaded Profile: Cyrus Zeller (Available profiles: Cyrus Zeller)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Akamai Technologies, Inc.) C:\Users\Cyrus Zeller\AppData\Local\Akamai\netsession_win.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Akamai Technologies, Inc.) C:\Users\Cyrus Zeller\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-07-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2731304 2011-03-24] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [54632 2011-01-14] (Lenovo Group Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-03-12] (Cisco Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-02-06] (Samsung Electronics)
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Cyrus Zeller\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\Run: [GoogleChromeAutoLaunch_FD521468AF20D2427D07A216851C2D37] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-05-14] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Cyrus Zeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Cyrus Zeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_de___DE527
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default
FF Homepage: hxxp://google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3413402405-1960818121-2446029348-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Cyrus Zeller\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\searchplugins\google-maps.xml
FF Extension: entrusted  - C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\Extensions\{e44a1809-4d10-4ab8-b343-3326b64c7cdd} [2013-09-11]
FF Extension: FoxyDeal - C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\Extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D} [2013-09-04]
FF Extension: NoScript - C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-11-28]
FF Extension: Adblock Plus - C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-20]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-03]
FF HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\nmfhvxzu.default\extensions\cliqz@cliqz.com
FF HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-08-04]
CHR Extension: (AdBlock) - C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-15]
CHR Extension: (Google Wallet) - C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-27] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-05-31] (Duplex Secure Ltd.)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [205952 2009-11-23] (SMI)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-28 01:04 - 2014-12-28 01:04 - 00000000 ____D () C:\Users\Cyrus Zeller\Desktop\FRST-OlderVersion
2014-12-28 00:59 - 2014-12-28 00:59 - 00852505 _____ () C:\Users\Cyrus Zeller\Desktop\SecurityCheck.exe
2014-12-27 21:30 - 2014-12-27 21:30 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-26 23:52 - 2014-12-26 23:52 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-19 00:48 - 2014-12-19 00:48 - 00000000 _____ () C:\Windows\SysWOW64\sho34A4.tmp
2014-12-18 02:20 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 02:20 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 00:37 - 2014-12-17 00:37 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Local\Cisco
2014-12-17 00:37 - 2014-12-17 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2014-12-17 00:36 - 2014-12-17 00:37 - 00000000 ____D () C:\ProgramData\Cisco
2014-12-16 09:58 - 2014-12-16 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2014-12-16 09:49 - 2014-12-16 09:59 - 00000000 ____D () C:\xampp
2014-12-16 09:45 - 2014-12-16 09:48 - 150905704 _____ (Bitnami) C:\Users\Cyrus Zeller\Desktop\xampp-win32-5.6.3-0-VC11-installer.exe
2014-12-16 09:44 - 2014-12-16 09:48 - 150398704 _____ (Bitnami) C:\Users\Cyrus Zeller\Desktop\xampp-win32-5.5.19-0-VC11-installer.exe
2014-12-12 13:39 - 2014-12-12 13:39 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-12 13:11 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-12 13:11 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 19:54 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 19:54 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 19:54 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 19:54 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 19:54 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 19:54 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 19:54 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 19:54 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 19:54 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 19:54 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 19:54 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 19:54 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 19:54 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 19:54 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 19:54 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 19:54 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 19:54 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 19:54 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 19:54 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 19:54 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 19:54 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 19:54 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 19:54 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 19:54 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 19:54 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 19:54 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 19:54 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 19:54 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 19:54 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 19:54 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 19:54 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 19:54 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 19:54 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 19:54 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 19:54 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 19:54 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 19:54 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 19:54 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 19:54 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 19:54 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 19:54 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 19:54 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 19:54 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 19:54 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 19:54 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 19:54 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 19:54 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 19:54 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 19:54 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 19:54 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 19:54 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 19:54 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 19:54 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 19:53 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 19:53 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 19:53 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 19:53 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 19:53 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 19:53 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 19:53 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 19:53 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 19:53 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 19:28 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 19:28 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-11 19:28 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 19:28 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 19:28 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 19:28 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 19:28 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 19:28 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-11 19:28 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 19:28 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-11 19:28 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-11 19:28 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-11 19:16 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 19:16 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 19:15 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 19:10 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 19:10 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-08 00:28 - 2014-12-08 00:28 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-12-08 00:28 - 2014-12-08 00:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-05 15:52 - 2014-12-05 15:52 - 02347384 _____ (ESET) C:\Users\Cyrus Zeller\Desktop\esetsmartinstaller_deu.exe
2014-12-05 12:28 - 2014-12-25 00:54 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-12-03 12:53 - 2014-12-03 12:53 - 00025920 _____ () C:\Users\Cyrus Zeller\Desktop\Addition.txt
2014-12-03 12:52 - 2014-12-28 01:04 - 00020999 _____ () C:\Users\Cyrus Zeller\Desktop\FRST.txt
2014-12-03 12:50 - 2014-12-03 12:50 - 00001460 _____ () C:\Users\Cyrus Zeller\Desktop\JRT.txt
2014-12-03 12:45 - 2014-12-03 12:45 - 00000000 ____D () C:\Windows\ERUNT
2014-12-03 00:29 - 2014-12-03 00:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-03 00:24 - 2014-12-03 00:24 - 01707646 _____ (Thisisu) C:\Users\Cyrus Zeller\Desktop\JRT.exe
2014-12-02 00:06 - 2014-12-02 00:06 - 00050052 _____ () C:\Users\Cyrus Zeller\Desktop\AdwCleaner[S0].txt
2014-12-01 23:52 - 2014-12-01 23:58 - 00000000 ____D () C:\AdwCleaner
2014-12-01 22:31 - 2014-12-01 22:31 - 02154496 _____ () C:\Users\Cyrus Zeller\Desktop\AdwCleaner_4.103.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-28 01:04 - 2014-11-18 18:42 - 00000000 ____D () C:\FRST
2014-12-28 01:04 - 2014-11-18 18:41 - 02122752 _____ (Farbar) C:\Users\Cyrus Zeller\Desktop\FRST64.exe
2014-12-28 00:51 - 2014-05-13 17:31 - 00000956 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3413402405-1960818121-2446029348-1001UA.job
2014-12-28 00:51 - 2013-03-14 20:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-28 00:51 - 2012-08-11 16:51 - 01073675 _____ () C:\Windows\WindowsUpdate.log
2014-12-27 21:29 - 2014-05-13 17:31 - 00000934 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3413402405-1960818121-2446029348-1001Core.job
2014-12-27 21:23 - 2014-11-16 21:05 - 00006957 _____ () C:\Windows\setupact.log
2014-12-27 21:22 - 2014-11-24 17:27 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-27 15:27 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-27 15:27 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-27 15:20 - 2014-11-14 13:36 - 00000000 ___RD () C:\Users\Cyrus Zeller\Dropbox
2014-12-27 15:20 - 2014-11-14 13:34 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox
2014-12-27 15:18 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-19 23:15 - 2014-11-24 17:27 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-19 23:15 - 2014-11-24 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-19 23:15 - 2014-11-24 17:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-17 00:37 - 2012-08-11 16:58 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-12-16 09:45 - 2014-11-14 13:36 - 00001056 _____ () C:\Users\Cyrus Zeller\Desktop\Dropbox.lnk
2014-12-16 09:45 - 2014-11-14 13:35 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-12 14:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 13:39 - 2014-05-07 00:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-12 13:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-12 13:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-12 13:23 - 2013-07-12 01:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 13:13 - 2013-03-17 12:47 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 18:36 - 2014-11-16 22:09 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 18:30 - 2013-03-14 20:56 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 18:30 - 2013-03-14 20:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 18:30 - 2013-03-14 20:56 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-08 12:16 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-08 03:29 - 2013-09-24 15:10 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Roaming\Skype
2014-12-08 00:29 - 2013-09-24 15:10 - 00000000 ____D () C:\ProgramData\Skype
2014-12-08 00:28 - 2014-08-15 23:49 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-04 19:45 - 2013-03-14 20:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-02 00:00 - 2014-11-17 17:06 - 00112314 _____ () C:\Windows\PFRO.log
2014-12-01 23:57 - 2013-03-14 20:25 - 00001076 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-01 23:57 - 2013-03-14 20:25 - 00001064 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-01 23:57 - 2013-03-14 16:19 - 00001020 _____ () C:\Users\Cyrus Zeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-01 23:57 - 2012-08-11 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-01 23:41 - 2014-11-25 16:25 - 00004258 _____ () C:\Users\Cyrus Zeller\Desktop\mbam.txt

Some content of TEMP:
====================
C:\Users\Cyrus Zeller\AppData\Local\Temp\20141217123638489jniverify.dll
C:\Users\Cyrus Zeller\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzij1ps.dll
C:\Users\Cyrus Zeller\AppData\Local\Temp\NativeUtilities-x86-0.dll
C:\Users\Cyrus Zeller\AppData\Local\Temp\Quarantine.exe
C:\Users\Cyrus Zeller\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Cyrus Zeller\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-27 23:15

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 28.12.2014 18:05
Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de




Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen



Java und Flash updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Frisches FRST log bitte. Noch Probleme? Wenn ja, in welchem Browser?

wurm44 11.01.2015 03:57
Fixlog.txt

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-01-2015
Ran by Cyrus Zeller at 2015-01-11 03:43:31 Run:1
Running from C:\Users\Cyrus Zeller\Downloads
Loaded Profiles: Cyrus Zeller &  (Available profiles: Cyrus Zeller)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Emptytemp:
*****************

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
EmptyTemp: => Removed 841.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 03:44:53 ====

Frst.txt


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2015
Ran by Cyrus Zeller (administrator) on CYRUS-LENOVO44 on 11-01-2015 03:54:29
Running from C:\Users\Cyrus Zeller\Downloads
Loaded Profiles: Cyrus Zeller &  (Available profiles: Cyrus Zeller)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Cyrus Zeller\AppData\Local\Akamai\netsession_win.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Akamai Technologies, Inc.) C:\Users\Cyrus Zeller\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dropbox, Inc.) C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-07-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2731304 2011-03-24] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [54632 2011-01-14] (Lenovo Group Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-03-12] (Cisco Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-02-06] (Samsung Electronics)
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Cyrus Zeller\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-02-06] (Samsung Electronics)
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Cyrus Zeller\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Cyrus Zeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Cyrus Zeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3413402405-1960818121-2446029348-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_de___DE527
SearchScopes: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_de___DE527
SearchScopes: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_de___DE527
SearchScopes: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_de___DE527
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
Toolbar: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Cyrus Zeller\AppData\Roaming\Mozilla\Firefox\Profiles\rjsqvdt3.default-1420934699974
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3413402405-1960818121-2446029348-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Cyrus Zeller\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-3413402405-1960818121-2446029348-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Cyrus Zeller\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-3413402405-1960818121-2446029348-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

Chrome:
=======
CHR Profile: C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-11]
CHR Extension: (Google Docs) - C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-11]
CHR Extension: (Google Drive) - C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-11]
CHR Extension: (YouTube) - C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-11]
CHR Extension: (Google-Suche) - C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-11]
CHR Extension: (Google Tabellen) - C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-11]
CHR Extension: (Google Wallet) - C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-11]
CHR Extension: (Google Mail) - C:\Users\Cyrus Zeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-11] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-05-31] (Duplex Secure Ltd.)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [205952 2009-11-23] (SMI)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 03:54 - 2015-01-11 03:55 - 00023117 _____ () C:\Users\Cyrus Zeller\Downloads\FRST.txt
2015-01-11 03:40 - 2015-01-11 03:40 - 02124288 _____ (Farbar) C:\Users\Cyrus Zeller\Downloads\FRST64.exe
2015-01-11 01:41 - 2015-01-11 03:24 - 00027500 _____ () C:\Users\Cyrus Zeller\Desktop\internetworking-referat.odt
2015-01-11 01:05 - 2015-01-11 01:05 - 00000000 ____D () C:\Users\Cyrus Zeller\Desktop\Alte Firefox-Daten
2015-01-11 00:59 - 2015-01-11 00:59 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-11 00:59 - 2015-01-11 00:59 - 00001162 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-11 00:59 - 2015-01-11 00:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-11 00:59 - 2015-01-11 00:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-11 00:54 - 2015-01-11 00:56 - 39441776 _____ () C:\Users\Cyrus Zeller\Downloads\Firefox_Setup_de34.0.5.exe
2015-01-11 00:37 - 2015-01-11 00:37 - 00072814 _____ () C:\Users\Cyrus Zeller\Desktop\bookmarks.html
2015-01-11 00:25 - 2015-01-11 03:54 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-11 00:25 - 2015-01-11 03:49 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-11 00:25 - 2015-01-11 03:49 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-11 00:25 - 2015-01-11 03:49 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-11 00:25 - 2015-01-11 00:25 - 00002262 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-11 00:25 - 2015-01-11 00:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-11 00:17 - 2015-01-11 00:20 - 42184784 _____ (Google Inc.) C:\Users\Cyrus Zeller\Desktop\ChromeStandaloneSetup.exe
2015-01-11 00:14 - 2015-01-11 00:14 - 00000000 __SHD () C:\Users\Cyrus Zeller\AppData\Local\EmieBrowserModeList
2015-01-08 04:57 - 2015-01-08 04:57 - 00000000 _____ () C:\Windows\SysWOW64\sho9E.tmp
2015-01-07 14:26 - 2015-01-07 14:27 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Local\{32072E89-7EFE-4378-BA98-16C857CC5AC9}
2015-01-07 14:24 - 2015-01-07 14:24 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Local\{EC4DA308-762D-4F2A-8831-FA19A217830C}
2015-01-07 14:23 - 2015-01-07 14:23 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Local\{1E3EDEA6-D050-40AC-9A55-8D22BE3E99C1}
2015-01-07 14:22 - 2015-01-07 14:22 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Local\Windows Live
2015-01-07 14:21 - 2015-01-07 14:22 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Local\{D07E9DC1-1522-4C2E-9E88-25808A44AE5E}
2015-01-06 13:42 - 2015-01-06 13:46 - 00758674 _____ () C:\Users\Cyrus Zeller\Downloads\GFS 1.odp
2015-01-06 01:21 - 2015-01-06 01:21 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-12-31 00:54 - 2014-12-31 00:55 - 00076224 _____ () C:\Users\Cyrus Zeller\Downloads\FLVPlayer-Chrome.exe
2014-12-28 01:41 - 2014-12-28 01:57 - 00000000 ____D () C:\Users\Cyrus Zeller\Desktop\htc-one
2014-12-28 00:59 - 2014-12-28 00:59 - 00852505 _____ () C:\Users\Cyrus Zeller\Desktop\SecurityCheck.exe
2014-12-26 23:52 - 2014-12-26 23:52 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-19 00:48 - 2014-12-19 00:48 - 00000000 _____ () C:\Windows\SysWOW64\sho34A4.tmp
2014-12-18 02:20 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 02:20 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 00:37 - 2014-12-17 00:37 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Local\Cisco
2014-12-17 00:37 - 2014-12-17 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2014-12-17 00:36 - 2014-12-17 00:37 - 00000000 ____D () C:\ProgramData\Cisco
2014-12-16 09:58 - 2014-12-16 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2014-12-16 09:49 - 2014-12-16 09:59 - 00000000 ____D () C:\xampp
2014-12-16 09:45 - 2014-12-16 09:48 - 150905704 _____ (Bitnami) C:\Users\Cyrus Zeller\Desktop\xampp-win32-5.6.3-0-VC11-installer.exe
2014-12-16 09:44 - 2014-12-16 09:48 - 150398704 _____ (Bitnami) C:\Users\Cyrus Zeller\Desktop\xampp-win32-5.5.19-0-VC11-installer.exe
2014-12-12 13:39 - 2014-12-12 13:39 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-12 13:11 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-12 13:11 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 03:54 - 2014-11-18 18:42 - 00000000 ____D () C:\FRST
2015-01-11 03:54 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-11 03:54 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-11 03:51 - 2014-11-24 17:27 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-11 03:51 - 2012-08-11 16:51 - 01678754 _____ () C:\Windows\WindowsUpdate.log
2015-01-11 03:49 - 2014-11-14 13:36 - 00000000 ___RD () C:\Users\Cyrus Zeller\Dropbox
2015-01-11 03:49 - 2014-11-14 13:34 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox
2015-01-11 03:47 - 2014-12-05 12:28 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-11 03:47 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-11 03:46 - 2014-11-17 17:06 - 00114914 _____ () C:\Windows\PFRO.log
2015-01-11 03:46 - 2014-11-16 21:05 - 00008581 _____ () C:\Windows\setupact.log
2015-01-11 03:43 - 2013-04-05 22:26 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Local\CrashDumps
2015-01-11 03:43 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-11 03:36 - 2014-05-13 17:31 - 00000956 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3413402405-1960818121-2446029348-1001UA.job
2015-01-11 03:30 - 2013-03-14 20:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-11 00:25 - 2013-03-14 16:19 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Local\Google
2015-01-11 00:25 - 2012-08-11 17:20 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-11 00:11 - 2014-11-20 17:38 - 00001279 _____ () C:\Users\Cyrus Zeller\Desktop\Revo Uninstaller.lnk
2015-01-11 00:11 - 2014-11-20 17:38 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-11 00:10 - 2014-11-20 17:36 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Cyrus Zeller\Desktop\revosetup95.exe
2015-01-10 22:10 - 2014-09-13 15:13 - 00000000 ____D () C:\Users\Cyrus Zeller\Desktop\Bewerbungen
2015-01-10 18:36 - 2014-05-13 17:31 - 00000934 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3413402405-1960818121-2446029348-1001Core.job
2015-01-07 14:20 - 2012-08-12 02:34 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2015-01-07 14:20 - 2012-08-12 02:34 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2015-01-07 14:20 - 2009-07-14 06:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-07 02:17 - 2013-04-16 19:15 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Roaming\SoftGrid Client
2015-01-06 22:44 - 2014-08-12 23:05 - 00000000 ____D () C:\Users\Cyrus Zeller\Desktop\Filme
2014-12-31 12:14 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-28 03:03 - 2013-04-07 20:04 - 00000000 ____D () C:\Users\Cyrus Zeller\Desktop\Musik
2014-12-28 01:16 - 2013-05-15 21:17 - 00000000 ____D () C:\Users\Cyrus Zeller\Desktop\Studium
2014-12-28 01:15 - 2014-11-04 15:10 - 00000000 ____D () C:\Users\Cyrus Zeller\Desktop\Sahbas zeug
2014-12-28 01:09 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-28 01:04 - 2014-11-18 18:41 - 02122752 _____ (Farbar) C:\Users\Cyrus Zeller\Desktop\FRST64.exe
2014-12-19 23:15 - 2014-11-24 17:27 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-19 23:15 - 2014-11-24 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-19 23:15 - 2014-11-24 17:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-17 00:37 - 2012-08-11 16:58 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-12-16 09:45 - 2014-11-14 13:36 - 00001056 _____ () C:\Users\Cyrus Zeller\Desktop\Dropbox.lnk
2014-12-16 09:45 - 2014-11-14 13:35 - 00000000 ____D () C:\Users\Cyrus Zeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-12 14:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 13:39 - 2014-05-07 00:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-12 13:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-12 13:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-12 13:23 - 2013-07-12 01:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 13:13 - 2013-03-17 12:47 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Cyrus Zeller\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpclwvmv.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 19:12

==================== End Of Log ============================
--- --- ---



Addition.txt

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-01-2015
Ran by Cyrus Zeller at 2015-01-11 03:55:28
Running from C:\Users\Cyrus Zeller\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-3413402405-1960818121-2446029348-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Akamai) (Version:  - Akamai Technologies, Inc)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.60.03 - )
AVG PC TuneUp Language Pack (de-DE) (x32 Version: 12.0.4000.108 - AVG Technologies) Hidden
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Canon MX370 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX370_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05160 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05160 - Cisco Systems, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco Packet Tracer 5.3 (HKLM-x32\...\Cisco Packet Tracer 5.3_is1) (Version:  - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-3413402405-1960818121-2446029348-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
H2 (HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\H2) (Version:  - )
H2 (HKU\S-1-5-21-3413402405-1960818121-2446029348-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\H2) (Version:  - )
Integrated Camera (HKLM-x32\...\{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}) (Version: 5.50.2.7 - Silicon Motion)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 17 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170170}) (Version: 1.7.0.170 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0004.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM-x32\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband (HKLM-x32\...\{4330AAE7-1893-42F9-BC38-539A1A60530B}) (Version: 3.6.0034 - Lenovo)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-3413402405-1960818121-2446029348-1001\...\MyFreeCodec) (Version:  - )
MyFreeCodec (HKU\S-1-5-21-3413402405-1960818121-2446029348-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MyFreeCodec) (Version:  - )
olsr.org (HKLM-x32\...\olsr.org) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6146 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.18.0 - SAMSUNG Electronics Co., Ltd.)
SAP GUI for Windows 7.30 (Patch 8 Hotfix 1) (HKLM-x32\...\SAPGUI710) (Version: 7.30 Compilation 3 - SAP AG)
Secure Download Manager (HKLM-x32\...\{AA57D6F1-6360-4397-B2D9-B21C69863D97}) (Version: 3.1.0 - Kivuto Solutions Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.100 - Skype Technologies S.A.)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1400 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.30 - )
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.60.0.4 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.19.0 - )
ThinkPad Wireless LAN Adapter Software (HKLM-x32\...\{9D3D2C60-A55F-4fed-B2B9-17311226DF01}) (Version: 1.00.0029.5 - REALTEK Semiconductor Corp.)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 1.43 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.74 - Lenovo)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (02/25/2010 6.2.0.9419) (HKLM\...\85CE3A3657FAE5FD305B143E90E6FC89BA53001C) (Version: 02/25/2010 6.2.0.9419 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (01/19/2010 6.2.0.1417) (HKLM\...\7341A1B43E7FE58942EB1E820A17C18305DFBCE6) (Version: 01/19/2010 6.2.0.1417 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Utils (HKLM-x32\...\Windows Utils) (Version:  - )
Windows-Treiberpaket - Intel (iaStor) hdc  (01/15/2010 9.5.7.1002) (HKLM\...\C39A7AFB5CAF49F10B9573FFE2E981F1AB2074B6) (Version: 01/15/2010 9.5.7.1002 - Intel)
Windows-Treiberpaket - Intel hdc  (06/04/2009 7.0.0.1013) (HKLM\...\1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31) (Version: 06/04/2009 7.0.0.1013 - Intel)
Windows-Treiberpaket - Intel System  (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows-Treiberpaket - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows-Treiberpaket - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows-Treiberpaket - Intel USB  (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows-Treiberpaket - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows-Treiberpaket - Realtek Semiconductor Corp. HD Audio Driver (06/29/2010 6.0.1.6146) (HKLM\...\03A7DBDC77B53F52C7EA041F531310CFC5E2AD9E) (Version: 06/29/2010 6.0.1.6146 - Realtek Semiconductor Corp.)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (03/24/2011 15.2.19.0) (HKLM\...\5DF942712DC7660AE4A1B04809A1C3F67B0CA27C) (Version: 03/24/2011 15.2.19.0 - Synaptics)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.3-0 - Bitnami)
yEd Graph Editor 3.12.2 (HKLM-x32\...\3309-7404-0599-8908) (Version: 3.12.2 - yWorks GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3413402405-1960818121-2446029348-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

26-12-2014 17:17:21 Windows Update
30-12-2014 22:22:04 Windows Update
04-01-2015 18:20:52 Windows Update
08-01-2015 15:17:17 Windows Update
11-01-2015 00:13:04 Revo Uninstaller's restore point - Google Chrome
11-01-2015 00:43:20 Revo Uninstaller's restore point - Mozilla Firefox 34.0 (x86 de)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-11-23 00:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {078C864A-EFB2-42D7-8BC3-75E2AA6E1267} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {42E3C1AE-9668-4DA5-8121-0A411EC03627} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {43680D5A-8C4E-42B5-B730-2A6F78091B4D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-11] (Google Inc.)
Task: {6B806626-9D80-4527-AD1B-E4666A6AC017} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {6EC7E7DE-2C67-442A-B130-0B61F60A2DBF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3413402405-1960818121-2446029348-1001Core => C:\Users\Cyrus Zeller\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-05-13] (Facebook Inc.)
Task: {87FC2DA5-0BB6-4825-B305-7AF8F47B9BA8} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2010-08-24] (Lenovo Group Limited)
Task: {943B3EE6-1512-4660-96DE-4FB570B1E5CB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {98D18B77-816A-4F06-847B-77DEA59425B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-11] (Google Inc.)
Task: {9941840C-EE03-495A-A114-1CCFEB6C5E43} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
Task: {995185A4-5208-4943-9470-4314C1694228} - System32\Tasks\{43880B18-2CD1-4146-AD97-E875540BF46B} => pcalua.exe -a D:\autorun.exe -d D:\
Task: {9C640DAD-E324-43A0-AE9C-61A0DA89B58A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {B8CFBCF4-FEEA-4BF7-B420-7C65FC4AD3AE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E1ABAC4F-A34F-436D-A61A-17D0BCE1C416} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3413402405-1960818121-2446029348-1001UA => C:\Users\Cyrus Zeller\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-05-13] (Facebook Inc.)
Task: {E2048021-54F2-4EA8-BB7E-F7A889D78C2D} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
Task: {EE8542D3-6C95-4AAC-9FED-DCEAFCA7B187} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {F5D7AADB-ED6F-454D-9EBA-0ECFDF1D8A8A} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3413402405-1960818121-2446029348-1001Core.job => C:\Users\Cyrus Zeller\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3413402405-1960818121-2446029348-1001UA.job => C:\Users\Cyrus Zeller\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-11 17:03 - 2010-08-24 19:30 - 00047616 _____ () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2010-02-17 22:26 - 2010-02-17 22:26 - 00173344 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2012-08-12 02:29 - 2011-03-24 11:48 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2009-05-27 21:09 - 2009-05-27 21:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2014-03-12 21:53 - 2014-03-12 21:53 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-11 03:48 - 2015-01-11 03:48 - 00043008 _____ () c:\Users\Cyrus Zeller\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpclwvmv.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Cyrus Zeller\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2015-01-11 00:59 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-12-10 18:30 - 2014-12-10 18:30 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

========================= Accounts: ==========================

Administrator (S-1-5-21-3413402405-1960818121-2446029348-500 - Administrator - Disabled)
Cyrus Zeller (S-1-5-21-3413402405-1960818121-2446029348-1001 - Administrator - Enabled) => C:\Users\Cyrus Zeller
Gast (S-1-5-21-3413402405-1960818121-2446029348-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3413402405-1960818121-2446029348-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/11/2015 03:48:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 03:43:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475dd5d
Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.5.5443, Zeitstempel: 0x5475d664
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x3b8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/10/2015 11:53:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2015 09:59:17 PM) (Source: Google Update) (EventID: 20) (User: Cyrus-Lenovo44)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (01/10/2015 11:59:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/09/2015 00:28:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2015 11:49:22 PM) (Source: Google Update) (EventID: 20) (User: Cyrus-Lenovo44)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (01/08/2015 03:08:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/07/2015 00:52:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2015 10:32:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/11/2015 03:49:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (01/11/2015 03:49:23 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update-Dienst (gupdate) erreicht.

Error: (01/11/2015 03:48:20 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/11/2015 03:45:07 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/11/2015 01:06:10 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "WOLFGANG-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{049D7231-EB88-426C-894B-AD66A42FCDF3}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (01/11/2015 00:30:09 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "WOLFGANG-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{049D7231-EB88-426C-894B-AD66A42FCDF3}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (01/11/2015 00:06:09 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "WOLFGANG-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{049D7231-EB88-426C-894B-AD66A42FCDF3}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (01/10/2015 11:52:54 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/10/2015 10:06:13 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "WOLFGANG-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{049D7231-EB88-426C-894B-AD66A42FCDF3}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (01/10/2015 06:28:30 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "WOLFGANG-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{049D7231-EB88-426C-894B-AD66A42FCDF3}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office Sessions:
=========================
Error: (01/11/2015 03:48:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 03:43:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d66480000003000014253b801d02d34286d6dc5C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla31f2098-993b-11e4-a2f1-60d819b31590

Error: (01/10/2015 11:53:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2015 09:59:17 PM) (Source: Google Update) (EventID: 20) (User: Cyrus-Lenovo44)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (01/10/2015 11:59:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/09/2015 00:28:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2015 11:49:22 PM) (Source: Google Update) (EventID: 20) (User: Cyrus-Lenovo44)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (01/08/2015 03:08:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/07/2015 00:52:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2015 10:32:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-11-23 00:02:28.844
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-23 00:02:28.813
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 53%
Total physical RAM: 3892.55 MB
Available physical RAM: 1814.25 MB
Total Pagefile: 7783.28 MB
Available Pagefile: 5467.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:284.91 GB) (Free:215.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:11.72 GB) (Free:2.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1BB360F7)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=284.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 11.01.2015 08:36
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:20 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131