Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Malware und Adware Befall nach Installation von "StreamTransport"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 25.11.2014, 10:19   #1
Funchameleon
 
Malware und Adware Befall nach Installation von "StreamTransport" - Standard

Malware und Adware Befall nach Installation von "StreamTransport"



Hallo.

Ich habe mir vor ein paar Tagen das Programm StreamTransport erneut installiert. Ich nutzte dieses Programm bereits längere Zeit und alles war ok.
Aus irgendeinem Grund habe ich es gelöscht und merkte dann dass ich es doch brauche, also installierte ich es neu und das stellte sich als großer Fehler heraus.
Es installierten sich diverse Programme und Toolbard, die ich alle via Systemsteuerung deinstallierte. Dann war einen Tag lang Ruhe.
Heute morgen öffnete mein Browser (Chrome) ständig neue Tabs mit Werbung oder Seiten die mir Programme andrehen wollen. Auch wenn ich eine Seite öffne, zB dieses Forum, werde ich nach kurzer Zeit auf so eine ominöse Website weitergeleitet. Beispiele:
hxxp://www.736vzaz.com/...
hxxp://www.adcash.com/script/...
hxxp://www.4h17ybnjm.com/...
Außerdem wird ständig überall Werbung angezeigt obwohl ich einen Adblocker habe (Sogar auf der Google Seite).
Ich kann Chrome nun fast gar nicht mehr benutzen und bin daher grad mit dem Internet Explorer hier.

Ich habe Defogger, FRST und GMER nach Anweisung hier im Forum benutzt und hänge mal die Logfiles an:

Defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:15 on 25/11/2014 (Lena)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...


-=E.O.F=-
         
FRST:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by Lena (administrator) on LENA-PC on 25-11-2014 10:17:59
Running from C:\Users\Lena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RP2YU6S3
Loaded Profile: Lena (Available profiles: Lena)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\CFRDBService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\FinAutoLogOff.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\finSS_Server.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) C:\Windows\System32\PrintCtrl.exe
(Lenovo.) C:\Windows\System32\TPHDEXLG64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Wistron Corp.) C:\Program Files\CapsLK OSD\64\Capsosd.exe
(Dropbox, Inc.) C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_223_ActiveX.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\OneClickStarter.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2396968 2010-10-21] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\System32\TpShocks.exe [231328 2010-03-15] (Lenovo.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-11-24] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-11-24] (Lenovo(beijing) Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [PrintDisp] => C:\windows\system32\PrintDisp.exe [870400 2012-10-29] (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
HKLM\...\Run: [{BA1E422A-80A8-4AA0-B67B-CAA3D04C5162}] => C:\Program Files\CapsLK OSD\64\CAPSOSD.EXE [3699752 2010-10-25] (Wistron Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {23d88e2a-447e-11e4-87cc-f0def1a76e65} - F:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {3fe04515-d644-11e1-ac8e-f0def1a76e65} - E:\Startme.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {3fe04581-d644-11e1-ac8e-f0def1a76e65} - E:\Startme.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {43d7657b-4fda-11e1-a7cf-f0def1a76e65} - E:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {43d765bf-4fda-11e1-a7cf-f0def1a76e65} - E:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {82f4e8e7-8611-11e1-bcf1-806e6f6e6963} - G:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {ab275ee6-4e9f-11e1-ab3c-f0def1a76e65} - G:\Windows\CHECK\DriveNavigator.exe
IFEO\btwuiext.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\effectextractor.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\youcam.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {8C253AA9-4BE6-4BBE-AB53-B530F0B00EA0} => C:\windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {8C253AA9-4BE6-4BBE-AB53-B530F0B00EA0} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52051;https=127.0.0.1:52051
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{78766EAF-1FF5-492F-97B3-AB9B54FB7625}: [NameServer] 134.106.40.3,134.106.49.2

FireFox:
========
FF ProfilePath: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: imagessnarkcoil - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\images@snark.co.il [2014-11-25]
FF Extension: Adblock Plus - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-02-05]
FF Extension: Tab Mix Plus - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-02-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-24]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-03]
FF Extension: No Name - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\extensions\tylerkeith11@aol.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (Google Cast) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-05-01]
CHR Extension: (Adblock Plus) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-09-22]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-05-01]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-05-01]
CHR Extension: (AdBlock) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-09-12]
CHR Extension: (Wikipedia Search) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipakennkogpodadpikgipnogamhklmk [2012-09-12]
CHR Extension: (macpddegmcklbbnbdemccckkmhaegdlf) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\macpddegmcklbbnbdemccckkmhaegdlf [2014-11-25]
CHR Extension: (Google Wallet) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (PAYBACK Internet Assistent für Google Chrome) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbfjbhoglggakhkngkbfehgghkaadeba [2014-09-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-06-07] (Advanced Micro Devices, Inc.) [File not signed]
S4 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [907040 2010-05-10] (Broadcom Corporation.)
R2 CFRDBService; c:\program files\Xcalibur\system\programs\CFRDBService.exe [335923 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [56648 2014-10-29] (Google Inc.)
R2 FinAutoLogOff; c:\program files\Xcalibur\system\programs\FinAutoLogOff.exe [86068 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 Finnigan Security Server; c:\program files\Xcalibur\system\programs\finSS_Server.exe [65536 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-04-30] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Printer Control; C:\windows\system32\PrintCtrl.exe [121856 2012-10-21] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-12] (TuneUp Software)
S4 XPrint-Client-Service; C:\Program Files (x86)\Schomaecker\XPrint-Client\XPrint-Client-Service\XPrint-Client-Service.exe [1501184 2008-09-30] (Schomäcker GmbH) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-29] (Disc Soft Ltd)
S3 hcw66xxx; C:\Windows\System32\Drivers\hcw66x64.sys [753408 2009-06-03] (Hauppauge Computer Works, Inc.)
S3 massfilter_hs; C:\windows\system32\drivers\massfilter_hs.sys [18456 2011-08-15] (HandSet Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [129432 2011-08-15] (ZTE Incorporated)
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
U2 DriverService; No ImagePath
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-25 10:17 - 2014-11-25 10:18 - 00000000 ____D () C:\FRST
2014-11-25 10:15 - 2014-11-25 10:15 - 00000540 _____ () C:\Users\Lena\Desktop\defogger_disable.log
2014-11-25 10:15 - 2014-11-25 10:15 - 00000168 _____ () C:\Users\Lena\defogger_reenable
2014-11-25 10:14 - 2014-11-25 10:14 - 00000000 __SHD () C:\Users\Lena\AppData\Local\EmieBrowserModeList
2014-11-25 10:12 - 2014-11-25 10:12 - 01029608 _____ () C:\Users\Lena\Downloads\Setup v2 1.exe
2014-11-25 10:09 - 2014-11-25 10:17 - 00000793 _____ () C:\Users\Lena\Desktop\links.txt
2014-11-24 13:52 - 2014-11-24 13:52 - 00175910 _____ () C:\Users\Lena\Downloads\unterbrochene_yachse.zip
2014-11-21 13:59 - 2014-11-21 13:59 - 02140160 _____ () C:\Users\Lena\Downloads\adwcleaner_4.101 (1).exe
2014-11-21 13:41 - 2014-11-21 13:43 - 00000557 _____ () C:\Users\Lena\Downloads\zdf_hdflash_none-f.akamaihd.net15754379.f4f
2014-11-21 13:41 - 2014-11-21 13:41 - 01742260 _____ () C:\Users\Lena\Downloads\neomagazin141120.flv
2014-11-21 13:39 - 2014-11-25 09:47 - 00000000 ____D () C:\AdwCleaner
2014-11-21 13:37 - 2014-11-21 13:37 - 02140160 _____ () C:\Users\Lena\Downloads\adwcleaner_4.101.exe
2014-11-21 13:18 - 2014-11-21 13:18 - 00003146 _____ () C:\windows\System32\Tasks\{C588A2D1-8070-4EFA-B632-BE83B414FE31}
2014-11-21 12:37 - 2014-11-21 12:37 - 01522088 _____ (smart-saverplus) C:\Users\Lena\AppData\Roaming\JGQUYH.exe
2014-11-21 12:36 - 2014-11-21 12:36 - 02006952 _____ (smart-saverplus) C:\Users\Lena\AppData\Roaming\QIUEVW.exe
2014-11-21 12:31 - 2014-11-21 13:54 - 01740800 _____ () C:\Users\Lena\Downloads\zdf_hdflash_none-f.akamaihd.net11589865.f4f
2014-11-21 12:30 - 2014-11-21 12:30 - 00001091 _____ () C:\Users\Public\Desktop\StreamTransport.lnk
2014-11-21 12:30 - 2014-11-21 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport
2014-11-21 12:30 - 2014-11-21 12:30 - 00000000 ____D () C:\Program Files (x86)\StreamTransport
2014-11-21 12:29 - 2014-11-21 12:29 - 00000000 ____D () C:\Users\Lena\Downloads\streamtransport_1.1.6.2
2014-11-21 12:28 - 2014-11-21 12:29 - 17805707 _____ () C:\Users\Lena\Downloads\streamtransport_1.1.6.2 (1).zip
2014-11-21 12:28 - 2014-11-21 12:28 - 17805707 _____ () C:\Users\Lena\Downloads\streamtransport_1.1.6.2.zip
2014-11-19 15:33 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-19 15:33 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-19 15:33 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-19 15:33 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-16 16:21 - 2014-11-16 16:22 - 1356902800 _____ () C:\Users\Lena\Desktop\Gute_Zeiten_schlechte_Zeiten_14.11.15_10-10_rtl_155_TVOON_DE.mpg.avi
2014-11-14 13:49 - 2014-11-14 13:50 - 03462033 _____ () C:\Users\Lena\Downloads\pci_4filerecovery.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-14 12:05 - 2014-11-14 12:06 - 00638888 _____ (Oracle Corporation) C:\Users\Lena\Downloads\chromeinstall-8u25 (1).exe
2014-11-14 12:05 - 2014-11-14 12:05 - 00638888 _____ (Oracle Corporation) C:\Users\Lena\Downloads\chromeinstall-8u25.exe
2014-11-13 08:40 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-13 08:40 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-13 08:40 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-13 08:40 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-13 08:40 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-11-13 08:40 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-13 08:40 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-13 08:40 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-11-13 08:40 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-11-13 08:40 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-13 08:40 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-13 08:40 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-13 08:40 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-13 08:40 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-13 08:40 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-11-13 08:40 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-11-13 08:40 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-13 08:40 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-13 08:40 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-13 08:40 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-13 08:40 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-13 08:40 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-13 08:40 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-11-13 08:40 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-13 08:40 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-11-13 08:40 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 08:40 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-13 08:40 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-13 08:40 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-13 08:40 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-13 08:40 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-13 08:40 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-13 08:40 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-13 08:40 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-11-13 08:40 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-13 08:40 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-13 08:40 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 08:40 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-13 08:40 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-13 08:40 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-11-13 08:40 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-13 08:40 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-13 08:40 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-13 08:40 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-13 08:40 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-13 08:40 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-13 08:40 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-13 08:40 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-13 08:40 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-11-13 08:40 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-13 08:40 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-13 08:40 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-13 08:40 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-13 08:40 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-13 08:40 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-13 08:40 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-11-13 08:40 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-13 08:40 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-13 08:40 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-13 08:40 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-13 08:40 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-13 08:40 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-13 08:40 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-13 08:40 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-13 08:40 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-13 08:40 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-13 08:40 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-13 08:40 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-13 08:39 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-13 08:39 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-13 08:39 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-13 08:39 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-13 08:39 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-13 08:38 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-13 08:38 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-13 08:38 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-13 08:38 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-13 08:38 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-13 08:38 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-13 08:38 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-13 08:37 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-13 08:37 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-13 08:32 - 2014-11-13 09:23 - 00000000 ____D () C:\Users\Lena\Desktop\an pascal
2014-11-13 08:27 - 2014-11-13 08:28 - 00000000 ____D () C:\Users\Lena\Desktop\Kram
2014-11-12 21:57 - 2014-11-12 21:57 - 17926832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-09 01:41 - 2014-11-09 01:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-09 01:41 - 2014-11-09 01:41 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-09 01:15 - 2014-11-16 16:22 - 00000697 _____ () C:\Users\Lena\Desktop\MultidecoderLog.log
2014-11-09 01:15 - 2014-11-09 01:17 - 1319788244 _____ () C:\Users\Lena\Downloads\Gute_Zeiten_schlechte_Zeiten_14.11.08_10-00_rtl_150_TVOON_DE.mpg.avi
2014-11-09 00:14 - 2014-11-09 00:14 - 00000000 ____D () C:\Users\Lena\Downloads\OTRDecoder_2.0.0.22
2014-11-09 00:14 - 2012-08-13 15:54 - 06623232 _____ (© onlinetvrecorder.com) C:\Users\Lena\Desktop\2009Decoder.exe
2014-11-09 00:13 - 2014-11-09 00:13 - 02082889 _____ () C:\Users\Lena\Downloads\OTRDecoder_2.0.0.22.zip
2014-11-09 00:11 - 2014-11-09 01:14 - 1319788766 _____ () C:\Users\Lena\Downloads\Gute_Zeiten_schlechte_Zeiten_14.11.08_10-00_rtl_150_TVOON_DE.mpg.avi.otrkey
2014-11-07 13:43 - 2014-11-07 13:46 - 00000000 ____D () C:\Users\Lena\Downloads\Dateiordner_MM_14_-_Katalyse
2014-11-07 13:42 - 2014-11-07 13:42 - 00062640 _____ () C:\Users\Lena\Downloads\Dateiordner_MM_14_-_Katalyse.zip
2014-11-01 16:27 - 2014-11-01 16:28 - 00000000 ____D () C:\Users\Lena\Desktop\Jan
2014-10-28 12:53 - 2014-10-28 13:40 - 00000000 ____D () C:\Users\Lena\Downloads\wish i was evo

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-25 10:15 - 2012-02-01 23:10 - 00000000 ____D () C:\Users\Lena
2014-11-25 10:06 - 2011-11-24 09:17 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-25 10:01 - 2011-11-24 08:19 - 01161589 _____ () C:\windows\WindowsUpdate.log
2014-11-25 09:58 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-25 09:58 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-25 09:57 - 2012-08-12 17:55 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-25 09:55 - 2011-11-15 23:13 - 22605280 _____ () C:\windows\system32\perfh007.dat
2014-11-25 09:55 - 2011-11-15 23:13 - 07190328 _____ () C:\windows\system32\perfc007.dat
2014-11-25 09:55 - 2009-07-14 06:13 - 00782552 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-25 09:52 - 2012-02-03 21:08 - 00000000 ___RD () C:\Users\Lena\Dropbox
2014-11-25 09:51 - 2012-02-03 21:05 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Dropbox
2014-11-25 09:49 - 2011-11-24 09:17 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-25 09:49 - 2011-11-24 09:07 - 00118533 _____ () C:\windows\system32\fastboot.set
2014-11-25 09:49 - 2011-11-24 08:59 - 00899328 _____ () C:\windows\system32\TPHDLOG0.LOG
2014-11-25 09:48 - 2010-11-21 04:47 - 00379550 _____ () C:\windows\PFRO.log
2014-11-25 09:48 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-25 09:48 - 2009-07-14 05:51 - 00179698 _____ () C:\windows\setupact.log
2014-11-25 09:15 - 2014-06-02 12:35 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{4B3F3E2B-693F-40FB-8136-4BD97FE2FB88}
2014-11-24 20:59 - 2011-11-24 08:59 - 01417216 _____ () C:\windows\system32\TPAPSLOG.LOG
2014-11-21 15:16 - 2012-02-05 13:52 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\vlc
2014-11-21 13:31 - 2011-11-24 08:34 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-11-21 13:20 - 2012-02-01 23:11 - 00001421 _____ () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-19 15:20 - 2011-11-24 09:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-16 08:38 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-11-16 07:01 - 2011-11-24 09:17 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 07:01 - 2011-11-24 09:17 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-16 06:47 - 2012-02-03 21:07 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 12:57 - 2012-07-24 12:46 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-14 12:11 - 2014-03-21 14:31 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-11-14 12:11 - 2014-03-21 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-14 12:10 - 2014-03-21 14:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-13 15:29 - 2009-07-14 05:45 - 00466800 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-13 15:28 - 2014-05-06 15:30 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-13 14:19 - 2012-02-02 23:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 14:15 - 2013-07-17 16:08 - 00000000 ____D () C:\windows\system32\MRT
2014-11-13 14:07 - 2012-02-07 13:41 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-13 09:40 - 2012-02-02 23:43 - 00000000 ____D () C:\Users\Lena\AppData\Local\Microsoft Help
2014-11-13 08:30 - 2012-02-02 22:05 - 00000000 ____D () C:\Users\Lena\Desktop\Uni - aktuell
2014-11-12 21:58 - 2012-08-12 17:55 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 21:58 - 2012-04-26 15:09 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 21:58 - 2012-02-02 22:52 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-09 11:47 - 2014-01-20 19:53 - 00003694 _____ () C:\windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-11-09 01:41 - 2012-02-03 22:49 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-04 13:40 - 2012-02-02 23:17 - 00002106 _____ () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk
2014-11-01 19:05 - 2014-09-09 18:34 - 00000000 ____D () C:\ProgramData\Origin
2014-11-01 16:38 - 2014-09-09 18:34 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-01 16:28 - 2012-02-02 21:42 - 00000000 ____D () C:\Users\Lena\Desktop\Temp
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Lena\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu7eah9.dll
C:\Users\Lena\AppData\Local\Temp\f4f2a446-6cf6-458d-b85a-dcb16e8ac472.exe
C:\Users\Lena\AppData\Local\Temp\Quarantine.exe
C:\Users\Lena\AppData\Local\Temp\s4s15.exe
C:\Users\Lena\AppData\Local\Temp\smt_mystartsearch.exe
C:\Users\Lena\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-16 08:30

==================== End Of Log ============================
         
FRST Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01
Ran by Lena at 2014-11-25 10:20:34
Running from C:\Users\Lena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RP2YU6S3
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
Active Protection System (HKLM-x32\...\{F493761C-E465-4B9E-9FC1-A312F161DE0A}) (Version: 1.70.11 - Lenovo)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
ATI AVIVO64 Codecs (Version: 11.6.0.10607 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{D119A8C4-21EE-9FE3-F63F-2A18FFA66B02}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Benutzerhandbuch (x32 Version: 1.0.0.6 - Lenovo) Hidden
CambridgeSoft ChemBioDraw Ultra 13.0 (HKLM-x32\...\{8A6A245D-D0CE-477F-A5D0-8F339B4FF921}) (Version: 13.0 - CambridgeSoft Corporation)
Canon MP530 (HKLM\...\{3215EBED-1D06-42fb-A05C-A752A46FB24C}) (Version:  - )
CapsLK OSD (HKLM-x32\...\{BA1E422A-80A8-4AA0-B67B-CAA3D04C5162}) (Version: 1.01 - Wistron Corporation)
Chrome Remote Desktop Host (HKLM-x32\...\{8432E4EF-ABFB-48C8-B77B-24728E71D3DD}) (Version: 39.0.2171.46 - Google Inc.)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.48.0.0 - Conexant)
Cool Edit Pro 2.1 (HKLM-x32\...\Cool Edit Pro 2.1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Die Sims 4 Digital Deluxe Edition MULTi2 1.0 (HKLM-x32\...\Die Sims 4 Digital Deluxe Edition MULTi2 1.0) (Version:  - )
Dropbox (HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.1.0.7705 - Thomson Reuters)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.0 - Lenovo)
Energy Management (x32 Version: 6.0.2.0 - Lenovo) Hidden
Geochemical Data Toolkit (GCDkit) version 3.00 (HKLM-x32\...\GCDkit_is1) (Version: 3.00 - Vojtech Janousek)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2066.1.9B05 - )
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KaleidaGraph 4.0 (HKLM-x32\...\KaleidaGraph 4.0) (Version:  - )
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.2100 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1119.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.5 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 3.1.14.0 - Lenovo)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - Croatian/Hrvatski (HKLM\...\Office14.OMUI.hr-hr) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - German/Deutsch (HKLM\...\Office14.OMUI.de-de) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{CE94C252-25AD-41A0-97B6-DD4F0E886F26}) (Version: 8.5.3.14 - Nitro)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Origin 8G (HKLM-x32\...\{A912021A-FEDD-4DA3-8DB4-245EBDA84778}) (Version: 8.0 - OriginLabCorporation)
Origin8 (x32 Version: 8.00.000 - OriginLab) Hidden
PowerXpressHybrid (x32 Version: 1.00.0000 - ATI) Hidden
R for Windows 2.13.2 (HKLM\...\R for Windows 2.13.2_is1) (Version: 2.13.2 - R Development Core Team)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - Thomson Reuters)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 64-Bit Edition (HKLM\...\{90140000-0100-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{F8F9897A-AA29-43EB-8847-94E0253CD458}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 64-Bit Edition (HKLM\...\{90140000-0100-041A-1000-0000000FF1CE}_Office14.OMUI.hr-hr_{F23A8864-BE36-42E6-B561-602F6D97F8B0}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
StreamTransport version: 1.1.6.2 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.20.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
The Geochemist's Workbench® Student (64-bit) (HKLM\...\The Geochemist's Workbench® Student) (Version: 10.0.2 - Aqueous Solutions LLC)
Trillian (HKLM-x32\...\Trillian) (Version:  - )
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.143 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.143 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.143 - TuneUp Software) Hidden
Ulead PhotoImpact X3 (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 1.00.0000 - Corel)
Ulead PhotoImpact X3 (x32 Version: 1.00.0000 - Corel) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{3D46565E-4D02-11E3-A75C-F04DA23A5C58}) (Version: 12.0.765 - Sony)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Vokabel Trainer 5 (HKLM-x32\...\{5E0D2061-86AB-4B83-A671-A0BF3FF1537B}_is1) (Version:  - Manuel Wäschle)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows-Treiberpaket - Silicon Laboratories (silabenm) Ports  (10/18/2013 6.6.1.0) (HKLM\...\F92C2D6CB4EA0EE558BDF5F8BDD69083DFC62179) (Version: 10/18/2013 6.6.1.0 - Silicon Laboratories)
WinRAR 4.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
Wuala (HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\Wuala) (Version: 1.0.400.0 - LaCie)
Wuala CBFS (HKLM-x32\...\Wuala CBFS) (Version: 3.2.107.0 - LaCie)
Wuala OverlayIcons (HKLM-x32\...\Wuala OverlayIcons) (Version: 1.0.0.2 - LaCie)
Xcalibur (HKLM-x32\...\{2E6EE352-C3CB-49F3-8E8F-7D2ECD851025}) (Version: 2.0 - Thermo Electron Corporation)
Xcalibur (HKLM-x32\...\Xcalibur) (Version:  - )
X-Print 4.0 Client (HKLM-x32\...\X-Print Client Uni Oldenburg_is1) (Version:  - Schomaecker GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

12-11-2014 20:49:19 Windows Update
13-11-2014 13:04:27 Windows Update
18-11-2014 07:58:36 Windows Update
19-11-2014 15:56:36 Windows Update
24-11-2014 07:27:44 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2013-12-19 16:20 - 00000990 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 secure.tune-up.com
127.0.0.1 order.tune-up.com 
127.0.0.1 tune-up.com 
127.0.0.1 tune-up.com/order 
127.0.0.1 registertuneup.com 
127.0.0.1 tuneup.de


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00E7614F-7E48-41CD-95E7-3F54ED4CE7B8} - System32\Tasks\{4020507A-ED5B-4C77-A26D-CB0874B79107} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {06FC69B4-BFBD-448F-AAB0-078F055B0D96} - System32\Tasks\{01DE917C-5949-4F01-83C0-03D6F0BB1724} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {0AC0427F-260F-4A27-A21F-684A632E3C1F} - System32\Tasks\{F2CD06AA-430C-420E-988B-96B4D24127E2} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {0C3748FE-3015-4409-8537-94E5A93EE163} - System32\Tasks\{08782E88-905D-4254-9B32-8110EFAC79C7} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {0EBF0398-71E9-4893-B257-54DF2638F34E} - System32\Tasks\{3EAA1582-32CC-48DB-8E68-05F27365DE70} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {14515E65-BDEC-46A6-ACF4-D7B8303CB74B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {1B365D98-FBC9-4D3C-A52E-3E24E61C6E2B} - System32\Tasks\{8576B14E-635C-4B11-BF46-828566916692} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {227872E2-C365-4E46-BB70-0E0A329A0131} - System32\Tasks\{AEEC5FEA-4964-43E4-B38A-FD3E109BEE37} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {24F7D27B-20BD-4673-90C9-6E7F237D4D6C} - System32\Tasks\{CB4F2896-9C21-403A-B127-7AF9515BBE21} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {266EA990-56F5-4F8D-8B6F-589C592F8D87} - System32\Tasks\{3006EAE6-D769-4AA0-9A54-19B04DF2B63C} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {299FA769-AA1B-4578-B039-A002FAA37C0F} - System32\Tasks\{D0A8A544-2466-48D3-A2D9-6CF7AA90BF6A} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {2C1E9FA6-9B55-4696-82C1-97505848CC62} - System32\Tasks\{D561BCFC-3B3E-4CE5-9C48-03B99780356D} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {33E36C43-594E-483F-968D-013D1A8A4CD4} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {348BC2D3-EBC4-42AB-9F44-59213BAE62D2} - System32\Tasks\{249874D2-B1C9-4DC7-AA00-D2B049EA2541} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {34E1DD06-F07B-45A3-AE98-5E5D6F04D1C8} - System32\Tasks\{22771F33-5DD5-4FA5-9A2B-7FDEFDAAA154} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {391C7C80-2F8E-4B26-9C81-546A4CC703A3} - System32\Tasks\{AF49ECC8-1FF1-4C89-8877-D3AED4EB9D29} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {4E75F262-FEF6-4B5F-BF7D-01BE19EBA13D} - System32\Tasks\{19FC3153-0A92-4F4B-A99F-C9ABA2DFDC01} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {50ACBDEE-7FBC-4CAF-A8D1-522D6622D849} - System32\Tasks\{01167FF7-EBD1-410E-B570-C65B8006CB02} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {523CE372-6D9C-4007-81C1-7BD51FD5F2DB} - System32\Tasks\{BBDAA678-02CA-4436-8DCA-FA8514C39505} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {5504C353-4C09-45B7-9E3E-E058F4D8C0BF} - System32\Tasks\{2B0D0EDC-9FB8-40D4-A2C3-B5BFE0CC1F53} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {55D6BEAD-4561-4740-BB44-29A864A9F6F8} - System32\Tasks\{BA392231-58B1-4214-94CD-36C155CC4E97} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {570F1C0C-2CFB-4078-9488-87B487E3E159} - System32\Tasks\{B3B7FE93-261C-4923-AF5C-00C408E8EAE6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {587A52E1-BC58-453F-B31D-61D4D390B13D} - System32\Tasks\{AAC990F9-3A2E-4703-AA6D-C3A4A6CA5F51} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {58C1AE44-135D-4B8C-B800-60F9C6687924} - System32\Tasks\{5DE8D8BB-13A0-4454-BE44-BAF03DA06BF6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {58F3FE2A-DE6F-499C-9D26-A2F6C7AB886E} - System32\Tasks\{A54D0C57-C5D0-4E29-BEB3-CADAA0FD0DB0} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {60FBD709-C038-48D7-A067-BCCDF9F81511} - System32\Tasks\{913F3351-5754-4D31-823E-1E20580D08F5} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {63DE05B4-D775-41AA-85A3-EBEC4AE24D97} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-09-12] (Adobe Systems Incorporated)
Task: {66C90E4D-1392-46C6-8FE7-1AB14C2D877C} - System32\Tasks\{7C186B9B-B67F-46C6-A368-A60C6F24F85B} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6962AF8A-9BD1-4E54-BA76-32D1CDCE3506} - System32\Tasks\{E483989C-7E6D-40B4-8251-918BD76AB8C1} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6A97F3BB-98CE-404D-B9CF-4146C353264C} - System32\Tasks\{A7AFC2C1-1D45-4107-8247-9B4B56E8045F} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6AAFD2DC-69E2-4F0C-BD04-E75A41112ED8} - System32\Tasks\{0BA9020C-4F7A-4F93-9F89-FDD40C38E9CA} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6C6C5D56-98A8-4203-9519-3FB20ED29694} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1212337627-971504644-1430933440-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6CFAF34B-9CE0-43FE-B806-28159EB0BAD7} - System32\Tasks\{EE47BD74-879C-43F0-9391-6284BF34095A} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6F6881F0-3B25-4499-A7BC-FFE5B8B9217A} - System32\Tasks\{109DEE8F-C2B6-405D-AD74-FDF8D790D2B5} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {77D2DE5F-3527-46A6-9968-7FDA9B60C7DC} - System32\Tasks\{BC9228D7-982F-4CBE-8738-9153AA4205C4} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {7914820F-20B4-48B5-99FE-AC8E1BFEE04A} - System32\Tasks\{E9AA7520-FC3A-4EA1-B4C6-CB6C061083CF} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {7EDA1AA7-E47C-49A0-922D-7E09AFC554AD} - System32\Tasks\{2B255C49-9E64-4C59-8BCE-C31EC531D1D2} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {7EF2126F-05E9-4602-B6C7-8223DC9F80A1} - System32\Tasks\{47397D46-CFB4-48CC-97A3-078486CB13FA} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {7FBEA9E5-1A82-46C9-A08D-17D5B9DA750E} - System32\Tasks\{F092AF25-2C88-479A-A42D-5A1431C69F1D} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {83AC4797-54B7-4D04-95DA-38D87FACCC08} - System32\Tasks\{AFF6F41E-FC9B-4FFB-8216-0463AD0F673C} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {86456C99-DF69-4B12-9A6C-EB7335850507} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {86C66B62-3D9A-4A18-B8A5-770AC639F70E} - System32\Tasks\{7D412BCF-BCC3-474F-9FB6-74DF95DBBBA9} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {88C87A12-D22B-4CDA-A2DE-981D5FCF7EFD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {897094FF-C05B-4353-AD0F-4AA94FA3B8B4} - System32\Tasks\{26069290-B482-45FB-87D1-20D01578E95F} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {8CB4E6AF-A41B-4276-A34F-A7ED43C2673D} - System32\Tasks\{41136BC5-7AD2-4278-B3A5-0F38C8B19430} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {8E17507E-3BBF-4DA2-8F5E-284C2F1096CF} - System32\Tasks\{33B1792C-CD7A-48C2-A0CB-FD5A9675311D} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {923BE8F8-FCB1-42E2-901E-B7C32549BB91} - System32\Tasks\{58161606-0679-4D1B-B0A8-8F95A57925DB} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {951B034B-15F7-487A-A9AE-FA9D53290469} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {97888C78-931B-4639-A3B4-949FAEBCBE0D} - System32\Tasks\ESTsoft RunAsStdUser 13956130Task => C:\Program Files (x86)\ESTsoft\ALZip\ALZip.exe
Task: {9845E76E-F1E1-4D79-A82C-436AA59CE056} - System32\Tasks\{CB2A185E-9E1D-447D-9304-C4F8A6EB7AB6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {9D512684-C235-45E1-B839-5BAD68601E6D} - System32\Tasks\{BF84DDEF-17D8-4E7F-8360-B3AEEC843D4F} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {9D694E75-36D4-4F1C-AFC2-617EE9EA55F5} - System32\Tasks\{9BE280A0-C1D2-4790-9E3B-0B7B5B214F1F} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A106E5C3-6B0A-485B-95F4-77AA07354D22} - System32\Tasks\{ADDA7E9B-C494-4596-AC26-172F8F070537} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A19B571E-3D98-4B7B-947E-D1B3F0A16E16} - System32\Tasks\{4565AE61-6D16-4218-A319-6AE82C9889C6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A538BA99-E8F2-40F0-83FC-B8443EB36264} - System32\Tasks\{BABE07E1-AC3D-4C3E-9299-3ED866B08DA5} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A6828F60-3541-4F1F-B7DE-C500EB78264E} - System32\Tasks\{894BBCBE-5D5F-463B-A4AD-BA0A5D457A35} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A9D50511-9116-427D-A9E1-E45C5155EF05} - System32\Tasks\{DB441232-02FE-40A6-8727-76989185FD26} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {AA0418A4-F211-4999-B9DC-2F568FA107E6} - System32\Tasks\{BD14321C-7945-4711-9CE5-AC048BD024FC} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {AAF4B297-F7B7-4CF9-B00A-28CD2409D5C1} - System32\Tasks\{CE686764-6487-4D94-955F-B0A1AD6311F1} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {ABAAA8F6-3BCC-495A-8542-7A52D263EC03} - System32\Tasks\{74C66739-DB18-4A09-BEF6-BD07C5E42630} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {B933231D-8ECA-4DE6-8EB1-F25F478B0F0D} - System32\Tasks\{29EB7EC0-610B-492D-AE41-BB7BC77BBA8B} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {B9355C7E-0414-4364-A545-9CFD07C5AB93} - System32\Tasks\{67656875-8FF7-45D0-9B9C-B935DC0A3B99} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {BAD6127F-DA5B-499F-A762-0F3878DB8518} - System32\Tasks\{9DAA7BA6-E4D0-484A-BBCC-CC97E11D1064} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {BC888F8E-77F6-4E51-9760-1B0CFFEF58A6} - System32\Tasks\{2C24AF76-7016-4308-BACC-19633B0DE882} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {C305FB85-5FBC-4270-BED5-252B6BD2A379} - System32\Tasks\{E13B99C4-DADA-4BA0-A2EA-A630F074A73E} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {C8321C3B-BCCC-4197-B5AE-AF634EB78E57} - System32\Tasks\{3BEE7C77-9EE7-4EBC-9645-DB03B85251CB} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {DA37B859-6CF0-4681-BCA1-58F5FB44EAC3} - System32\Tasks\{1D448051-C7CE-45E1-9958-9144E5D0238B} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E08298BF-6509-44C0-89B8-FFB46654BA28} - System32\Tasks\{B9DF42DC-8DBE-4B35-9A35-B37417B84FBF} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E3B66D5E-B5D4-4362-A390-4AD360E1CA7F} - System32\Tasks\{D7F30625-EC9F-41D8-9F4A-05086D937DD6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E4E0ABB4-A4EB-4F45-A5B8-DFB20C16A902} - System32\Tasks\{7F41E535-FCC2-4689-954B-DBF2EAEE989B} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {EA3FA594-C5AE-401D-B46B-383A132A11B5} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2013-10-12] (TuneUp Software)
Task: {ECDDA82D-B8CB-4FB8-B7B7-1032A7E28721} - System32\Tasks\{F6214170-A254-44AE-9B03-554FC2A1AC41} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {EF82450D-9FEA-4A41-8814-39B1478DB095} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1212337627-971504644-1430933440-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {F00C3D0A-4C75-4DCB-A30E-EB9A485179A2} - System32\Tasks\{C270808F-23A4-4CBA-80DF-99D169A0C119} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F2445EE1-F5D5-4745-A638-25EFF5045E5B} - System32\Tasks\{4646FE01-8E8A-4144-BF7C-FDCE2314C62F} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F6F80E92-2432-4245-BF48-3FAA2F131547} - System32\Tasks\{68627B48-73BD-434C-8CAC-62506298D7E4} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F8787AB1-D908-411C-A623-F79FC8022F6C} - System32\Tasks\{090A20F8-1ACF-4472-9048-4EBAEB5E8E52} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F9D977FB-FE0B-4BAA-8FDD-7F8F3496EB54} - System32\Tasks\{CED677EA-BB9C-4F0C-806E-A9155E01838F} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-02-07 13:24 - 2007-02-09 10:41 - 00014848 _____ () C:\windows\System32\KOAZXJ_L.dll
2011-06-07 23:09 - 2011-06-07 23:09 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-10-12 02:29 - 2013-10-12 02:29 - 00757048 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2008-12-20 04:20 - 2011-11-24 09:25 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 04:20 - 2011-11-24 09:25 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2011-11-24 08:49 - 2010-10-25 13:43 - 00015400 _____ () C:\Program Files\CapsLK OSD\64\COKHOOK.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2010-03-23 13:26 - 2010-03-23 13:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2014-11-25 09:50 - 2014-11-25 09:50 - 00043008 _____ () c:\users\lena\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu7eah9.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Lena\AppData\Roaming\Dropbox\bin\libcef.dll
2014-06-12 08:39 - 2014-06-12 08:40 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-06-12 08:40 - 2014-06-12 08:40 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-12 08:40 - 2014-06-12 08:40 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2012-11-22 09:05 - 2012-11-21 06:26 - 00008704 _____ () C:\Users\Lena\AppData\Roaming\Thunderbird\Profiles\haek98nc.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk => C:\windows\pss\vpngui.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^xprint-client.lnk => C:\windows\pss\xprint-client.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Lena^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Wuala.lnk => C:\windows\pss\Wuala.lnk.Startup
MSCONFIG\startupreg: 332BigDog => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Lenovo EE Boot Optimizer => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
MSCONFIG\startupreg: lxdiamon => "C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe"
MSCONFIG\startupreg: lxdimon.exe => "C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\Lena\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Lena\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: UIExec => "C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe"
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

========================= Accounts: ==========================

Administrator (S-1-5-21-1212337627-971504644-1430933440-500 - Administrator - Disabled)
Gast (S-1-5-21-1212337627-971504644-1430933440-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1212337627-971504644-1430933440-1003 - Limited - Enabled)
Lena (S-1-5-21-1212337627-971504644-1430933440-1001 - Administrator - Enabled) => C:\Users\Lena
Xcalibur_System (S-1-5-21-1212337627-971504644-1430933440-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/25/2014 09:55:32 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (11/25/2014 09:50:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/25/2014 09:13:08 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (11/25/2014 09:03:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2014 07:49:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (11/24/2014 07:10:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (11/24/2014 08:29:52 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (11/24/2014 08:24:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/21/2014 03:18:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (11/21/2014 03:11:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/25/2014 09:48:40 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (11/25/2014 09:47:39 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (11/25/2014 09:27:38 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (11/25/2014 09:01:08 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (11/24/2014 09:04:35 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (11/24/2014 04:49:57 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Browser erreicht.

Error: (11/24/2014 08:22:31 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (11/21/2014 03:26:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (11/21/2014 03:10:11 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (11/21/2014 02:38:50 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (11/25/2014 09:55:32 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (11/25/2014 09:50:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/25/2014 09:13:08 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (11/25/2014 09:03:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2014 07:49:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (11/24/2014 07:10:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (11/24/2014 08:29:52 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (11/24/2014 08:24:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/21/2014 03:18:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (11/21/2014 03:11:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: AMD E-450 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 42%
Total physical RAM: 3688.67 MB
Available physical RAM: 2117.01 MB
Total Pagefile: 13375.52 MB
Available Pagefile: 11532.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:421.81 GB) (Free:100.2 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:7.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9DA6949F)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

==================== End Of Log ============================
         
Gmer:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-25 10:58:19
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000073 ST950032 rev.0011 465.76GB
Running: Gmer-19357.exe; Driver: C:\Users\Lena\AppData\Local\Temp\kxldapow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                               fffff8000340a000 65 bytes [29, 65, 30, 0F, 29, 6D, 40, ...]
INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 594                               fffff8000340a042 37 bytes {ADD [RAX], AL; ADD [RBX+RCX*4-0x7b], CL; CALL 0xffffffffa800000b}

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13                      
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819ea40ae                      
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819ea40ae@90c11569f9c1         0x7F 0xF2 0x2D 0x70 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819ea40ae@d850e60ee635         0x6F 0xD0 0x90 0xD3 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819ea40ae@9ce6e711052b         0x06 0x4B 0x58 0x20 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet)  
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819ea40ae (not active ControlSet)  
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819ea40ae@90c11569f9c1             0x7F 0xF2 0x2D 0x70 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819ea40ae@d850e60ee635             0x6F 0xD0 0x90 0xD3 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819ea40ae@9ce6e711052b             0x06 0x4B 0x58 0x20 ...

---- EOF - GMER 2.1 ----
         
Ich hoffe ich habe alles richtig gemacht und ihr könnt mir helfen. Danke

Alt 25.11.2014, 10:34   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Malware und Adware Befall nach Installation von "StreamTransport" - Standard

Malware und Adware Befall nach Installation von "StreamTransport"



hi,

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________

__________________

Alt 25.11.2014, 19:12   #3
Funchameleon
 
Malware und Adware Befall nach Installation von "StreamTransport" - Standard

Malware und Adware Befall nach Installation von "StreamTransport"



So, hier die nächsten Scans:

MBAM:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 25.11.2014
Suchlauf-Zeit: 18:41:39
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.25.10
Rootkit Datenbank: v2014.11.22.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Lena

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 339796
Verstrichene Zeit: 34 Min, 6 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 1
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.26182, In Quarantäne, [ea1470cf4a3280b6c33f42e561a203fd], 

Dateien: 27
PUP.Optional.SmartSaver.A, C:\Users\Lena\AppData\Roaming\JGQUYH.exe, In Quarantäne, [c43af84785f76ccad6d5f284b54ce51b], 
PUP.Optional.SmartSaver.A, C:\Users\Lena\AppData\Roaming\QIUEVW.exe, In Quarantäne, [48b65ce3f28af93dfcaf8bebb24f7789], 
Trojan.Onlinegames, C:\$Recycle.Bin\S-1-5-21-1212337627-971504644-1430933440-1001\$RAKANHB.dll, In Quarantäne, [4faf44fb8fed39fd1bc28c2a17ebc937], 
PUP.Optional.Soft32, C:\$Recycle.Bin\S-1-5-21-1212337627-971504644-1430933440-1001\$R4CFSAV.exe, In Quarantäne, [21dd95aad6a60b2b0501ffc49c65f60a], 
Trojan.Onlinegames, C:\$Recycle.Bin\S-1-5-21-1212337627-971504644-1430933440-1001\$RGTJ0QV\3dmgame.rar, In Quarantäne, [bb43b48b502c3ef874696e4842c0da26], 
PUP.Optional.Bundle, C:\Users\Lena\AppData\Local\Temp\smt_mystartsearch.exe, In Quarantäne, [c23c3d02ea92a78f2143984f13ee9d63], 
PUP.Optional.Wajam, C:\Users\Lena\AppData\Local\Temp\9FDA.tmp, In Quarantäne, [b04e4cf3ceae90a69872a2178e73748c], 
PUP.Optional.CrossRider.A, C:\Users\Lena\AppData\Local\Temp\s4s15.exe, In Quarantäne, [fc02b78884f834026b4f2dae05fc2ed2], 
PUP.Optional.Clara.A, C:\Users\Lena\AppData\Local\Temp\f4f2a446-6cf6-458d-b85a-dcb16e8ac472.exe, In Quarantäne, [7a84013e1e5ec274ea3556776a974ab6], 
PUP.Optional.OpenCandy, C:\Users\Lena\Downloads\DTLite4491-0356 (1).exe, In Quarantäne, [649a5ae5d5a7e056a336304bbb4a50b0], 
RiskWare.Tool.CK, C:\Windows\KMService.exe, In Quarantäne, [42bc80bfa3d94fe7b9ecbc7747bba55b], 
PUP.Optional.Boost.A, C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage, In Quarantäne, [75894ff0b9c31d19eb98421249baee12], 
PUP.Optional.Boost.A, C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, In Quarantäne, [906ecb749fddea4c2b58d67ec34002fe], 
PUP.Optional.SelectNGo.A, C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, In Quarantäne, [1ee0e6595c20ad8917a7a9b747bc5fa1], 
PUP.Optional.SelectNGo.A, C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, In Quarantäne, [5f9f5ce3c4b8db5b823caeb20ef57090], 
PUP.Optional.LiveLyrics.A, C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage, In Quarantäne, [ce30fa45adcfa591bd4c8dd529da51af], 
PUP.Optional.LiveLyrics.A, C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal, In Quarantäne, [cc32d56a324a280e61a8b4ae29da1ce4], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.26182\GoogleCrashHandler.exe, In Quarantäne, [ea1470cf4a3280b6c33f42e561a203fd], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.26182\GoogleUpdate.exe, In Quarantäne, [ea1470cf4a3280b6c33f42e561a203fd], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.26182\GoogleUpdateBroker.exe, In Quarantäne, [ea1470cf4a3280b6c33f42e561a203fd], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.26182\GoogleUpdateHelper.msi, In Quarantäne, [ea1470cf4a3280b6c33f42e561a203fd], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.26182\GoogleUpdateOnDemand.exe, In Quarantäne, [ea1470cf4a3280b6c33f42e561a203fd], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.26182\goopdate.dll, In Quarantäne, [ea1470cf4a3280b6c33f42e561a203fd], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.26182\goopdateres_en.dll, In Quarantäne, [ea1470cf4a3280b6c33f42e561a203fd], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.26182\npGoogleUpdate4.dll, In Quarantäne, [ea1470cf4a3280b6c33f42e561a203fd], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.26182\psmachine.dll, In Quarantäne, [ea1470cf4a3280b6c33f42e561a203fd], 
PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.26182\psuser.dll, In Quarantäne, [ea1470cf4a3280b6c33f42e561a203fd], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
AdwCleaner:

Code:
ATTFilter
# AdwCleaner v4.102 - Bericht erstellt am 25/11/2014 um 19:39:44
# Aktualisiert 23/11/2014 von Xplode
# Database : 2014-11-25.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Lena - LENA-PC
# Gestartet von : C:\Users\Lena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XUSSHS55\AdwCleaner_4.102.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v


-\\ Google Chrome v39.0.2171.65


*************************

AdwCleaner[R0].txt - [9228 octets] - [21/11/2014 13:39:06]
AdwCleaner[R1].txt - [1025 octets] - [21/11/2014 14:19:06]
AdwCleaner[R2].txt - [2579 octets] - [25/11/2014 09:15:25]
AdwCleaner[R3].txt - [1907 octets] - [25/11/2014 19:24:20]
AdwCleaner[S0].txt - [8440 octets] - [21/11/2014 13:54:26]
AdwCleaner[S1].txt - [1087 octets] - [21/11/2014 14:33:53]
AdwCleaner[S2].txt - [2640 octets] - [25/11/2014 09:47:06]
AdwCleaner[S3].txt - [1689 octets] - [25/11/2014 19:39:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1749 octets] ##########
         
JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by Lena on 25.11.2014 at 19:45:50.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\windows\s.bat"



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{1E1B671B-3F38-4B03-8E22-46B5BB55AAA0}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{23DC4DDE-E5FB-44E5-B55F-B79AA0C4311C}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{289F7ABD-4E09-48D4-994A-038C8917E380}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{4ABEB3B1-99BF-4D4E-81BB-8C91149DE11B}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{59BB0E92-FDEC-4ED6-BC28-FBCAFB20F017}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{6F1C7B74-AA71-46FA-864A-1F54968C9626}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{811D4618-1137-4FBD-BD8F-4473C88F4E7F}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{829C472D-E232-4FB6-8D13-07D18808D60C}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{A0AFB9C8-DFEA-4C7B-B596-ACB39037FC05}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{BC9BF0E7-18BC-44D2-863C-779B7017E6C2}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{CA87122C-6F1E-4ED5-96AF-6E5C525EB727}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{D19C6C32-D66B-4465-8AEA-0C03257512AC}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{E3E7A408-FD13-4BE3-B049-C2F424AD6760}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{FD215A26-191C-4B7E-8C66-F503E04FEDEC}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.11.2014 at 19:53:15.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by Lena (administrator) on LENA-PC on 25-11-2014 20:04:49
Running from C:\Users\Lena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RP2YU6S3
Loaded Profile: Lena (Available profiles: Lena)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\CFRDBService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\FinAutoLogOff.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\finSS_Server.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) C:\Windows\System32\PrintCtrl.exe
(Lenovo.) C:\Windows\System32\TPHDEXLG64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe
(Wistron Corp.) C:\Program Files\CapsLK OSD\64\Capsosd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_223_ActiveX.exe
(Farbar) C:\Users\Lena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RP2YU6S3\FRST64 (1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2396968 2010-10-21] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\System32\TpShocks.exe [231328 2010-03-15] (Lenovo.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-11-24] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-11-24] (Lenovo(beijing) Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [PrintDisp] => C:\windows\system32\PrintDisp.exe [870400 2012-10-29] (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
HKLM\...\Run: [{BA1E422A-80A8-4AA0-B67B-CAA3D04C5162}] => C:\Program Files\CapsLK OSD\64\CAPSOSD.EXE [3699752 2010-10-25] (Wistron Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {23d88e2a-447e-11e4-87cc-f0def1a76e65} - F:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {3fe04515-d644-11e1-ac8e-f0def1a76e65} - E:\Startme.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {3fe04581-d644-11e1-ac8e-f0def1a76e65} - E:\Startme.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {43d7657b-4fda-11e1-a7cf-f0def1a76e65} - E:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {43d765bf-4fda-11e1-a7cf-f0def1a76e65} - E:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {82f4e8e7-8611-11e1-bcf1-806e6f6e6963} - G:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {ab275ee6-4e9f-11e1-ab3c-f0def1a76e65} - G:\Windows\CHECK\DriveNavigator.exe
IFEO\btwuiext.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\effectextractor.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\youcam.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {8C253AA9-4BE6-4BBE-AB53-B530F0B00EA0} => C:\windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {8C253AA9-4BE6-4BBE-AB53-B530F0B00EA0} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52051;https=127.0.0.1:52051
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{78766EAF-1FF5-492F-97B3-AB9B54FB7625}: [NameServer] 134.106.40.3,134.106.49.2

FireFox:
========
FF ProfilePath: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: imagessnarkcoil - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\images@snark.co.il [2014-11-25]
FF Extension: Adblock Plus - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-02-05]
FF Extension: Tab Mix Plus - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-02-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-24]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-03]
FF Extension: No Name - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\extensions\tylerkeith11@aol.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (Google Cast) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-05-01]
CHR Extension: (Adblock Plus) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-09-22]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-05-01]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-05-01]
CHR Extension: (AdBlock) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-09-12]
CHR Extension: (Wikipedia Search) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipakennkogpodadpikgipnogamhklmk [2012-09-12]
CHR Extension: (macpddegmcklbbnbdemccckkmhaegdlf) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\macpddegmcklbbnbdemccckkmhaegdlf [2014-11-25]
CHR Extension: (Google Wallet) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (PAYBACK Internet Assistent für Google Chrome) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbfjbhoglggakhkngkbfehgghkaadeba [2014-09-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-06-07] (Advanced Micro Devices, Inc.) [File not signed]
S4 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [907040 2010-05-10] (Broadcom Corporation.)
R2 CFRDBService; c:\program files\Xcalibur\system\programs\CFRDBService.exe [335923 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [56648 2014-10-29] (Google Inc.)
R2 FinAutoLogOff; c:\program files\Xcalibur\system\programs\FinAutoLogOff.exe [86068 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 Finnigan Security Server; c:\program files\Xcalibur\system\programs\finSS_Server.exe [65536 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-04-30] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Printer Control; C:\windows\system32\PrintCtrl.exe [121856 2012-10-21] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-12] (TuneUp Software)
S4 XPrint-Client-Service; C:\Program Files (x86)\Schomaecker\XPrint-Client\XPrint-Client-Service\XPrint-Client-Service.exe [1501184 2008-09-30] (Schomäcker GmbH) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-29] (Disc Soft Ltd)
S3 hcw66xxx; C:\Windows\System32\Drivers\hcw66x64.sys [753408 2009-06-03] (Hauppauge Computer Works, Inc.)
S3 massfilter_hs; C:\windows\system32\drivers\massfilter_hs.sys [18456 2011-08-15] (HandSet Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [129432 2011-08-15] (ZTE Incorporated)
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
U2 DriverService; No ImagePath
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-25 19:45 - 2014-11-25 19:45 - 00000000 ____D () C:\windows\ERUNT
2014-11-25 19:44 - 2014-11-25 19:44 - 01707532 _____ (Thisisu) C:\Users\Lena\Downloads\JRT.exe
2014-11-25 11:43 - 2014-11-25 19:20 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-25 11:43 - 2014-11-25 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-25 11:42 - 2014-11-25 11:43 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-25 11:42 - 2014-11-25 11:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-25 11:42 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-25 11:42 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-25 11:42 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-11-25 11:31 - 2014-11-21 13:20 - 00001465 _____ () C:\Users\Lena\Desktop\Internet Explorer (No Add-ons).lnk
2014-11-25 11:26 - 2014-11-25 19:53 - 00000000 ____D () C:\Users\Lena\Desktop\Virus
2014-11-25 10:27 - 2014-11-25 10:27 - 00380416 _____ () C:\Users\Lena\Downloads\Gmer-19357.exe
2014-11-25 10:17 - 2014-11-25 20:04 - 00000000 ____D () C:\FRST
2014-11-25 10:15 - 2014-11-25 10:15 - 00000168 _____ () C:\Users\Lena\defogger_reenable
2014-11-25 10:14 - 2014-11-25 10:14 - 00000000 __SHD () C:\Users\Lena\AppData\Local\EmieBrowserModeList
2014-11-25 10:12 - 2014-11-25 10:12 - 01029608 _____ () C:\Users\Lena\Downloads\Setup v2 1.exe
2014-11-24 13:52 - 2014-11-24 13:52 - 00175910 _____ () C:\Users\Lena\Downloads\unterbrochene_yachse.zip
2014-11-21 13:59 - 2014-11-21 13:59 - 02140160 _____ () C:\Users\Lena\Downloads\adwcleaner_4.101 (1).exe
2014-11-21 13:41 - 2014-11-21 13:43 - 00000557 _____ () C:\Users\Lena\Downloads\zdf_hdflash_none-f.akamaihd.net15754379.f4f
2014-11-21 13:41 - 2014-11-21 13:41 - 01742260 _____ () C:\Users\Lena\Downloads\neomagazin141120.flv
2014-11-21 13:39 - 2014-11-25 19:39 - 00000000 ____D () C:\AdwCleaner
2014-11-21 13:18 - 2014-11-21 13:18 - 00003146 _____ () C:\windows\System32\Tasks\{C588A2D1-8070-4EFA-B632-BE83B414FE31}
2014-11-21 12:31 - 2014-11-21 13:54 - 01740800 _____ () C:\Users\Lena\Downloads\zdf_hdflash_none-f.akamaihd.net11589865.f4f
2014-11-21 12:30 - 2014-11-21 12:30 - 00001091 _____ () C:\Users\Public\Desktop\StreamTransport.lnk
2014-11-21 12:30 - 2014-11-21 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport
2014-11-21 12:30 - 2014-11-21 12:30 - 00000000 ____D () C:\Program Files (x86)\StreamTransport
2014-11-21 12:29 - 2014-11-21 12:29 - 00000000 ____D () C:\Users\Lena\Downloads\streamtransport_1.1.6.2
2014-11-21 12:28 - 2014-11-21 12:29 - 17805707 _____ () C:\Users\Lena\Downloads\streamtransport_1.1.6.2 (1).zip
2014-11-21 12:28 - 2014-11-21 12:28 - 17805707 _____ () C:\Users\Lena\Downloads\streamtransport_1.1.6.2.zip
2014-11-19 15:33 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-19 15:33 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-19 15:33 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-19 15:33 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-16 16:21 - 2014-11-16 16:22 - 1356902800 _____ () C:\Users\Lena\Desktop\Gute_Zeiten_schlechte_Zeiten_14.11.15_10-10_rtl_155_TVOON_DE.mpg.avi
2014-11-14 13:49 - 2014-11-14 13:50 - 03462033 _____ () C:\Users\Lena\Downloads\pci_4filerecovery.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-14 12:05 - 2014-11-14 12:06 - 00638888 _____ (Oracle Corporation) C:\Users\Lena\Downloads\chromeinstall-8u25 (1).exe
2014-11-14 12:05 - 2014-11-14 12:05 - 00638888 _____ (Oracle Corporation) C:\Users\Lena\Downloads\chromeinstall-8u25.exe
2014-11-13 08:40 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-13 08:40 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-13 08:40 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-13 08:40 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-13 08:40 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-11-13 08:40 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-13 08:40 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-13 08:40 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-11-13 08:40 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-11-13 08:40 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-13 08:40 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-13 08:40 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-13 08:40 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-13 08:40 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-13 08:40 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-11-13 08:40 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-11-13 08:40 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-13 08:40 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-13 08:40 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-13 08:40 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-13 08:40 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-13 08:40 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-13 08:40 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-11-13 08:40 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-13 08:40 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-11-13 08:40 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 08:40 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-13 08:40 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-13 08:40 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-13 08:40 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-13 08:40 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-13 08:40 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-13 08:40 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-13 08:40 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-11-13 08:40 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-13 08:40 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-13 08:40 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 08:40 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-13 08:40 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-13 08:40 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-11-13 08:40 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-13 08:40 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-13 08:40 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-13 08:40 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-13 08:40 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-13 08:40 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-13 08:40 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-13 08:40 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-13 08:40 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-11-13 08:40 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-13 08:40 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-13 08:40 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-13 08:40 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-13 08:40 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-13 08:40 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-13 08:40 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-11-13 08:40 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-13 08:40 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-13 08:40 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-13 08:40 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-13 08:40 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-13 08:40 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-13 08:40 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-13 08:40 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-13 08:40 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-13 08:40 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-13 08:40 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-13 08:40 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-13 08:39 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-13 08:39 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-13 08:39 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-13 08:39 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-13 08:39 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-13 08:38 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-13 08:38 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-13 08:38 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-13 08:38 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-13 08:38 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-13 08:38 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-13 08:38 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-13 08:37 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-13 08:37 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-13 08:32 - 2014-11-13 09:23 - 00000000 ____D () C:\Users\Lena\Desktop\an pascal
2014-11-13 08:27 - 2014-11-13 08:28 - 00000000 ____D () C:\Users\Lena\Desktop\Kram
2014-11-12 21:57 - 2014-11-12 21:57 - 17926832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-09 01:41 - 2014-11-09 01:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-09 01:41 - 2014-11-09 01:41 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-09 01:15 - 2014-11-16 16:22 - 00000697 _____ () C:\Users\Lena\Desktop\MultidecoderLog.log
2014-11-09 01:15 - 2014-11-09 01:17 - 1319788244 _____ () C:\Users\Lena\Downloads\Gute_Zeiten_schlechte_Zeiten_14.11.08_10-00_rtl_150_TVOON_DE.mpg.avi
2014-11-09 00:14 - 2014-11-09 00:14 - 00000000 ____D () C:\Users\Lena\Downloads\OTRDecoder_2.0.0.22
2014-11-09 00:14 - 2012-08-13 15:54 - 06623232 _____ (© onlinetvrecorder.com) C:\Users\Lena\Desktop\2009Decoder.exe
2014-11-09 00:13 - 2014-11-09 00:13 - 02082889 _____ () C:\Users\Lena\Downloads\OTRDecoder_2.0.0.22.zip
2014-11-09 00:11 - 2014-11-09 01:14 - 1319788766 _____ () C:\Users\Lena\Downloads\Gute_Zeiten_schlechte_Zeiten_14.11.08_10-00_rtl_150_TVOON_DE.mpg.avi.otrkey
2014-11-07 13:43 - 2014-11-07 13:46 - 00000000 ____D () C:\Users\Lena\Downloads\Dateiordner_MM_14_-_Katalyse
2014-11-07 13:42 - 2014-11-07 13:42 - 00062640 _____ () C:\Users\Lena\Downloads\Dateiordner_MM_14_-_Katalyse.zip
2014-11-01 16:27 - 2014-11-01 16:28 - 00000000 ____D () C:\Users\Lena\Desktop\Jan
2014-10-28 12:53 - 2014-10-28 13:40 - 00000000 ____D () C:\Users\Lena\Downloads\wish i was evo

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-25 20:06 - 2011-11-24 09:17 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-25 20:04 - 2011-11-24 08:59 - 01418112 _____ () C:\windows\system32\TPAPSLOG.LOG
2014-11-25 20:03 - 2012-02-03 21:08 - 00000000 ___RD () C:\Users\Lena\Dropbox
2014-11-25 20:02 - 2012-02-03 21:05 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Dropbox
2014-11-25 20:01 - 2011-11-24 09:17 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-25 20:01 - 2011-11-24 09:07 - 00114431 _____ () C:\windows\system32\fastboot.set
2014-11-25 20:01 - 2011-11-24 08:59 - 00900096 _____ () C:\windows\system32\TPHDLOG0.LOG
2014-11-25 20:01 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-25 20:01 - 2009-07-14 05:51 - 00179922 _____ () C:\windows\setupact.log
2014-11-25 20:00 - 2011-11-24 08:19 - 01191939 _____ () C:\windows\WindowsUpdate.log
2014-11-25 19:59 - 2011-11-15 23:13 - 22664448 _____ () C:\windows\system32\perfh007.dat
2014-11-25 19:59 - 2011-11-15 23:13 - 07209272 _____ () C:\windows\system32\perfc007.dat
2014-11-25 19:59 - 2009-07-14 06:13 - 00782552 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-25 19:57 - 2012-08-12 17:55 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-25 19:48 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-25 19:48 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-25 19:40 - 2010-11-21 04:47 - 00388690 _____ () C:\windows\PFRO.log
2014-11-25 10:15 - 2012-02-01 23:10 - 00000000 ____D () C:\Users\Lena
2014-11-25 09:15 - 2014-06-02 12:35 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{4B3F3E2B-693F-40FB-8136-4BD97FE2FB88}
2014-11-21 15:16 - 2012-02-05 13:52 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\vlc
2014-11-21 13:31 - 2011-11-24 08:34 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-11-21 13:20 - 2012-02-01 23:11 - 00001421 _____ () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-19 15:20 - 2011-11-24 09:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-16 08:38 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-11-16 07:01 - 2011-11-24 09:17 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 07:01 - 2011-11-24 09:17 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-16 06:47 - 2012-02-03 21:07 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 12:57 - 2012-07-24 12:46 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-14 12:11 - 2014-03-21 14:31 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-11-14 12:11 - 2014-03-21 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-14 12:10 - 2014-03-21 14:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-13 15:29 - 2009-07-14 05:45 - 00466800 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-13 15:28 - 2014-05-06 15:30 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-13 14:19 - 2012-02-02 23:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 14:15 - 2013-07-17 16:08 - 00000000 ____D () C:\windows\system32\MRT
2014-11-13 14:07 - 2012-02-07 13:41 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-13 09:40 - 2012-02-02 23:43 - 00000000 ____D () C:\Users\Lena\AppData\Local\Microsoft Help
2014-11-13 08:30 - 2012-02-02 22:05 - 00000000 ____D () C:\Users\Lena\Desktop\Uni - aktuell
2014-11-12 21:58 - 2012-08-12 17:55 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 21:58 - 2012-04-26 15:09 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 21:58 - 2012-02-02 22:52 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-09 11:47 - 2014-01-20 19:53 - 00003694 _____ () C:\windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-11-09 01:41 - 2012-02-03 22:49 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-04 13:40 - 2012-02-02 23:17 - 00002106 _____ () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk
2014-11-01 19:05 - 2014-09-09 18:34 - 00000000 ____D () C:\ProgramData\Origin
2014-11-01 16:38 - 2014-09-09 18:34 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-01 16:28 - 2012-02-02 21:42 - 00000000 ____D () C:\Users\Lena\Desktop\Temp
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Lena\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzkirv7.dll
C:\Users\Lena\AppData\Local\Temp\Quarantine.exe
C:\Users\Lena\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-16 08:30

==================== End Of Log ============================
         
__________________

Alt 26.11.2014, 20:08   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Malware und Adware Befall nach Installation von "StreamTransport" - Standard

Malware und Adware Befall nach Installation von "StreamTransport"




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.11.2014, 12:39   #5
Funchameleon
 
Malware und Adware Befall nach Installation von "StreamTransport" - Standard

Malware und Adware Befall nach Installation von "StreamTransport"



Hallo.

Die Scans sind nun endlich fertig geworden.
Hier die logs:

ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5d43decdeb53cb4fa9077d9942e64f2d
# engine=21287
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-27 02:31:16
# local_time=2014-11-27 03:31:16 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 6734252 111276286 0 0
# scanned=334569
# found=16
# cleaned=0
# scan_time=23905
sh=1CD938B47A629EE9C0D4D0C0BA4E20EA7B93AB75 ft=1 fh=7ca20754e5d7b048 vn="Variante von MSIL/Soft32Downloader.C evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1212337627-971504644-1430933440-1001\$RGKRGIR.exe"
sh=2FC3A5E92137A2B80A59D68B7C62C774C50FFE00 ft=1 fh=938e1c7bdaa228ad vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir"
sh=12EBF6FC8AD543662053CA101C2D5DA175137EB2 ft=1 fh=c71c00119e5c1a87 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir"
sh=8F0ABE23DDA3F9DC04497B1A4F455AF8CE9D45B8 ft=1 fh=787e176d56997de7 vn="Win64/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir"
sh=43B2963293CE3865C32132A4802B92531C16D256 ft=1 fh=e1d0248c77f0c9d9 vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=9AE9A2C0B8241366357206097FD312B5671FCAE8 ft=1 fh=dc7a3c84863e13b7 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir"
sh=2B55DF509EC5D62C5FB44E14E63AAC90371B917F ft=1 fh=918bb53878474d1f vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=84616836894B9CACA83D683872A132424128D9CB ft=1 fh=23b3d2b5787c7150 vn="Win32/ELEX.BC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=91ED2700DBFDAA31B3BFEBDFE42A82560839F79F ft=1 fh=880198fb47121cea vn="Variante von Win32/Packed.VMProtect.AAA Trojaner" ac=I fn="C:\Program Files (x86)\Die Sims 4 Digital Deluxe Edition\Game\Bin\3dmgame.dll"
sh=4D50D87B348650F99E46B9125AF0817D233D1B92 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lena\AppData\Local\Temp\FC8B.tmp"
sh=CF919FED236CA05A64A33F0083CBEFD3449FB276 ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2012-1723.AL Trojaner" ac=I fn="C:\Users\Lena\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\2c832eda-366e0b2c"
sh=8B3141CE7DCA47BD4FF37ED9F0DA4053F5B0B0C2 ft=1 fh=6c7012509d6c7827 vn="Variante von Win32/SoftPulse.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lena\Downloads\Setup v2 1.exe"
sh=F346D91A2E5F5FBEFF8F19023463F079E6E89B7A ft=0 fh=0000000000000000 vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lena\Downloads\streamtransport_1.1.6.2 (1).zip"
sh=F346D91A2E5F5FBEFF8F19023463F079E6E89B7A ft=0 fh=0000000000000000 vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lena\Downloads\streamtransport_1.1.6.2.zip"
sh=075478ED256C74207FB1540F41BE4934B47D549B ft=1 fh=5a1a58d6a5023955 vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lena\Downloads\streamtransport_1.1.6.2\streamtransport_chrome_setup1.1.6.2.exe"
sh=E18B5242B0C893DF09E34A9E89DE551503F31591 ft=1 fh=5a1a58d6d884f372 vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lena\Downloads\streamtransport_1.1.6.2\Streamtransport IE10\streamtransport_setup.exe"
         
SecurityCheck:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.90  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 TuneUp Utilities 2014   
 TuneUp Utilities 2014 (de-DE)  
 TuneUp Utilities 2014   
 Java 8 Update 25  
 Java version out of Date! 
 Adobe Flash Player 15.0.0.239  
 Adobe Reader XI  
 Mozilla Thunderbird (24.6.0) 
 Google Chrome (39.0.2171.65) 
 Google Chrome (39.0.2171.71) 
 Google Chrome (chrome.exe..) 
 Google Chrome (Dictionaries...) 
 Google Chrome (master_preferences...) 
 Google Chrome (wow_helper.exe..) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by Lena (administrator) on LENA-PC on 27-11-2014 15:52:37
Running from C:\Users\Lena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y3QBGZDE
Loaded Profile: Lena (Available profiles: Lena)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\CFRDBService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\FinAutoLogOff.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\finSS_Server.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) C:\Windows\System32\PrintCtrl.exe
(Lenovo.) C:\Windows\System32\TPHDEXLG64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Wistron Corp.) C:\Program Files\CapsLK OSD\64\Capsosd.exe
(Dropbox, Inc.) C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_239_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2396968 2010-10-21] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\System32\TpShocks.exe [231328 2010-03-15] (Lenovo.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-11-24] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-11-24] (Lenovo(beijing) Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [PrintDisp] => C:\windows\system32\PrintDisp.exe [870400 2012-10-29] (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
HKLM\...\Run: [{BA1E422A-80A8-4AA0-B67B-CAA3D04C5162}] => C:\Program Files\CapsLK OSD\64\CAPSOSD.EXE [3699752 2010-10-25] (Wistron Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {23d88e2a-447e-11e4-87cc-f0def1a76e65} - F:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {3fe04515-d644-11e1-ac8e-f0def1a76e65} - E:\Startme.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {3fe04581-d644-11e1-ac8e-f0def1a76e65} - E:\Startme.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {43d7657b-4fda-11e1-a7cf-f0def1a76e65} - E:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {43d765bf-4fda-11e1-a7cf-f0def1a76e65} - E:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {82f4e8e7-8611-11e1-bcf1-806e6f6e6963} - G:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {ab275ee6-4e9f-11e1-ab3c-f0def1a76e65} - G:\Windows\CHECK\DriveNavigator.exe
IFEO\btwuiext.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\effectextractor.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\youcam.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {8C253AA9-4BE6-4BBE-AB53-B530F0B00EA0} => C:\windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {8C253AA9-4BE6-4BBE-AB53-B530F0B00EA0} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52051;https=127.0.0.1:52051
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{78766EAF-1FF5-492F-97B3-AB9B54FB7625}: [NameServer] 134.106.40.3,134.106.49.2

FireFox:
========
FF ProfilePath: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: imagessnarkcoil - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\images@snark.co.il [2014-11-25]
FF Extension: Adblock Plus - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-02-05]
FF Extension: Tab Mix Plus - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-02-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-24]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-03]
FF Extension: No Name - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\extensions\tylerkeith11@aol.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (Google Cast) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-05-01]
CHR Extension: (Adblock Plus) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-09-22]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-05-01]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-05-01]
CHR Extension: (AdBlock) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-09-12]
CHR Extension: (Wikipedia Search) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipakennkogpodadpikgipnogamhklmk [2012-09-12]
CHR Extension: (macpddegmcklbbnbdemccckkmhaegdlf) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\macpddegmcklbbnbdemccckkmhaegdlf [2014-11-25]
CHR Extension: (Google Wallet) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (PAYBACK Internet Assistent für Google Chrome) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbfjbhoglggakhkngkbfehgghkaadeba [2014-09-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-06-07] (Advanced Micro Devices, Inc.) [File not signed]
S4 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [907040 2010-05-10] (Broadcom Corporation.)
R2 CFRDBService; c:\program files\Xcalibur\system\programs\CFRDBService.exe [335923 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [56648 2014-10-29] (Google Inc.)
R2 FinAutoLogOff; c:\program files\Xcalibur\system\programs\FinAutoLogOff.exe [86068 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 Finnigan Security Server; c:\program files\Xcalibur\system\programs\finSS_Server.exe [65536 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-04-30] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Printer Control; C:\windows\system32\PrintCtrl.exe [121856 2012-10-21] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-12] (TuneUp Software)
S4 XPrint-Client-Service; C:\Program Files (x86)\Schomaecker\XPrint-Client\XPrint-Client-Service\XPrint-Client-Service.exe [1501184 2008-09-30] (Schomäcker GmbH) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-29] (Disc Soft Ltd)
S3 hcw66xxx; C:\Windows\System32\Drivers\hcw66x64.sys [753408 2009-06-03] (Hauppauge Computer Works, Inc.)
S3 massfilter_hs; C:\windows\system32\drivers\massfilter_hs.sys [18456 2011-08-15] (HandSet Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [129432 2011-08-15] (ZTE Incorporated)
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
U2 DriverService; No ImagePath
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-27 15:38 - 2014-11-27 15:38 - 00854414 _____ () C:\Users\Lena\Downloads\SecurityCheck.exe
2014-11-27 10:56 - 2014-11-27 11:01 - 00004230 _____ () C:\Users\Lena\Act2_output.txt
2014-11-27 08:46 - 2014-11-27 08:46 - 02347384 _____ (ESET) C:\Users\Lena\Downloads\esetsmartinstaller_deu.exe
2014-11-25 19:45 - 2014-11-25 19:45 - 00000000 ____D () C:\windows\ERUNT
2014-11-25 19:44 - 2014-11-25 19:44 - 01707532 _____ (Thisisu) C:\Users\Lena\Downloads\JRT.exe
2014-11-25 11:43 - 2014-11-25 19:20 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-25 11:43 - 2014-11-25 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-25 11:42 - 2014-11-25 11:43 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-25 11:42 - 2014-11-25 11:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-25 11:42 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-25 11:42 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-25 11:42 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-11-25 11:31 - 2014-11-21 13:20 - 00001465 _____ () C:\Users\Lena\Desktop\Internet Explorer (No Add-ons).lnk
2014-11-25 11:26 - 2014-11-27 15:51 - 00000000 ____D () C:\Users\Lena\Desktop\Virus
2014-11-25 10:27 - 2014-11-25 10:27 - 00380416 _____ () C:\Users\Lena\Downloads\Gmer-19357.exe
2014-11-25 10:17 - 2014-11-27 15:52 - 00000000 ____D () C:\FRST
2014-11-25 10:15 - 2014-11-25 10:15 - 00000168 _____ () C:\Users\Lena\defogger_reenable
2014-11-25 10:14 - 2014-11-25 10:14 - 00000000 __SHD () C:\Users\Lena\AppData\Local\EmieBrowserModeList
2014-11-25 10:12 - 2014-11-25 10:12 - 01029608 _____ () C:\Users\Lena\Downloads\Setup v2 1.exe
2014-11-24 13:52 - 2014-11-24 13:52 - 00175910 _____ () C:\Users\Lena\Downloads\unterbrochene_yachse.zip
2014-11-21 13:59 - 2014-11-21 13:59 - 02140160 _____ () C:\Users\Lena\Downloads\adwcleaner_4.101 (1).exe
2014-11-21 13:41 - 2014-11-21 13:43 - 00000557 _____ () C:\Users\Lena\Downloads\zdf_hdflash_none-f.akamaihd.net15754379.f4f
2014-11-21 13:41 - 2014-11-21 13:41 - 01742260 _____ () C:\Users\Lena\Downloads\neomagazin141120.flv
2014-11-21 13:39 - 2014-11-25 19:39 - 00000000 ____D () C:\AdwCleaner
2014-11-21 13:18 - 2014-11-21 13:18 - 00003146 _____ () C:\windows\System32\Tasks\{C588A2D1-8070-4EFA-B632-BE83B414FE31}
2014-11-21 12:31 - 2014-11-21 13:54 - 01740800 _____ () C:\Users\Lena\Downloads\zdf_hdflash_none-f.akamaihd.net11589865.f4f
2014-11-21 12:29 - 2014-11-21 12:29 - 00000000 ____D () C:\Users\Lena\Downloads\streamtransport_1.1.6.2
2014-11-21 12:28 - 2014-11-21 12:29 - 17805707 _____ () C:\Users\Lena\Downloads\streamtransport_1.1.6.2 (1).zip
2014-11-21 12:28 - 2014-11-21 12:28 - 17805707 _____ () C:\Users\Lena\Downloads\streamtransport_1.1.6.2.zip
2014-11-19 15:33 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-19 15:33 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-19 15:33 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-19 15:33 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-16 16:21 - 2014-11-16 16:22 - 1356902800 _____ () C:\Users\Lena\Desktop\Gute_Zeiten_schlechte_Zeiten_14.11.15_10-10_rtl_155_TVOON_DE.mpg.avi
2014-11-14 13:49 - 2014-11-14 13:50 - 03462033 _____ () C:\Users\Lena\Downloads\pci_4filerecovery.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-14 12:05 - 2014-11-14 12:06 - 00638888 _____ (Oracle Corporation) C:\Users\Lena\Downloads\chromeinstall-8u25 (1).exe
2014-11-14 12:05 - 2014-11-14 12:05 - 00638888 _____ (Oracle Corporation) C:\Users\Lena\Downloads\chromeinstall-8u25.exe
2014-11-13 08:40 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-13 08:40 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-13 08:40 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-13 08:40 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-13 08:40 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-11-13 08:40 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-13 08:40 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-13 08:40 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-11-13 08:40 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-11-13 08:40 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-13 08:40 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-13 08:40 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-13 08:40 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-13 08:40 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-13 08:40 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-11-13 08:40 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-11-13 08:40 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-13 08:40 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-13 08:40 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-13 08:40 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-13 08:40 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-13 08:40 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-13 08:40 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-11-13 08:40 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-13 08:40 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-11-13 08:40 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 08:40 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-13 08:40 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-13 08:40 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-13 08:40 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-13 08:40 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-13 08:40 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-13 08:40 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-13 08:40 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-11-13 08:40 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-13 08:40 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-13 08:40 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 08:40 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-13 08:40 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-13 08:40 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-11-13 08:40 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-13 08:40 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-13 08:40 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-13 08:40 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-13 08:40 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-13 08:40 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-13 08:40 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-13 08:40 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-13 08:40 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-11-13 08:40 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-13 08:40 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-13 08:40 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-13 08:40 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-13 08:40 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-13 08:40 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-13 08:40 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-11-13 08:40 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-13 08:40 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-13 08:40 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-13 08:40 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-13 08:40 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-13 08:40 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-13 08:40 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-13 08:40 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-13 08:40 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-13 08:40 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-13 08:40 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-13 08:40 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-13 08:39 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-13 08:39 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-13 08:39 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-13 08:39 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-13 08:39 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-13 08:38 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-13 08:38 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-13 08:38 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-13 08:38 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-13 08:38 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-13 08:38 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-13 08:38 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-13 08:37 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-13 08:37 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-13 08:32 - 2014-11-13 09:23 - 00000000 ____D () C:\Users\Lena\Desktop\an pascal
2014-11-13 08:27 - 2014-11-27 08:56 - 00000000 ____D () C:\Users\Lena\Desktop\Kram
2014-11-09 01:41 - 2014-11-09 01:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-09 01:41 - 2014-11-09 01:41 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-09 01:15 - 2014-11-16 16:22 - 00000697 _____ () C:\Users\Lena\Desktop\MultidecoderLog.log
2014-11-09 01:15 - 2014-11-09 01:17 - 1319788244 _____ () C:\Users\Lena\Downloads\Gute_Zeiten_schlechte_Zeiten_14.11.08_10-00_rtl_150_TVOON_DE.mpg.avi
2014-11-09 00:14 - 2014-11-09 00:14 - 00000000 ____D () C:\Users\Lena\Downloads\OTRDecoder_2.0.0.22
2014-11-09 00:14 - 2012-08-13 15:54 - 06623232 _____ (© onlinetvrecorder.com) C:\Users\Lena\Desktop\2009Decoder.exe
2014-11-09 00:13 - 2014-11-09 00:13 - 02082889 _____ () C:\Users\Lena\Downloads\OTRDecoder_2.0.0.22.zip
2014-11-09 00:11 - 2014-11-09 01:14 - 1319788766 _____ () C:\Users\Lena\Downloads\Gute_Zeiten_schlechte_Zeiten_14.11.08_10-00_rtl_150_TVOON_DE.mpg.avi.otrkey
2014-11-07 13:43 - 2014-11-07 13:46 - 00000000 ____D () C:\Users\Lena\Downloads\Dateiordner_MM_14_-_Katalyse
2014-11-07 13:42 - 2014-11-07 13:42 - 00062640 _____ () C:\Users\Lena\Downloads\Dateiordner_MM_14_-_Katalyse.zip
2014-11-01 16:27 - 2014-11-01 16:28 - 00000000 ____D () C:\Users\Lena\Desktop\Jan
2014-10-28 12:53 - 2014-10-28 13:40 - 00000000 ____D () C:\Users\Lena\Downloads\wish i was evo

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-27 15:44 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-27 15:44 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-27 15:41 - 2011-11-24 08:59 - 00902016 _____ () C:\windows\system32\TPHDLOG0.LOG
2014-11-27 15:41 - 2011-11-24 08:19 - 01282889 _____ () C:\windows\WindowsUpdate.log
2014-11-27 15:06 - 2011-11-24 09:17 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-27 14:57 - 2012-08-12 17:55 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-27 10:56 - 2012-02-01 23:10 - 00000000 ____D () C:\Users\Lena
2014-11-27 10:55 - 2014-07-14 14:00 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\GWB
2014-11-27 08:56 - 2011-11-24 08:59 - 01419520 _____ () C:\windows\system32\TPAPSLOG.LOG
2014-11-27 08:46 - 2011-11-15 23:13 - 22782784 _____ () C:\windows\system32\perfh007.dat
2014-11-27 08:46 - 2011-11-15 23:13 - 07247160 _____ () C:\windows\system32\perfc007.dat
2014-11-27 08:46 - 2009-07-14 06:13 - 00782552 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-27 08:45 - 2012-02-03 21:08 - 00000000 ___RD () C:\Users\Lena\Dropbox
2014-11-27 08:44 - 2012-02-03 21:05 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Dropbox
2014-11-27 08:41 - 2011-11-24 09:17 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-27 08:41 - 2011-11-24 09:07 - 00157529 _____ () C:\windows\system32\fastboot.set
2014-11-27 08:41 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-27 08:41 - 2009-07-14 05:51 - 00180202 _____ () C:\windows\setupact.log
2014-11-26 15:57 - 2012-08-12 17:55 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 15:57 - 2012-04-26 15:09 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 15:57 - 2012-02-02 22:52 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 14:26 - 2014-06-02 12:35 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{4B3F3E2B-693F-40FB-8136-4BD97FE2FB88}
2014-11-25 19:40 - 2010-11-21 04:47 - 00388690 _____ () C:\windows\PFRO.log
2014-11-21 15:16 - 2012-02-05 13:52 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\vlc
2014-11-21 13:31 - 2011-11-24 08:34 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-11-21 13:20 - 2012-02-01 23:11 - 00001421 _____ () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-19 15:20 - 2011-11-24 09:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-16 08:38 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-11-16 07:01 - 2011-11-24 09:17 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 07:01 - 2011-11-24 09:17 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-16 06:47 - 2012-02-03 21:07 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 12:57 - 2012-07-24 12:46 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-14 12:11 - 2014-03-21 14:31 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-11-14 12:11 - 2014-03-21 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-14 12:10 - 2014-03-21 14:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-13 15:29 - 2009-07-14 05:45 - 00466800 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-13 15:28 - 2014-05-06 15:30 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-13 14:19 - 2012-02-02 23:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 14:15 - 2013-07-17 16:08 - 00000000 ____D () C:\windows\system32\MRT
2014-11-13 14:07 - 2012-02-07 13:41 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-13 09:40 - 2012-02-02 23:43 - 00000000 ____D () C:\Users\Lena\AppData\Local\Microsoft Help
2014-11-13 08:30 - 2012-02-02 22:05 - 00000000 ____D () C:\Users\Lena\Desktop\Uni - aktuell
2014-11-09 11:47 - 2014-01-20 19:53 - 00003694 _____ () C:\windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-11-09 01:41 - 2012-02-03 22:49 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-04 13:40 - 2012-02-02 23:17 - 00002106 _____ () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk
2014-11-01 19:05 - 2014-09-09 18:34 - 00000000 ____D () C:\ProgramData\Origin
2014-11-01 16:38 - 2014-09-09 18:34 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-01 16:28 - 2012-02-02 21:42 - 00000000 ____D () C:\Users\Lena\Desktop\Temp
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Lena\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxj89ym.dll
C:\Users\Lena\AppData\Local\Temp\Quarantine.exe
C:\Users\Lena\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 21:26

==================== End Of Log ============================
         
Leider bestehen immer noch Probleme. Wenn ich Chrome öffne und die Google Startseite geöffnet habe sehe ich oben in der Browserzeile ein Schutzschild-Symbol, dabei steht wenn man die Maus drüber hält: "This page includes script from unauthenticated sources.".
Gehe ich auf chip.de zeigt Adblock 68 geblockte Inhalte an und auf der rechten Seite sehe ich so eine Art Popup-Werbefenster, welches schon ganz zu Anfang des Adware-Befalls immer auftauchte (unten dran steht "Bereitgestellt von Info" oder "ads by Info").
Sobald ich auf irgendeiner Seite auf einen Link klicke öffnet sich eine Adware-Seite., zB:
hxxp://fugupdates106.com/lp/...
hxxp://de.reimageplus.com/lp/...

Da Chrome ja unbenutzbar durch die Adware ist und ich nach 2 Tagen Internet Explorer von diesem (der aber nicht betroffen ist) nur noch angenervt bin habe ich mir Firefox runtergeladen.
Leider treten die Adware-Probleme bei dem auch sofort auf...


Alt 29.11.2014, 08:32   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Malware und Adware Befall nach Installation von "StreamTransport" - Standard

Malware und Adware Befall nach Installation von "StreamTransport"



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52051;https=127.0.0.1:52051
FF Extension: No Name - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\extensions\tylerkeith11@aol.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




FRST öffnen, Haken setzen bei Addition und scannen, poste bitte beide Logfiles.
__________________
--> Malware und Adware Befall nach Installation von "StreamTransport"

Alt 30.11.2014, 11:43   #7
Funchameleon
 
Malware und Adware Befall nach Installation von "StreamTransport" - Standard

Malware und Adware Befall nach Installation von "StreamTransport"



Fixlog:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01
Ran by Lena at 2014-11-30 12:24:20 Run:1
Running from C:\Users\Lena\Downloads
Loaded Profile: Lena (Available profiles: Lena)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52051;https=127.0.0.1:52051
FF Extension: No Name - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\extensions\tylerkeith11@aol.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Emptytemp:
         
*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\extensions\tylerkeith11@aol.com not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
EmptyTemp: => Removed 663.2 MB temporary data.


The system needed a reboot. 

==== End of Fixlog ====
         
FRST:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by Lena (administrator) on LENA-PC on 30-11-2014 12:30:22
Running from C:\Users\Lena\Downloads
Loaded Profile: Lena (Available profiles: Lena)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\CFRDBService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\FinAutoLogOff.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\finSS_Server.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) C:\Windows\System32\PrintCtrl.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe
(Lenovo.) C:\Windows\System32\TPHDEXLG64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Wistron Corp.) C:\Program Files\CapsLK OSD\64\Capsosd.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2396968 2010-10-21] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\System32\TpShocks.exe [231328 2010-03-15] (Lenovo.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-11-24] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-11-24] (Lenovo(beijing) Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [PrintDisp] => C:\windows\system32\PrintDisp.exe [870400 2012-10-29] (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
HKLM\...\Run: [{BA1E422A-80A8-4AA0-B67B-CAA3D04C5162}] => C:\Program Files\CapsLK OSD\64\CAPSOSD.EXE [3699752 2010-10-25] (Wistron Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {23d88e2a-447e-11e4-87cc-f0def1a76e65} - F:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {3fe04515-d644-11e1-ac8e-f0def1a76e65} - E:\Startme.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {3fe04581-d644-11e1-ac8e-f0def1a76e65} - E:\Startme.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {43d7657b-4fda-11e1-a7cf-f0def1a76e65} - E:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {43d765bf-4fda-11e1-a7cf-f0def1a76e65} - E:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {82f4e8e7-8611-11e1-bcf1-806e6f6e6963} - G:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {ab275ee6-4e9f-11e1-ab3c-f0def1a76e65} - G:\Windows\CHECK\DriveNavigator.exe
IFEO\btwuiext.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\effectextractor.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\youcam.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {8C253AA9-4BE6-4BBE-AB53-B530F0B00EA0} => C:\windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {8C253AA9-4BE6-4BBE-AB53-B530F0B00EA0} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52051;https=127.0.0.1:52051
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{78766EAF-1FF5-492F-97B3-AB9B54FB7625}: [NameServer] 134.106.40.3,134.106.49.2

FireFox:
========
FF ProfilePath: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default
FF DefaultSearchEngine: Wikipedia (de)
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: imagessnarkcoil - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\images@snark.co.il [2014-11-25]
FF Extension: Adblock Plus - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-02-05]
FF Extension: Tab Mix Plus - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-02-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-24]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-03]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (Google Cast) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-05-01]
CHR Extension: (Adblock Plus) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-09-22]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-05-01]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-05-01]
CHR Extension: (AdBlock) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-09-12]
CHR Extension: (Wikipedia Search) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipakennkogpodadpikgipnogamhklmk [2012-09-12]
CHR Extension: (macpddegmcklbbnbdemccckkmhaegdlf) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\macpddegmcklbbnbdemccckkmhaegdlf [2014-11-25]
CHR Extension: (Google Wallet) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (PAYBACK Internet Assistent für Google Chrome) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbfjbhoglggakhkngkbfehgghkaadeba [2014-09-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-06-07] (Advanced Micro Devices, Inc.) [File not signed]
S4 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [907040 2010-05-10] (Broadcom Corporation.)
R2 CFRDBService; c:\program files\Xcalibur\system\programs\CFRDBService.exe [335923 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [56648 2014-10-29] (Google Inc.)
R2 FinAutoLogOff; c:\program files\Xcalibur\system\programs\FinAutoLogOff.exe [86068 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 Finnigan Security Server; c:\program files\Xcalibur\system\programs\finSS_Server.exe [65536 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-04-30] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Printer Control; C:\windows\system32\PrintCtrl.exe [121856 2012-10-21] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-12] (TuneUp Software)
S4 XPrint-Client-Service; C:\Program Files (x86)\Schomaecker\XPrint-Client\XPrint-Client-Service\XPrint-Client-Service.exe [1501184 2008-09-30] (Schomäcker GmbH) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-29] (Disc Soft Ltd)
S3 hcw66xxx; C:\Windows\System32\Drivers\hcw66x64.sys [753408 2009-06-03] (Hauppauge Computer Works, Inc.)
S3 massfilter_hs; C:\windows\system32\drivers\massfilter_hs.sys [18456 2011-08-15] (HandSet Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [129432 2011-08-15] (ZTE Incorporated)
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
U2 DriverService; No ImagePath
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-30 12:30 - 2014-11-30 12:32 - 00021623 _____ () C:\Users\Lena\Downloads\FRST.txt
2014-11-30 12:23 - 2014-11-30 12:23 - 02117632 _____ (Farbar) C:\Users\Lena\Downloads\FRST64.exe
2014-11-27 15:38 - 2014-11-27 15:38 - 00854414 _____ () C:\Users\Lena\Downloads\SecurityCheck.exe
2014-11-27 10:56 - 2014-11-27 11:01 - 00004230 _____ () C:\Users\Lena\Act2_output.txt
2014-11-27 08:46 - 2014-11-27 08:46 - 02347384 _____ (ESET) C:\Users\Lena\Downloads\esetsmartinstaller_deu.exe
2014-11-25 19:45 - 2014-11-25 19:45 - 00000000 ____D () C:\windows\ERUNT
2014-11-25 19:44 - 2014-11-25 19:44 - 01707532 _____ (Thisisu) C:\Users\Lena\Downloads\JRT.exe
2014-11-25 11:43 - 2014-11-25 19:20 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-25 11:43 - 2014-11-25 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-25 11:42 - 2014-11-25 11:43 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-25 11:42 - 2014-11-25 11:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-25 11:42 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-25 11:42 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-25 11:42 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-11-25 11:31 - 2014-11-21 13:20 - 00001465 _____ () C:\Users\Lena\Desktop\Internet Explorer (No Add-ons).lnk
2014-11-25 11:26 - 2014-11-30 12:30 - 00000000 ____D () C:\Users\Lena\Desktop\Virus
2014-11-25 10:27 - 2014-11-25 10:27 - 00380416 _____ () C:\Users\Lena\Downloads\Gmer-19357.exe
2014-11-25 10:17 - 2014-11-30 12:30 - 00000000 ____D () C:\FRST
2014-11-25 10:15 - 2014-11-25 10:15 - 00000168 _____ () C:\Users\Lena\defogger_reenable
2014-11-25 10:14 - 2014-11-25 10:14 - 00000000 __SHD () C:\Users\Lena\AppData\Local\EmieBrowserModeList
2014-11-25 10:12 - 2014-11-25 10:12 - 01029608 _____ () C:\Users\Lena\Downloads\Setup v2 1.exe
2014-11-24 13:52 - 2014-11-24 13:52 - 00175910 _____ () C:\Users\Lena\Downloads\unterbrochene_yachse.zip
2014-11-21 13:59 - 2014-11-21 13:59 - 02140160 _____ () C:\Users\Lena\Downloads\adwcleaner_4.101 (1).exe
2014-11-21 13:41 - 2014-11-21 13:43 - 00000557 _____ () C:\Users\Lena\Downloads\zdf_hdflash_none-f.akamaihd.net15754379.f4f
2014-11-21 13:41 - 2014-11-21 13:41 - 01742260 _____ () C:\Users\Lena\Downloads\neomagazin141120.flv
2014-11-21 13:39 - 2014-11-28 13:52 - 00000000 ____D () C:\AdwCleaner
2014-11-21 13:18 - 2014-11-21 13:18 - 00003146 _____ () C:\windows\System32\Tasks\{C588A2D1-8070-4EFA-B632-BE83B414FE31}
2014-11-21 12:31 - 2014-11-21 13:54 - 01740800 _____ () C:\Users\Lena\Downloads\zdf_hdflash_none-f.akamaihd.net11589865.f4f
2014-11-21 12:29 - 2014-11-21 12:29 - 00000000 ____D () C:\Users\Lena\Downloads\streamtransport_1.1.6.2
2014-11-21 12:28 - 2014-11-21 12:29 - 17805707 _____ () C:\Users\Lena\Downloads\streamtransport_1.1.6.2 (1).zip
2014-11-21 12:28 - 2014-11-21 12:28 - 17805707 _____ () C:\Users\Lena\Downloads\streamtransport_1.1.6.2.zip
2014-11-19 15:33 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-19 15:33 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-19 15:33 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-19 15:33 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-16 16:21 - 2014-11-16 16:22 - 1356902800 _____ () C:\Users\Lena\Desktop\Gute_Zeiten_schlechte_Zeiten_14.11.15_10-10_rtl_155_TVOON_DE.mpg.avi
2014-11-14 13:49 - 2014-11-14 13:50 - 03462033 _____ () C:\Users\Lena\Downloads\pci_4filerecovery.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-14 12:05 - 2014-11-14 12:06 - 00638888 _____ (Oracle Corporation) C:\Users\Lena\Downloads\chromeinstall-8u25 (1).exe
2014-11-14 12:05 - 2014-11-14 12:05 - 00638888 _____ (Oracle Corporation) C:\Users\Lena\Downloads\chromeinstall-8u25.exe
2014-11-13 08:40 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-13 08:40 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-13 08:40 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-13 08:40 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-13 08:40 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-11-13 08:40 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-13 08:40 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-13 08:40 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-11-13 08:40 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-11-13 08:40 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-13 08:40 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-13 08:40 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-13 08:40 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-13 08:40 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-13 08:40 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-11-13 08:40 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-11-13 08:40 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-13 08:40 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-13 08:40 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-13 08:40 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-13 08:40 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-13 08:40 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-13 08:40 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-11-13 08:40 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-13 08:40 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-11-13 08:40 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 08:40 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-13 08:40 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-13 08:40 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-13 08:40 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-13 08:40 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-13 08:40 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-13 08:40 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-13 08:40 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-11-13 08:40 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-13 08:40 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-13 08:40 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 08:40 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-13 08:40 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-13 08:40 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-11-13 08:40 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-13 08:40 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-13 08:40 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-13 08:40 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-13 08:40 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-13 08:40 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-13 08:40 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-13 08:40 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-13 08:40 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-11-13 08:40 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-13 08:40 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-13 08:40 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-13 08:40 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-13 08:40 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-13 08:40 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-13 08:40 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-11-13 08:40 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-13 08:40 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-13 08:40 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-13 08:40 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-13 08:40 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-13 08:40 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-13 08:40 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-13 08:40 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-13 08:40 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-13 08:40 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-13 08:40 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-13 08:40 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-13 08:39 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-13 08:39 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-13 08:39 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-13 08:39 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-13 08:39 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-13 08:38 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-13 08:38 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-13 08:38 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-13 08:38 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-13 08:38 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-13 08:38 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-13 08:38 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-13 08:37 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-13 08:37 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-13 08:32 - 2014-11-13 09:23 - 00000000 ____D () C:\Users\Lena\Desktop\an pascal
2014-11-13 08:27 - 2014-11-28 15:34 - 00000000 ____D () C:\Users\Lena\Desktop\Kram
2014-11-09 01:41 - 2014-11-09 01:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-09 01:41 - 2014-11-09 01:41 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-09 01:15 - 2014-11-16 16:22 - 00000697 _____ () C:\Users\Lena\Desktop\MultidecoderLog.log
2014-11-09 01:15 - 2014-11-09 01:17 - 1319788244 _____ () C:\Users\Lena\Downloads\Gute_Zeiten_schlechte_Zeiten_14.11.08_10-00_rtl_150_TVOON_DE.mpg.avi
2014-11-09 00:14 - 2014-11-09 00:14 - 00000000 ____D () C:\Users\Lena\Downloads\OTRDecoder_2.0.0.22
2014-11-09 00:14 - 2012-08-13 15:54 - 06623232 _____ (© onlinetvrecorder.com) C:\Users\Lena\Desktop\2009Decoder.exe
2014-11-09 00:13 - 2014-11-09 00:13 - 02082889 _____ () C:\Users\Lena\Downloads\OTRDecoder_2.0.0.22.zip
2014-11-09 00:11 - 2014-11-09 01:14 - 1319788766 _____ () C:\Users\Lena\Downloads\Gute_Zeiten_schlechte_Zeiten_14.11.08_10-00_rtl_150_TVOON_DE.mpg.avi.otrkey
2014-11-07 13:43 - 2014-11-07 13:46 - 00000000 ____D () C:\Users\Lena\Downloads\Dateiordner_MM_14_-_Katalyse
2014-11-07 13:42 - 2014-11-07 13:42 - 00062640 _____ () C:\Users\Lena\Downloads\Dateiordner_MM_14_-_Katalyse.zip
2014-11-01 16:27 - 2014-11-01 16:28 - 00000000 ____D () C:\Users\Lena\Desktop\Jan

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-30 12:30 - 2012-02-03 21:08 - 00000000 ___RD () C:\Users\Lena\Dropbox
2014-11-30 12:30 - 2012-02-03 21:05 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Dropbox
2014-11-30 12:29 - 2011-11-24 09:07 - 00130329 _____ () C:\windows\system32\fastboot.set
2014-11-30 12:28 - 2011-11-24 09:17 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-30 12:28 - 2011-11-24 08:59 - 00903424 _____ () C:\windows\system32\TPHDLOG0.LOG
2014-11-30 12:28 - 2010-11-21 04:47 - 00399904 _____ () C:\windows\PFRO.log
2014-11-30 12:28 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-30 12:28 - 2009-07-14 05:51 - 00180538 _____ () C:\windows\setupact.log
2014-11-30 12:27 - 2011-11-24 08:19 - 01404506 _____ () C:\windows\WindowsUpdate.log
2014-11-30 12:22 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-30 12:22 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-30 12:19 - 2011-11-15 23:13 - 22841952 _____ () C:\windows\system32\perfh007.dat
2014-11-30 12:19 - 2011-11-15 23:13 - 07266104 _____ () C:\windows\system32\perfc007.dat
2014-11-30 12:19 - 2009-07-14 06:13 - 00782552 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-30 12:17 - 2014-06-02 12:35 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{4B3F3E2B-693F-40FB-8136-4BD97FE2FB88}
2014-11-30 12:15 - 2011-11-24 08:59 - 01420224 _____ () C:\windows\system32\TPAPSLOG.LOG
2014-11-28 14:06 - 2011-11-24 09:17 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-28 13:57 - 2012-08-12 17:55 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-28 13:52 - 2012-02-01 23:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-28 13:31 - 2012-02-01 23:57 - 00000000 ____D () C:\Users\Lena\AppData\Local\Mozilla
2014-11-27 10:56 - 2012-02-01 23:10 - 00000000 ____D () C:\Users\Lena
2014-11-27 10:55 - 2014-07-14 14:00 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\GWB
2014-11-26 15:57 - 2012-08-12 17:55 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 15:57 - 2012-04-26 15:09 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 15:57 - 2012-02-02 22:52 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-21 15:16 - 2012-02-05 13:52 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\vlc
2014-11-21 13:31 - 2011-11-24 08:34 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-11-21 13:20 - 2012-02-01 23:11 - 00001421 _____ () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-19 15:20 - 2011-11-24 09:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-16 08:38 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-11-16 07:01 - 2011-11-24 09:17 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 07:01 - 2011-11-24 09:17 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-16 06:47 - 2012-02-03 21:07 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 12:57 - 2012-07-24 12:46 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-14 12:11 - 2014-03-21 14:31 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-11-14 12:11 - 2014-03-21 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-14 12:10 - 2014-03-21 14:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-13 15:29 - 2009-07-14 05:45 - 00466800 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-13 15:28 - 2014-05-06 15:30 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-13 14:19 - 2012-02-02 23:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 14:15 - 2013-07-17 16:08 - 00000000 ____D () C:\windows\system32\MRT
2014-11-13 14:07 - 2012-02-07 13:41 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-13 09:40 - 2012-02-02 23:43 - 00000000 ____D () C:\Users\Lena\AppData\Local\Microsoft Help
2014-11-13 08:30 - 2012-02-02 22:05 - 00000000 ____D () C:\Users\Lena\Desktop\Uni - aktuell
2014-11-09 11:47 - 2014-01-20 19:53 - 00003694 _____ () C:\windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-11-09 01:41 - 2012-02-03 22:49 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-04 13:40 - 2012-02-02 23:17 - 00002106 _____ () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk
2014-11-01 19:05 - 2014-09-09 18:34 - 00000000 ____D () C:\ProgramData\Origin
2014-11-01 16:38 - 2014-09-09 18:34 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-01 16:28 - 2012-02-02 21:42 - 00000000 ____D () C:\Users\Lena\Desktop\Temp

Some content of TEMP:
====================
C:\Users\Lena\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpabtb9n.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 21:26

==================== End Of Log ============================
         
Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
Ran by Lena at 2014-11-30 12:33:39
Running from C:\Users\Lena\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
Active Protection System (HKLM-x32\...\{F493761C-E465-4B9E-9FC1-A312F161DE0A}) (Version: 1.70.11 - Lenovo)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
ATI AVIVO64 Codecs (Version: 11.6.0.10607 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{D119A8C4-21EE-9FE3-F63F-2A18FFA66B02}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Benutzerhandbuch (x32 Version: 1.0.0.6 - Lenovo) Hidden
CambridgeSoft ChemBioDraw Ultra 13.0 (HKLM-x32\...\{8A6A245D-D0CE-477F-A5D0-8F339B4FF921}) (Version: 13.0 - CambridgeSoft Corporation)
Canon MP530 (HKLM\...\{3215EBED-1D06-42fb-A05C-A752A46FB24C}) (Version:  - )
CapsLK OSD (HKLM-x32\...\{BA1E422A-80A8-4AA0-B67B-CAA3D04C5162}) (Version: 1.01 - Wistron Corporation)
Chrome Remote Desktop Host (HKLM-x32\...\{8432E4EF-ABFB-48C8-B77B-24728E71D3DD}) (Version: 39.0.2171.46 - Google Inc.)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.48.0.0 - Conexant)
Cool Edit Pro 2.1 (HKLM-x32\...\Cool Edit Pro 2.1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Die Sims 4 Digital Deluxe Edition MULTi2 1.0 (HKLM-x32\...\Die Sims 4 Digital Deluxe Edition MULTi2 1.0) (Version:  - )
Dropbox (HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.1.0.7705 - Thomson Reuters)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.0 - Lenovo)
Energy Management (x32 Version: 6.0.2.0 - Lenovo) Hidden
Geochemical Data Toolkit (GCDkit) version 3.00 (HKLM-x32\...\GCDkit_is1) (Version: 3.00 - Vojtech Janousek)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2066.1.9B05 - )
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KaleidaGraph 4.0 (HKLM-x32\...\KaleidaGraph 4.0) (Version:  - )
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.2100 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1119.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.5 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 3.1.14.0 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - Croatian/Hrvatski (HKLM\...\Office14.OMUI.hr-hr) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - German/Deutsch (HKLM\...\Office14.OMUI.de-de) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{CE94C252-25AD-41A0-97B6-DD4F0E886F26}) (Version: 8.5.3.14 - Nitro)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Origin 8G (HKLM-x32\...\{A912021A-FEDD-4DA3-8DB4-245EBDA84778}) (Version: 8.0 - OriginLabCorporation)
Origin8 (x32 Version: 8.00.000 - OriginLab) Hidden
PowerXpressHybrid (x32 Version: 1.00.0000 - ATI) Hidden
R for Windows 2.13.2 (HKLM\...\R for Windows 2.13.2_is1) (Version: 2.13.2 - R Development Core Team)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - Thomson Reuters)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 64-Bit Edition (HKLM\...\{90140000-0100-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{F8F9897A-AA29-43EB-8847-94E0253CD458}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 64-Bit Edition (HKLM\...\{90140000-0100-041A-1000-0000000FF1CE}_Office14.OMUI.hr-hr_{F23A8864-BE36-42E6-B561-602F6D97F8B0}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.20.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
The Geochemist's Workbench® Student (64-bit) (HKLM\...\The Geochemist's Workbench® Student) (Version: 10.0.2 - Aqueous Solutions LLC)
Trillian (HKLM-x32\...\Trillian) (Version:  - )
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.143 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.143 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.143 - TuneUp Software) Hidden
Ulead PhotoImpact X3 (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 1.00.0000 - Corel)
Ulead PhotoImpact X3 (x32 Version: 1.00.0000 - Corel) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{3D46565E-4D02-11E3-A75C-F04DA23A5C58}) (Version: 12.0.765 - Sony)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Vokabel Trainer 5 (HKLM-x32\...\{5E0D2061-86AB-4B83-A671-A0BF3FF1537B}_is1) (Version:  - Manuel Wäschle)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows-Treiberpaket - Silicon Laboratories (silabenm) Ports  (10/18/2013 6.6.1.0) (HKLM\...\F92C2D6CB4EA0EE558BDF5F8BDD69083DFC62179) (Version: 10/18/2013 6.6.1.0 - Silicon Laboratories)
WinRAR 4.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
Wuala (HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\Wuala) (Version: 1.0.400.0 - LaCie)
Wuala CBFS (HKLM-x32\...\Wuala CBFS) (Version: 3.2.107.0 - LaCie)
Wuala OverlayIcons (HKLM-x32\...\Wuala OverlayIcons) (Version: 1.0.0.2 - LaCie)
Xcalibur (HKLM-x32\...\{2E6EE352-C3CB-49F3-8E8F-7D2ECD851025}) (Version: 2.0 - Thermo Electron Corporation)
Xcalibur (HKLM-x32\...\Xcalibur) (Version:  - )
X-Print 4.0 Client (HKLM-x32\...\X-Print Client Uni Oldenburg_is1) (Version:  - Schomaecker GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

13-11-2014 13:04:27 Windows Update
18-11-2014 07:58:36 Windows Update
19-11-2014 15:56:36 Windows Update
24-11-2014 07:27:44 Windows Update
27-11-2014 22:06:36 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2013-12-19 16:20 - 00000990 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 secure.tune-up.com
127.0.0.1 order.tune-up.com 
127.0.0.1 tune-up.com 
127.0.0.1 tune-up.com/order 
127.0.0.1 registertuneup.com 
127.0.0.1 tuneup.de


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00E7614F-7E48-41CD-95E7-3F54ED4CE7B8} - System32\Tasks\{4020507A-ED5B-4C77-A26D-CB0874B79107} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {06FC69B4-BFBD-448F-AAB0-078F055B0D96} - System32\Tasks\{01DE917C-5949-4F01-83C0-03D6F0BB1724} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {0AC0427F-260F-4A27-A21F-684A632E3C1F} - System32\Tasks\{F2CD06AA-430C-420E-988B-96B4D24127E2} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {0C3748FE-3015-4409-8537-94E5A93EE163} - System32\Tasks\{08782E88-905D-4254-9B32-8110EFAC79C7} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {0EBF0398-71E9-4893-B257-54DF2638F34E} - System32\Tasks\{3EAA1582-32CC-48DB-8E68-05F27365DE70} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {14515E65-BDEC-46A6-ACF4-D7B8303CB74B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {1B365D98-FBC9-4D3C-A52E-3E24E61C6E2B} - System32\Tasks\{8576B14E-635C-4B11-BF46-828566916692} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {227872E2-C365-4E46-BB70-0E0A329A0131} - System32\Tasks\{AEEC5FEA-4964-43E4-B38A-FD3E109BEE37} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {24F7D27B-20BD-4673-90C9-6E7F237D4D6C} - System32\Tasks\{CB4F2896-9C21-403A-B127-7AF9515BBE21} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {266EA990-56F5-4F8D-8B6F-589C592F8D87} - System32\Tasks\{3006EAE6-D769-4AA0-9A54-19B04DF2B63C} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {299FA769-AA1B-4578-B039-A002FAA37C0F} - System32\Tasks\{D0A8A544-2466-48D3-A2D9-6CF7AA90BF6A} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {2C1E9FA6-9B55-4696-82C1-97505848CC62} - System32\Tasks\{D561BCFC-3B3E-4CE5-9C48-03B99780356D} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {33E36C43-594E-483F-968D-013D1A8A4CD4} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {348BC2D3-EBC4-42AB-9F44-59213BAE62D2} - System32\Tasks\{249874D2-B1C9-4DC7-AA00-D2B049EA2541} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {34E1DD06-F07B-45A3-AE98-5E5D6F04D1C8} - System32\Tasks\{22771F33-5DD5-4FA5-9A2B-7FDEFDAAA154} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {391C7C80-2F8E-4B26-9C81-546A4CC703A3} - System32\Tasks\{AF49ECC8-1FF1-4C89-8877-D3AED4EB9D29} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {4E75F262-FEF6-4B5F-BF7D-01BE19EBA13D} - System32\Tasks\{19FC3153-0A92-4F4B-A99F-C9ABA2DFDC01} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {50ACBDEE-7FBC-4CAF-A8D1-522D6622D849} - System32\Tasks\{01167FF7-EBD1-410E-B570-C65B8006CB02} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {523CE372-6D9C-4007-81C1-7BD51FD5F2DB} - System32\Tasks\{BBDAA678-02CA-4436-8DCA-FA8514C39505} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {5504C353-4C09-45B7-9E3E-E058F4D8C0BF} - System32\Tasks\{2B0D0EDC-9FB8-40D4-A2C3-B5BFE0CC1F53} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {55D6BEAD-4561-4740-BB44-29A864A9F6F8} - System32\Tasks\{BA392231-58B1-4214-94CD-36C155CC4E97} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {570F1C0C-2CFB-4078-9488-87B487E3E159} - System32\Tasks\{B3B7FE93-261C-4923-AF5C-00C408E8EAE6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {587A52E1-BC58-453F-B31D-61D4D390B13D} - System32\Tasks\{AAC990F9-3A2E-4703-AA6D-C3A4A6CA5F51} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {58C1AE44-135D-4B8C-B800-60F9C6687924} - System32\Tasks\{5DE8D8BB-13A0-4454-BE44-BAF03DA06BF6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {58F3FE2A-DE6F-499C-9D26-A2F6C7AB886E} - System32\Tasks\{A54D0C57-C5D0-4E29-BEB3-CADAA0FD0DB0} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {60FBD709-C038-48D7-A067-BCCDF9F81511} - System32\Tasks\{913F3351-5754-4D31-823E-1E20580D08F5} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {63DE05B4-D775-41AA-85A3-EBEC4AE24D97} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-09-12] (Adobe Systems Incorporated)
Task: {66C90E4D-1392-46C6-8FE7-1AB14C2D877C} - System32\Tasks\{7C186B9B-B67F-46C6-A368-A60C6F24F85B} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6962AF8A-9BD1-4E54-BA76-32D1CDCE3506} - System32\Tasks\{E483989C-7E6D-40B4-8251-918BD76AB8C1} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6A97F3BB-98CE-404D-B9CF-4146C353264C} - System32\Tasks\{A7AFC2C1-1D45-4107-8247-9B4B56E8045F} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6AAFD2DC-69E2-4F0C-BD04-E75A41112ED8} - System32\Tasks\{0BA9020C-4F7A-4F93-9F89-FDD40C38E9CA} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6C6C5D56-98A8-4203-9519-3FB20ED29694} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1212337627-971504644-1430933440-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6CFAF34B-9CE0-43FE-B806-28159EB0BAD7} - System32\Tasks\{EE47BD74-879C-43F0-9391-6284BF34095A} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6F6881F0-3B25-4499-A7BC-FFE5B8B9217A} - System32\Tasks\{109DEE8F-C2B6-405D-AD74-FDF8D790D2B5} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {77D2DE5F-3527-46A6-9968-7FDA9B60C7DC} - System32\Tasks\{BC9228D7-982F-4CBE-8738-9153AA4205C4} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {7914820F-20B4-48B5-99FE-AC8E1BFEE04A} - System32\Tasks\{E9AA7520-FC3A-4EA1-B4C6-CB6C061083CF} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {7EDA1AA7-E47C-49A0-922D-7E09AFC554AD} - System32\Tasks\{2B255C49-9E64-4C59-8BCE-C31EC531D1D2} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {7EF2126F-05E9-4602-B6C7-8223DC9F80A1} - System32\Tasks\{47397D46-CFB4-48CC-97A3-078486CB13FA} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {7FBEA9E5-1A82-46C9-A08D-17D5B9DA750E} - System32\Tasks\{F092AF25-2C88-479A-A42D-5A1431C69F1D} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {83AC4797-54B7-4D04-95DA-38D87FACCC08} - System32\Tasks\{AFF6F41E-FC9B-4FFB-8216-0463AD0F673C} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {86456C99-DF69-4B12-9A6C-EB7335850507} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {86C66B62-3D9A-4A18-B8A5-770AC639F70E} - System32\Tasks\{7D412BCF-BCC3-474F-9FB6-74DF95DBBBA9} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {88C87A12-D22B-4CDA-A2DE-981D5FCF7EFD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {897094FF-C05B-4353-AD0F-4AA94FA3B8B4} - System32\Tasks\{26069290-B482-45FB-87D1-20D01578E95F} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {8CB4E6AF-A41B-4276-A34F-A7ED43C2673D} - System32\Tasks\{41136BC5-7AD2-4278-B3A5-0F38C8B19430} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {8E17507E-3BBF-4DA2-8F5E-284C2F1096CF} - System32\Tasks\{33B1792C-CD7A-48C2-A0CB-FD5A9675311D} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {923BE8F8-FCB1-42E2-901E-B7C32549BB91} - System32\Tasks\{58161606-0679-4D1B-B0A8-8F95A57925DB} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {951B034B-15F7-487A-A9AE-FA9D53290469} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {97888C78-931B-4639-A3B4-949FAEBCBE0D} - System32\Tasks\ESTsoft RunAsStdUser 13956130Task => C:\Program Files (x86)\ESTsoft\ALZip\ALZip.exe
Task: {9845E76E-F1E1-4D79-A82C-436AA59CE056} - System32\Tasks\{CB2A185E-9E1D-447D-9304-C4F8A6EB7AB6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {9D512684-C235-45E1-B839-5BAD68601E6D} - System32\Tasks\{BF84DDEF-17D8-4E7F-8360-B3AEEC843D4F} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {9D694E75-36D4-4F1C-AFC2-617EE9EA55F5} - System32\Tasks\{9BE280A0-C1D2-4790-9E3B-0B7B5B214F1F} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A106E5C3-6B0A-485B-95F4-77AA07354D22} - System32\Tasks\{ADDA7E9B-C494-4596-AC26-172F8F070537} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A19B571E-3D98-4B7B-947E-D1B3F0A16E16} - System32\Tasks\{4565AE61-6D16-4218-A319-6AE82C9889C6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A538BA99-E8F2-40F0-83FC-B8443EB36264} - System32\Tasks\{BABE07E1-AC3D-4C3E-9299-3ED866B08DA5} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A6828F60-3541-4F1F-B7DE-C500EB78264E} - System32\Tasks\{894BBCBE-5D5F-463B-A4AD-BA0A5D457A35} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A9D50511-9116-427D-A9E1-E45C5155EF05} - System32\Tasks\{DB441232-02FE-40A6-8727-76989185FD26} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {AA0418A4-F211-4999-B9DC-2F568FA107E6} - System32\Tasks\{BD14321C-7945-4711-9CE5-AC048BD024FC} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {AAF4B297-F7B7-4CF9-B00A-28CD2409D5C1} - System32\Tasks\{CE686764-6487-4D94-955F-B0A1AD6311F1} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {ABAAA8F6-3BCC-495A-8542-7A52D263EC03} - System32\Tasks\{74C66739-DB18-4A09-BEF6-BD07C5E42630} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {B933231D-8ECA-4DE6-8EB1-F25F478B0F0D} - System32\Tasks\{29EB7EC0-610B-492D-AE41-BB7BC77BBA8B} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {B9355C7E-0414-4364-A545-9CFD07C5AB93} - System32\Tasks\{67656875-8FF7-45D0-9B9C-B935DC0A3B99} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {BAD6127F-DA5B-499F-A762-0F3878DB8518} - System32\Tasks\{9DAA7BA6-E4D0-484A-BBCC-CC97E11D1064} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {BC888F8E-77F6-4E51-9760-1B0CFFEF58A6} - System32\Tasks\{2C24AF76-7016-4308-BACC-19633B0DE882} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {C305FB85-5FBC-4270-BED5-252B6BD2A379} - System32\Tasks\{E13B99C4-DADA-4BA0-A2EA-A630F074A73E} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {C8321C3B-BCCC-4197-B5AE-AF634EB78E57} - System32\Tasks\{3BEE7C77-9EE7-4EBC-9645-DB03B85251CB} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {DA37B859-6CF0-4681-BCA1-58F5FB44EAC3} - System32\Tasks\{1D448051-C7CE-45E1-9958-9144E5D0238B} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E08298BF-6509-44C0-89B8-FFB46654BA28} - System32\Tasks\{B9DF42DC-8DBE-4B35-9A35-B37417B84FBF} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E3B66D5E-B5D4-4362-A390-4AD360E1CA7F} - System32\Tasks\{D7F30625-EC9F-41D8-9F4A-05086D937DD6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E4E0ABB4-A4EB-4F45-A5B8-DFB20C16A902} - System32\Tasks\{7F41E535-FCC2-4689-954B-DBF2EAEE989B} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {EA3FA594-C5AE-401D-B46B-383A132A11B5} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2013-10-12] (TuneUp Software)
Task: {ECDDA82D-B8CB-4FB8-B7B7-1032A7E28721} - System32\Tasks\{F6214170-A254-44AE-9B03-554FC2A1AC41} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {EF82450D-9FEA-4A41-8814-39B1478DB095} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1212337627-971504644-1430933440-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {F00C3D0A-4C75-4DCB-A30E-EB9A485179A2} - System32\Tasks\{C270808F-23A4-4CBA-80DF-99D169A0C119} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F2445EE1-F5D5-4745-A638-25EFF5045E5B} - System32\Tasks\{4646FE01-8E8A-4144-BF7C-FDCE2314C62F} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F6F80E92-2432-4245-BF48-3FAA2F131547} - System32\Tasks\{68627B48-73BD-434C-8CAC-62506298D7E4} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F8787AB1-D908-411C-A623-F79FC8022F6C} - System32\Tasks\{090A20F8-1ACF-4472-9048-4EBAEB5E8E52} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F9D977FB-FE0B-4BAA-8FDD-7F8F3496EB54} - System32\Tasks\{CED677EA-BB9C-4F0C-806E-A9155E01838F} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-02-07 13:24 - 2007-02-09 10:41 - 00014848 _____ () C:\windows\System32\KOAZXJ_L.dll
2011-06-07 23:09 - 2011-06-07 23:09 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2008-12-20 04:20 - 2011-11-24 09:25 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 04:20 - 2011-11-24 09:25 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2013-10-12 02:29 - 2013-10-12 02:29 - 00757048 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2011-11-24 08:49 - 2010-10-25 13:43 - 00015400 _____ () C:\Program Files\CapsLK OSD\64\COKHOOK.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2010-03-23 13:26 - 2010-03-23 13:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2014-11-30 12:29 - 2014-11-30 12:29 - 00043008 _____ () c:\users\lena\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpabtb9n.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Lena\AppData\Roaming\Dropbox\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk => C:\windows\pss\vpngui.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^xprint-client.lnk => C:\windows\pss\xprint-client.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Lena^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Wuala.lnk => C:\windows\pss\Wuala.lnk.Startup
MSCONFIG\startupreg: 332BigDog => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Lenovo EE Boot Optimizer => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
MSCONFIG\startupreg: lxdiamon => "C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe"
MSCONFIG\startupreg: lxdimon.exe => "C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\Lena\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Lena\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: UIExec => "C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe"
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

========================= Accounts: ==========================

Administrator (S-1-5-21-1212337627-971504644-1430933440-500 - Administrator - Disabled)
Gast (S-1-5-21-1212337627-971504644-1430933440-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1212337627-971504644-1430933440-1003 - Limited - Enabled)
Lena (S-1-5-21-1212337627-971504644-1430933440-1001 - Administrator - Enabled) => C:\Users\Lena
Xcalibur_System (S-1-5-21-1212337627-971504644-1430933440-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/30/2014 00:30:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/30/2014 00:23:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/30/2014 00:21:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 61c

Startzeit: 01d00c8ebbc6d7d5

Endzeit: 47

Anwendungspfad: C:\windows\Explorer.EXE

Berichts-ID: 0d28f24b-7883-11e4-ab1b-f0def1a76e65

Error: (11/30/2014 00:19:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (11/30/2014 00:13:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2014 03:34:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2014 02:02:10 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (11/28/2014 01:59:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 11.0.9600.17420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1294

Startzeit: 01d00b0ad6edc5c0

Endzeit: 80

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID:

Error: (11/28/2014 01:56:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2014 08:55:19 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.


System errors:
=============
Error: (11/30/2014 00:28:15 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (11/30/2014 00:27:21 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.189.853.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.6.0305.00

	Quellpfad: 4.6.0305.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (11/30/2014 00:27:17 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (11/30/2014 00:11:46 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (11/28/2014 03:35:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (11/28/2014 03:32:41 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (11/28/2014 02:41:52 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (11/28/2014 02:04:14 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 40.

Error: (11/28/2014 01:54:52 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (11/28/2014 01:53:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (11/30/2014 00:30:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/30/2014 00:23:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Lena\Downloads\esetsmartinstaller_deu.exe

Error: (11/30/2014 00:21:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.1756761c01d00c8ebbc6d7d547C:\windows\Explorer.EXE0d28f24b-7883-11e4-ab1b-f0def1a76e65

Error: (11/30/2014 00:19:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (11/30/2014 00:13:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2014 03:34:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2014 02:02:10 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (11/28/2014 01:59:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17420129401d00b0ad6edc5c080C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (11/28/2014 01:56:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2014 08:55:19 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000


==================== Memory info =========================== 

Processor: AMD E-450 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 62%
Total physical RAM: 3688.67 MB
Available physical RAM: 1382.33 MB
Total Pagefile: 13375.52 MB
Available Pagefile: 11257.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:421.81 GB) (Free:123.27 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:7.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9DA6949F)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

==================== End Of Log ============================
         

Alt 30.11.2014, 16:53   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Malware und Adware Befall nach Installation von "StreamTransport" - Standard

Malware und Adware Befall nach Installation von "StreamTransport"



Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
  • Doppelklick auf die OTL.exe
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal Ausgabe
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.12.2014, 15:34   #9
Funchameleon
 
Malware und Adware Befall nach Installation von "StreamTransport" - Standard

Malware und Adware Befall nach Installation von "StreamTransport"



OTL:
Code:
ATTFilter
OTL logfile created on: 01.12.2014 16:13:08 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lena\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.60 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 45.21% Memory free
13.06 Gb Paging File | 10.58 Gb Available in Paging File | 80.98% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6000 12000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 121.84 Gb Free Space | 28.89% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 7.38 Gb Free Space | 25.44% Space Free | Partition Type: NTFS
 
Computer Name: LENA-PC | User Name: Lena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Lena\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - c:\Program Files\Xcalibur\system\programs\FinAutoLogOff.exe (Thermo Electron Corporation)
PRC - c:\Program Files\Xcalibur\system\programs\finSS_Server.exe (Thermo Electron Corporation)
PRC - c:\Program Files\Xcalibur\system\programs\CFRDBService.exe (Thermo Electron Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\users\lena\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdcfcqw.dll ()
MOD - C:\Users\Lena\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ()
MOD - C:\Users\Lena\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Users\Lena\AppData\Roaming\Thunderbird\Profiles\haek98nc.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (FlexNet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe (Flexera Software LLC)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (NitroDriverReadSpool8) -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe (Nitro PDF Software)
SRV:64bit: - (Printer Control) -- C:\Windows\SysNative\PrintCtrl.exe (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV:64bit: - (FinAutoLogOff) -- c:\Program Files\Xcalibur\system\programs\FinAutoLogOff.exe (Thermo Electron Corporation)
SRV:64bit: - (Finnigan Security Server) -- c:\Program Files\Xcalibur\system\programs\finSS_Server.exe (Thermo Electron Corporation)
SRV:64bit: - (CFRDBService) -- c:\Program Files\Xcalibur\system\programs\CFRDBService.exe (Thermo Electron Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (chromoting) -- C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe (Google Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (XPrint-Client-Service) -- C:\Program Files (x86)\Schomaecker\XPrint-Client\XPrint-Client-Service\XPrint-Client-Service.exe (Schomäcker GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (Disc Soft Ltd)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (silabser) -- C:\Windows\SysNative\drivers\silabser.sys (Silicon Laboratories)
DRV:64bit: - (silabenm) -- C:\Windows\SysNative\drivers\silabenm.sys (Silicon Laboratories)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (cbfs3) -- C:\Windows\SysNative\drivers\cbfs3.sys (EldoS Corporation)
DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo)
DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (zghsmdm) -- C:\Windows\SysNative\drivers\zghsmdm.sys (ZTE Incorporated)
DRV:64bit: - (massfilter_hs) -- C:\Windows\SysNative\drivers\massfilter_hs.sys (HandSet Incorporated)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vm332avs) -- C:\Windows\SysNative\drivers\vm332avs.sys (Vimicro Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (vm2uvcflt) -- C:\Windows\SysNative\drivers\vm2uvcflt.sys (Vimicro Corporation)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hcw66xxx) -- C:\Windows\SysNative\drivers\hcw66x64.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (pfc) -- C:\Windows\SysWOW64\drivers\pfc.sys (Padus, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Wikipedia (de)"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: images%40snark.co.il:1000.89.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=13.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=13.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
 
 
[2012.02.01 23:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lena\AppData\Roaming\mozilla\Extensions
[2014.11.28 13:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lena\AppData\Roaming\mozilla\Firefox\Profiles\uqdgewfi.default\extensions
[2014.11.25 09:01:45 | 000,000,000 | ---D | M] (imagessnarkcoil) -- C:\Users\Lena\AppData\Roaming\mozilla\Firefox\Profiles\uqdgewfi.default\extensions\images@snark.co.il
[2014.11.28 13:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lena\AppData\Roaming\mozilla\Firefox\Profiles\uqdgewfi.default\extensions\staged
[2012.07.25 11:45:21 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Lena\AppData\Roaming\mozilla\firefox\profiles\uqdgewfi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.07.22 00:36:42 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Lena\AppData\Roaming\mozilla\firefox\profiles\uqdgewfi.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2014.11.28 13:32:01 | 000,801,883 | ---- | M] () (No name found) -- C:\Users\Lena\AppData\Roaming\mozilla\firefox\profiles\uqdgewfi.default\extensions\staged\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2014.06.12 08:39:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.24 12:47:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.03 08:18:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: ChemDraw Pro Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npcdp32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.5 (Enabled) = C:\windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: No name found = C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.1027.0.1_0\
CHR - Extension: No name found = C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.7_0\
CHR - Extension: No name found = C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl\2.0.0.7_0\
CHR - Extension: No name found = C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\39.0.2171.46_0\
CHR - Extension: No name found = C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.13.2_0\
CHR - Extension: No name found = C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipakennkogpodadpikgipnogamhklmk\6.0_0\
CHR - Extension: No name found = C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\macpddegmcklbbnbdemccckkmhaegdlf\10804.5863.4374_0\
CHR - Extension: No name found = C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbfjbhoglggakhkngkbfehgghkaadeba\1.0.0.26_0\
 
O1 HOSTS File: ([2013.12.19 16:20:20 | 000,000,990 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 secure.tune-up.com
O1 - Hosts: 127.0.0.1 order.tune-up.com 
O1 - Hosts: 127.0.0.1 tune-up.com 
O1 - Hosts: 127.0.0.1 tune-up.com/order 
O1 - Hosts: 127.0.0.1 registertuneup.com 
O1 - Hosts: 127.0.0.1 tuneup.de
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [{BA1E422A-80A8-4AA0-B67B-CAA3D04C5162}] C:\Program Files\CapsLK OSD\64\CAPSOSD.EXE (Wistron Corp.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [PrintDisp] C:\Windows\SysNative\PrintDisp.exe (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab (Java Plug-in 11.25.2)
O16 - DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab (Java Plug-in 1.8.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab (Java Plug-in 11.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78766EAF-1FF5-492F-97B3-AB9B54FB7625}: NameServer = 134.106.40.3,134.106.49.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E9270B2-9736-47F1-AD8E-CCD94EC2CF51}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O27:64bit: - HKLM IFEO\btwuiext.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\effectextractor.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\unins000.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\youcam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\btwuiext.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\effectextractor.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\unins000.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\youcam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{23d88e2a-447e-11e4-87cc-f0def1a76e65}\Shell - "" = AutoRun
O33 - MountPoints2\{23d88e2a-447e-11e4-87cc-f0def1a76e65}\Shell\AutoRun\command - "" = F:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083
O33 - MountPoints2\{3fe04515-d644-11e1-ac8e-f0def1a76e65}\Shell - "" = AutoRun
O33 - MountPoints2\{3fe04515-d644-11e1-ac8e-f0def1a76e65}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\{3fe04581-d644-11e1-ac8e-f0def1a76e65}\Shell - "" = AutoRun
O33 - MountPoints2\{3fe04581-d644-11e1-ac8e-f0def1a76e65}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\{43d7657b-4fda-11e1-a7cf-f0def1a76e65}\Shell - "" = AutoRun
O33 - MountPoints2\{43d7657b-4fda-11e1-a7cf-f0def1a76e65}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{43d765bf-4fda-11e1-a7cf-f0def1a76e65}\Shell - "" = AutoRun
O33 - MountPoints2\{43d765bf-4fda-11e1-a7cf-f0def1a76e65}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{82f4e8e7-8611-11e1-bcf1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{82f4e8e7-8611-11e1-bcf1-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ab275ee6-4e9f-11e1-ab3c-f0def1a76e65}\Shell - "" = AutoRun
O33 - MountPoints2\{ab275ee6-4e9f-11e1-ab3c-f0def1a76e65}\Shell\AutoRun\command - "" = G:\Windows\CHECK\DriveNavigator.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.11.25 19:45:44 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014.11.25 11:43:36 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.11.25 11:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2014.11.25 11:42:47 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014.11.25 11:42:47 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014.11.25 11:42:47 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014.11.25 11:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware 
[2014.11.25 11:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.11.25 11:26:50 | 000,000,000 | ---D | C] -- C:\Users\Lena\Desktop\Virus
[2014.11.25 10:17:38 | 000,000,000 | ---D | C] -- C:\FRST
[2014.11.25 10:14:31 | 000,000,000 | -HSD | C] -- C:\Users\Lena\AppData\Local\EmieBrowserModeList
[2014.11.24 08:29:42 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2014.11.24 08:29:40 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2014.11.21 13:39:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.11.14 12:57:55 | 000,176,552 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2014.11.14 12:57:55 | 000,176,552 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2014.11.14 12:57:55 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2014.11.14 12:12:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014.11.13 08:40:52 | 000,304,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\generaltel.dll
[2014.11.13 08:40:52 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014.11.13 08:40:49 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014.11.13 08:40:35 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2014.11.13 08:40:35 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\adtschema.dll
[2014.11.13 08:40:35 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\adtschema.dll
[2014.11.13 08:40:34 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msaudite.dll
[2014.11.13 08:40:34 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msaudite.dll
[2014.11.13 08:40:21 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014.11.13 08:40:21 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014.11.13 08:40:21 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014.11.13 08:40:21 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014.11.13 08:40:20 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014.11.13 08:40:20 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014.11.13 08:40:20 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014.11.13 08:40:19 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2014.11.13 08:40:19 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.11.13 08:40:16 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014.11.13 08:40:16 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014.11.13 08:40:15 | 002,051,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014.11.13 08:40:14 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014.11.13 08:40:14 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014.11.13 08:40:13 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014.11.13 08:40:13 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014.11.13 08:40:12 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014.11.13 08:40:12 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014.11.13 08:40:12 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014.11.13 08:40:11 | 000,799,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014.11.13 08:40:11 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014.11.13 08:40:10 | 002,124,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014.11.13 08:40:08 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2014.11.13 08:40:07 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014.11.13 08:40:06 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014.11.13 08:40:06 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2014.11.13 08:40:05 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014.11.13 08:40:05 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014.11.13 08:40:03 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2014.11.13 08:40:03 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014.11.13 08:40:03 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014.11.13 08:40:02 | 006,040,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014.11.13 08:40:02 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014.11.13 08:40:01 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014.11.13 08:40:01 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2014.11.13 08:39:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll
[2014.11.13 08:39:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll
[2014.11.13 08:39:00 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IMJP10K.DLL
[2014.11.13 08:38:59 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IMJP10K.DLL
[2014.11.13 08:38:42 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2014.11.13 08:38:24 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AUDIOKSE.dll
[2014.11.13 08:38:24 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\AUDIOKSE.dll
[2014.11.13 08:38:23 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioEng.dll
[2014.11.13 08:38:23 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioSes.dll
[2014.11.13 08:38:23 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\EncDump.dll
[2014.11.13 08:38:22 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\packager.dll
[2014.11.13 08:38:22 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\packager.dll
[2014.11.13 08:38:08 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll
[2014.11.13 08:37:56 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll
[2014.11.13 08:32:38 | 000,000,000 | ---D | C] -- C:\Users\Lena\Desktop\an pascal
[2014.11.13 08:27:37 | 000,000,000 | ---D | C] -- C:\Users\Lena\Desktop\Kram
[2014.11.09 01:41:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014.11.09 01:41:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2014.11.09 00:14:07 | 006,623,232 | ---- | C] (© onlinetvrecorder.com) -- C:\Users\Lena\Desktop\2009Decoder.exe
[2014.11.01 16:27:57 | 000,000,000 | ---D | C] -- C:\Users\Lena\Desktop\Jan
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Lena\Desktop\*.tmp files -> C:\Users\Lena\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014.12.01 16:09:20 | 000,028,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.12.01 16:09:20 | 000,028,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.12.01 16:06:38 | 000,001,110 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.12.01 16:05:40 | 022,886,328 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2014.12.01 16:05:40 | 000,654,480 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014.12.01 16:05:40 | 000,122,352 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014.12.01 16:05:39 | 007,280,312 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2014.12.01 16:05:39 | 000,782,552 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014.12.01 16:02:13 | 000,130,817 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2014.12.01 16:01:44 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.12.01 16:01:12 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014.12.01 16:01:03 | 2900,889,600 | -HS- | M] () -- C:\hiberfil.sys
[2014.11.30 13:57:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014.11.26 15:57:40 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014.11.26 15:57:39 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.11.25 19:20:06 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.11.25 10:15:28 | 000,000,168 | ---- | M] () -- C:\Users\Lena\defogger_reenable
[2014.11.21 13:20:08 | 000,001,465 | ---- | M] () -- C:\Users\Lena\Desktop\Internet Explorer (No Add-ons).lnk
[2014.11.16 16:22:17 | 1356,902,800 | ---- | M] () -- C:\Users\Lena\Desktop\Gute_Zeiten_schlechte_Zeiten_14.11.15_10-10_rtl_155_TVOON_DE.mpg.avi
[2014.11.16 06:48:12 | 000,001,047 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014.11.14 12:11:18 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2014.11.14 12:11:10 | 000,272,296 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2014.11.14 12:11:10 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2014.11.14 12:11:09 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2014.11.13 15:29:57 | 000,466,800 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014.11.13 09:23:06 | 000,084,029 | ---- | M] () -- C:\Users\Lena\Desktop\IC.pdf
[2014.11.13 09:22:16 | 000,060,956 | ---- | M] () -- C:\Users\Lena\Desktop\IC2005.pdf
[2014.11.06 05:03:50 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014.11.06 04:47:03 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014.11.06 04:46:12 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014.11.06 04:46:12 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014.11.06 04:44:28 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2014.11.06 04:35:59 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014.11.06 04:31:48 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014.11.06 04:30:22 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014.11.06 04:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014.11.06 04:29:18 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014.11.06 04:23:57 | 006,040,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014.11.06 04:20:18 | 000,968,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014.11.06 04:16:23 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014.11.06 04:13:36 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014.11.06 04:12:44 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014.11.06 04:10:58 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2014.11.06 04:07:29 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2014.11.06 04:03:56 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014.11.06 04:02:05 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014.11.06 04:00:56 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014.11.06 04:00:51 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014.11.06 03:59:36 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014.11.06 03:58:38 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014.11.06 03:57:38 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014.11.06 03:42:36 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.11.06 03:41:26 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014.11.06 03:41:26 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014.11.06 03:39:39 | 001,359,360 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2014.11.06 03:38:25 | 002,124,288 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014.11.06 03:37:58 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014.11.06 03:36:47 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014.11.06 03:21:25 | 002,051,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014.11.06 03:20:37 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2014.11.06 02:53:19 | 000,799,232 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014.11.06 02:47:17 | 000,708,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014.11.05 18:56:54 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\generaltel.dll
[2014.11.05 18:56:36 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014.11.05 18:52:22 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Lena\Desktop\*.tmp files -> C:\Users\Lena\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014.11.25 11:31:53 | 000,001,465 | ---- | C] () -- C:\Users\Lena\Desktop\Internet Explorer (No Add-ons).lnk
[2014.11.25 10:15:28 | 000,000,168 | ---- | C] () -- C:\Users\Lena\defogger_reenable
[2014.11.16 16:21:14 | 1356,902,800 | ---- | C] () -- C:\Users\Lena\Desktop\Gute_Zeiten_schlechte_Zeiten_14.11.15_10-10_rtl_155_TVOON_DE.mpg.avi
[2014.11.13 09:23:06 | 000,084,029 | ---- | C] () -- C:\Users\Lena\Desktop\IC.pdf
[2014.11.13 09:22:14 | 000,060,956 | ---- | C] () -- C:\Users\Lena\Desktop\IC2005.pdf
[2014.11.09 01:41:45 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014.09.25 15:28:54 | 000,584,584 | ---- | C] () -- C:\windows\adb.exe
[2014.07.14 14:30:39 | 000,009,525 | ---- | C] () -- C:\Users\Lena\gtplot_conf.gtc
[2014.04.02 09:34:37 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI
[2013.10.04 11:43:59 | 001,391,616 | ---- | C] () -- C:\windows\SysWow64\ActPDF.dll
[2013.04.04 22:57:31 | 000,023,152 | ---- | C] () -- C:\Users\Lena\13c.pdf
[2012.11.04 16:47:37 | 000,001,757 | ---- | C] () -- C:\Users\Lena\.swfinfo
[2012.02.08 22:25:57 | 000,011,205 | ---- | C] () -- C:\Users\Lena\gsview64.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.06.25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences

< End of report >
         
Extras:
Code:
ATTFilter
OTL Extras logfile created on: 01.12.2014 16:13:08 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lena\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.60 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 45.21% Memory free
13.06 Gb Paging File | 10.58 Gb Available in Paging File | 80.98% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6000 12000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 121.84 Gb Free Space | 28.89% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 7.38 Gb Free Space | 25.44% Space Free | Partition Type: NTFS
 
Computer Name: LENA-PC | User Name: Lena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0269D9B2-046E-4C96-8DD2-3C6EC0C4B999}" = rport=445 | protocol=6 | dir=out | app=system | 
"{04BF49DF-C80B-4259-A12E-2968F40153A2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{08961CF6-FEB7-4EDF-B9F3-FEE16634A604}" = lport=138 | protocol=17 | dir=in | app=system | 
"{199E68A0-5EB3-432C-A951-55C254038285}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1A0488EF-E2A2-4255-BBD4-4117DB5C7CD0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{27DDFD28-DC3C-4B34-8825-1B49C5F211EE}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{38A2BE54-3D93-455B-ACC4-FB000E6234B3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3B0C3EBB-2E1F-4FF0-BE57-CAD3AFBDE590}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4163B87F-A570-4071-907C-A7261CFD08D0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{48F71806-2392-4803-B49F-DADF2A3E2C51}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4B75584F-9566-4BAF-A14C-A6E9C942D206}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{4D1BBC13-B0CD-43A3-B8EE-6244E27C5F89}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4D539AD1-FA6D-47F9-B2D3-BA3B38AC9308}" = lport=445 | protocol=6 | dir=in | app=system | 
"{626C5E56-E582-490F-8FDD-C26F3783A5C7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{68AD3D72-D796-4FF2-86D5-F1AD63FF7716}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7265D3BC-66B2-46A4-8B5B-0DCC024311BF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8A2C72A5-0A42-4519-96E6-7714100B1A2C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{974A6855-5943-49A9-BA36-177BDCD2815F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9A8B4DDA-D095-4A98-B11D-B09DCE751BFF}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A5E285B1-4CCC-4BB9-A811-CB45772779D2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C1DAB465-6259-4201-9BF5-572C9EEA2565}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{DFD5B443-4FD8-4ADE-8269-80418AC50D5F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E9853909-B8F9-4614-BA3A-A1F98F174B8D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EC13FF34-9F88-4C04-8457-35C7DDF0BDAE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{ECF2A81B-7CE8-4E3E-A1D9-CB656D2BDA7E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F690FF56-7448-4294-9406-0491EDA79C40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14A9C98F-C768-4B61-A53C-332C619F3D91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{17497A9A-75AF-4C1A-9954-3749F0651B5D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{17A74CCB-AFC9-41DA-856A-DF5152B11C5C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{1B397378-5590-4DC8-A57F-4BAF0F4263FD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1E751B2C-8677-4430-ABD3-5EB313C2489B}" = dir=in | app=c:\program files (x86)\google\chrome remote desktop\39.0.2171.46\remoting_host.exe | 
"{216ABE98-200F-441B-BCD9-BE6E8530F3A0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{2B8AAF9D-CD04-4B09-9B90-1B886F1A4E65}" = protocol=6 | dir=out | app=system | 
"{4520EE7E-7FD2-4E80-A548-499FDFA91767}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{4F105D20-9B7C-46B8-9D7A-68C7DD1D85C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{60AB2E9C-2364-44C3-A8B2-FB541F1E6D2C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{61BA5E02-D47D-4CCD-9012-FE096996EDBD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{75455C56-87E8-43D9-8B42-6F2AB47074BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7A7F390C-4834-4E46-B765-CC668C70E65D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{7D688D00-7F25-4968-9134-4F6404EDFF41}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8B62A122-2756-41E1-8A37-4C042E0B2873}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{99ABC7D8-E59F-4207-9746-3BA3735EAA47}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9F163A0C-E24B-4538-B886-C5125EDCC014}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A0CCBC56-8EA6-432E-ACBA-8E4A7AE92BBB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A2AD53A8-DFCE-459B-ABDC-35A19FC54158}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A4D3EDEF-78B9-434C-8FF8-3A8F7DF44C87}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BA3C05DD-94AA-4C70-B3E0-340CF041D106}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BA61CB08-E185-43D9-948F-7ACD223A54B5}" = protocol=17 | dir=in | app=c:\users\lena\appdata\roaming\dropbox\bin\dropbox.exe | 
"{DF43B602-D312-4673-80F7-4CF5F171E554}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E7BAAE61-3FEE-4E3B-B7D6-49CAB515E35A}" = protocol=6 | dir=in | app=c:\users\lena\appdata\roaming\dropbox\bin\dropbox.exe | 
"{EF9C3C3F-623A-402A-B009-B4997C6B3A0B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F2452511-AACB-4413-8BDF-8033FFC2A15F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FA4A7915-5069-45D4-A729-FA4DBC60E587}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{22C8B835-5C69-4D8E-AB52-8F311E0535F8}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"TCP Query User{26332CA1-6565-4097-85F1-6D01D5A1F091}C:\program files (x86)\cambridgesoft\chemoffice2012\chem3d\chem3d.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2012\chem3d\chem3d.exe | 
"TCP Query User{2EE7E169-C9F8-451C-8667-345B80DEAB7A}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"TCP Query User{37AD13A4-D434-474A-9394-9C24B0ACC2E2}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"TCP Query User{69F4F18B-ACA5-4A30-9D32-DD42B9C85104}C:\program files (x86)\cambridgesoft\chemoffice2012\chemdraw\chemdraw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2012\chemdraw\chemdraw.exe | 
"TCP Query User{83691E7A-1D2F-4CE8-A78C-FAD281FD7A8B}C:\users\lena\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\lena\appdata\roaming\wuala\wuala.exe | 
"TCP Query User{8A37B2F7-CBEB-4936-88F5-A0ADB09549C3}C:\users\lena\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\lena\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{96DD4505-A280-4DF2-8CB8-83307789D884}C:\program files (x86)\cambridgesoft\chemoffice2012\chemfinder\cfword.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2012\chemfinder\cfword.exe | 
"TCP Query User{9F1B8149-0B79-46E4-87FB-23776A32C35F}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{A17914DF-D4A4-4AE1-B49E-E3B7C80DEFC4}C:\users\lena\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\lena\appdata\roaming\wuala\wuala.exe | 
"UDP Query User{09981713-AB32-42AC-BEDB-E86F7276C518}C:\users\lena\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\lena\appdata\roaming\wuala\wuala.exe | 
"UDP Query User{1A06C615-26BE-45FA-A7B7-EFCCB5141CB9}C:\users\lena\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\lena\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{477CEF49-82DA-494B-A7F5-3AB2F31F665F}C:\program files (x86)\cambridgesoft\chemoffice2012\chemdraw\chemdraw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2012\chemdraw\chemdraw.exe | 
"UDP Query User{53658244-83CA-4863-B0F0-D447B771EB09}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{6C155CDF-A8D2-4E5E-A101-85E9C5F124F7}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"UDP Query User{A7BBD358-CBF1-43DF-BF35-6E547410D920}C:\program files (x86)\cambridgesoft\chemoffice2012\chem3d\chem3d.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2012\chem3d\chem3d.exe | 
"UDP Query User{B4B3183A-425B-430E-9D88-62162C3BECCD}C:\program files (x86)\cambridgesoft\chemoffice2012\chemfinder\cfword.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2012\chemfinder\cfword.exe | 
"UDP Query User{F65DE317-FB9C-4DFE-8845-7D7747952B02}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"UDP Query User{FA7B9FF8-873C-42E0-98B7-D972B44DB185}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"UDP Query User{FD2C6614-CE2F-4EE6-AE47-63057C3F09BA}C:\users\lena\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\lena\appdata\roaming\wuala\wuala.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client
"{247DC663-8C19-AF97-13B4-56C113B48631}" = ccc-utility64
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{345F3F90-0505-4EDF-B7A9-5E3AC1AC6CE4}" = 64 Bit HP CIO Components Installer
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{3D46565E-4D02-11E3-A75C-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{431FAEB0-4D02-11E3-9F31-F04DA23A5C58}" = MSVCRT Redists
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{83E198D6-F0DB-FC52-D3B7-C131C53356E6}" = AMD Fuel
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-041A-1000-0000000FF1CE}" = Microsoft Office Access MUI (Croatian) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-041A-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Croatian) 2010
"{90140000-0017-0407-1000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-041A-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Croatian) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-041A-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Croatian) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-041A-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Croatian) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-041A-1000-0000000FF1CE}" = Microsoft Office Word MUI (Croatian) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-041A-1000-0000000FF1CE}" = Microsoft Office Proof (Croatian) 2010
"{90140000-001F-081A-1000-0000000FF1CE}" = Microsoft Office Proof (Serbian (Latin)) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-041A-1000-0000000FF1CE}" = Microsoft Office Proofing (Croatian) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-041A-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Croatian) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-041A-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Croatian) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-041A-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Croatian) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-041A-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Croatian) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-041A-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Croatian) 2010
"{90140000-0100-0407-1000-0000000FF1CE}" = Microsoft Office O MUI (German) 2010
"{90140000-0100-041A-1000-0000000FF1CE}" = Microsoft Office O MUI (Croatian) 2010
"{90140000-0101-0407-1000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010
"{90140000-0101-041A-1000-0000000FF1CE}" = Microsoft Office X MUI (Croatian) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{BE422014-ABDB-01EB-5E76-92FEE6476929}" = ATI AVIVO64 Codecs
"{C513739C-5F16-37B5-9ACF-99925FF1C1F3}" = Microsoft .NET Framework 4.5.1 (DEU)
"{CE94C252-25AD-41A0-97B6-DD4F0E886F26}" = Nitro Pro 8
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D119A8C4-21EE-9FE3-F63F-2A18FFA66B02}" = ATI Catalyst Install Manager
"{D2D77DC2-8299-11D1-8949-444553540000}_is1" = Handset USB Driver
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E8F838B2-21E2-D6B9-34BE-453FEE7E5F11}" = AMD Media Foundation Decoders
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"DE7217D2A8B057F15EC6E52329FDAB84231521E8" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430)
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)
"F92C2D6CB4EA0EE558BDF5F8BDD69083DFC62179" = Windows-Treiberpaket - Silicon Laboratories (silabenm) Ports  (10/18/2013 6.6.1.0)
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.OMUI.de-de" = Microsoft Office Language Pack 2010 - German/Deutsch
"Office14.OMUI.hr-hr" = Microsoft Office Language Pack 2010 - Croatian/Hrvatski
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"R for Windows 2.13.2_is1" = R for Windows 2.13.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Geochemist's Workbench® Student" = The Geochemist's Workbench® Student (64-bit)
"WinRAR archiver" = WinRAR 4.10 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03DBD331-3B99-63BB-7C7F-742905F2BB3A}" = Catalyst Control Center Localization All
"{097E024D-BE30-4D95-B5F3-B6AE9C1568D4}" = PowerXpressHybrid
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{17B22CEC-41F3-BCDB-C8B6-169A8BABD435}" = CCC Help Finnish
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}" = System Requirements Lab for Intel
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver
"{2E1939D4-5B77-5A56-9162-FD67006E45E0}" = AMD VISION Engine Control Center
"{2E6EE352-C3CB-49F3-8E8F-7D2ECD851025}" = Xcalibur
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{30755F85-0FC1-C72B-2F48-3A41B99EA46C}" = CCC Help Danish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{400C239A-BE90-C8AC-1E42-EF0FCAD0CE52}" = CCC Help Chinese Standard
"{48052BE2-70BD-9BF8-B516-1B8BA94607F1}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A9E79C2-18DB-CBCB-6949-3FA1122FAD42}" = Catalyst Control Center Graphics Previews Common
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E396741-EAF9-4E21-9B4F-B16DEFA531A6}" = Catalyst Control Center - Branding
"{4E39C7C1-DF0C-B33D-98B5-6DEF133A7987}" = CCC Help French
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{54FAAC74-75CA-95D0-5B75-BCF680CC95E9}" = CCC Help Russian
"{57FFA83D-5264-02C6-D418-226D066B6D43}" = CCC Help Greek
"{5C929F95-5B3A-DA3F-8E6E-DD49D5B662D7}" = Catalyst Control Center Profiles Mobile
"{5E0D2061-86AB-4B83-A671-A0BF3FF1537B}_is1" = Vokabel Trainer 5
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D29B8FC-C40D-69DA-D663-602E7858E5E5}" = CCC Help Hungarian
"{6DD38FB3-98C5-A504-1761-75A9338DF1BA}" = CCC Help Czech
"{6F7ECDE7-894D-7A94-AC32-BAE0AF13AC6C}" = CCC Help Korean
"{6FED8283-F73E-042D-5013-38A5BF7488A5}" = CCC Help Swedish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D13A8A-5D91-3B26-A6F1-F8848310B711}" = CCC Help Japanese
"{7f51bdb9-ee21-49ee-94d6-90afc321780e}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
"{838AB498-9AB6-242C-5EED-14B98E65E5F0}" = Catalyst Control Center InstallProxy
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8432E4EF-ABFB-48C8-B77B-24728E71D3DD}" = Chrome Remote Desktop Host
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}" = EndNote X7
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A6A245D-D0CE-477F-A5D0-8F339B4FF921}" = CambridgeSoft ChemBioDraw Ultra 13.0
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A119FE0-D74C-6E6D-F2B7-F3FE80B7D356}" = CCC Help Portuguese
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AC326E6-650B-4287-6A8E-C4B2A41C8FE3}" = CCC Help Italian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A4DE1B70-4A3F-0B79-036E-D56D794B8D11}" = CCC Help Spanish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A912021A-FEDD-4DA3-8DB4-245EBDA84778}" = Origin 8G
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.09) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{AFDE6AB3-BFFD-1411-262E-E7E364D6424D}" = CCC Help Norwegian
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1646873-447F-F477-CEEF-8F0A4BD59BF2}" = CCC Help Turkish
"{BA1E422A-80A8-4AA0-B67B-CAA3D04C5162}" = CapsLK OSD
"{BBD1BADF-F0DC-DA01-A774-A555F20907AD}" = CCC Help Dutch
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEE173E5-F9A6-1657-EF62-8E7679D5B05F}" = CCC Help Polish
"{D031A9FA-9B49-C572-B0E6-810EA5C94D10}" = CCC Help German
"{D049112D-1A05-497C-A82E-3E2402FDA943}" = Origin8
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D26F58B7-92C6-CB25-88CA-B0798494052A}" = CCC Help English
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DEA566C9-30BA-FB13-D443-4E3D0AB8EB01}" = CCC Help Thai
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA594E28-547D-4FB5-AED8-3628EFB1474D}" = TuneUp Utilities 2014 (de-DE)
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F493761C-E465-4B9E-9FC1-A312F161DE0A}" = Active Protection System
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}" = TuneUp Utilities 2014
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"DAEMON Tools Lite" = DAEMON Tools Lite
"Die Sims 4 Digital Deluxe Edition MULTi2 1.0" = Die Sims 4 Digital Deluxe Edition MULTi2 1.0
"GCDkit_is1" = Geochemical Data Toolkit (GCDkit) version 3.00
"Google Chrome" = Google Chrome
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"KaleidaGraph 4.0" = KaleidaGraph 4.0
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.3.1025
"Mozilla Thunderbird 24.6.0 (x86 de)" = Mozilla Thunderbird 24.6.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"Trillian" = Trillian
"TuneUp Utilities" = TuneUp Utilities 2014
"VLC media player" = VLC media player 2.1.3
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"Wuala CBFS" = Wuala CBFS
"Wuala OverlayIcons" = Wuala OverlayIcons
"Xcalibur" = Xcalibur
"X-Print Client Uni Oldenburg_is1" = X-Print 4.0 Client
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
"Wuala" = Wuala
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.11.2014 10:34:28 | Computer Name = Lena-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.11.2014 07:13:32 | Computer Name = Lena-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.11.2014 07:19:27 | Computer Name = Lena-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 30.11.2014 07:21:44 | Computer Name = Lena-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 61c    Startzeit: 01d00c8ebbc6d7d5    Endzeit: 47    Anwendungspfad: 
C:\windows\Explorer.EXE    Berichts-ID: 0d28f24b-7883-11e4-ab1b-f0def1a76e65  
 
Error - 30.11.2014 07:23:52 | Computer Name = Lena-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Lena\Downloads\esetsmartinstaller_deu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 30.11.2014 07:30:04 | Computer Name = Lena-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.11.2014 07:36:06 | Computer Name = Lena-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 30.11.2014 08:15:22 | Computer Name = Lena-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 01.12.2014 11:02:53 | Computer Name = Lena-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.12.2014 11:05:39 | Computer Name = Lena-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
[ System Events ]
Error - 28.11.2014 09:04:14 | Computer Name = Lena-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
 
Error - 28.11.2014 09:41:52 | Computer Name = Lena-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 28.11.2014 10:32:41 | Computer Name = Lena-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 28.11.2014 10:35:10 | Computer Name = Lena-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 30.11.2014 07:11:46 | Computer Name = Lena-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 30.11.2014 07:27:17 | Computer Name = Lena-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 30.11.2014 07:27:21 | Computer Name = Lena-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.189.853.0     Aktualisierungsquelle: %%859

	Aktualisierungsphase:
 %%854     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: %%800     Aktualisierungstyp: %%803

	Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.11202.0     Fehlercode:
 0x8024001e     Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
 Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
 unter "Hilfe und Support". 
 
Error - 30.11.2014 07:28:15 | Computer Name = Lena-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 30.11.2014 09:41:22 | Computer Name = Lena-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 01.12.2014 11:01:03 | Computer Name = Lena-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
 
< End of report >
         

Alt 02.12.2014, 11:06   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Malware und Adware Befall nach Installation von "StreamTransport" - Standard

Malware und Adware Befall nach Installation von "StreamTransport"



Irgendwie versteh ich das gerade nicht. Poste bitte nochmal ein frisches FRST Log.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.12.2014, 12:18   #11
Funchameleon
 
Malware und Adware Befall nach Installation von "StreamTransport" - Standard

Malware und Adware Befall nach Installation von "StreamTransport"



Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014
Ran by Lena (administrator) on LENA-PC on 02-12-2014 13:03:51
Running from C:\Users\Lena\Downloads
Loaded Profile: Lena (Available profiles: Lena)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\CFRDBService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\FinAutoLogOff.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\finSS_Server.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) C:\Windows\System32\PrintCtrl.exe
(Lenovo.) C:\Windows\System32\TPHDEXLG64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe
(Wistron Corp.) C:\Program Files\CapsLK OSD\64\Capsosd.exe
(Dropbox, Inc.) C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_239_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2396968 2010-10-21] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\System32\TpShocks.exe [231328 2010-03-15] (Lenovo.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-11-24] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-11-24] (Lenovo(beijing) Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [PrintDisp] => C:\windows\system32\PrintDisp.exe [870400 2012-10-29] (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
HKLM\...\Run: [{BA1E422A-80A8-4AA0-B67B-CAA3D04C5162}] => C:\Program Files\CapsLK OSD\64\CAPSOSD.EXE [3699752 2010-10-25] (Wistron Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {23d88e2a-447e-11e4-87cc-f0def1a76e65} - F:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {3fe04515-d644-11e1-ac8e-f0def1a76e65} - E:\Startme.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {3fe04581-d644-11e1-ac8e-f0def1a76e65} - E:\Startme.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {43d7657b-4fda-11e1-a7cf-f0def1a76e65} - E:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {43d765bf-4fda-11e1-a7cf-f0def1a76e65} - E:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {82f4e8e7-8611-11e1-bcf1-806e6f6e6963} - G:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {ab275ee6-4e9f-11e1-ab3c-f0def1a76e65} - G:\Windows\CHECK\DriveNavigator.exe
IFEO\btwuiext.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\effectextractor.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\youcam.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {8C253AA9-4BE6-4BBE-AB53-B530F0B00EA0} => C:\windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {8C253AA9-4BE6-4BBE-AB53-B530F0B00EA0} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52051;https=127.0.0.1:52051
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{78766EAF-1FF5-492F-97B3-AB9B54FB7625}: [NameServer] 134.106.40.3,134.106.49.2

FireFox:
========
FF ProfilePath: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default
FF DefaultSearchEngine: Wikipedia (de)
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: imagessnarkcoil - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\images@snark.co.il [2014-11-25]
FF Extension: Adblock Plus - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-02-05]
FF Extension: Tab Mix Plus - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-02-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-24]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-03]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (Google Cast) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-05-01]
CHR Extension: (Adblock Plus) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-09-22]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-05-01]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-05-01]
CHR Extension: (AdBlock) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-09-12]
CHR Extension: (Wikipedia Search) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipakennkogpodadpikgipnogamhklmk [2012-09-12]
CHR Extension: (macpddegmcklbbnbdemccckkmhaegdlf) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\macpddegmcklbbnbdemccckkmhaegdlf [2014-11-25]
CHR Extension: (Google Wallet) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (PAYBACK Internet Assistent für Google Chrome) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbfjbhoglggakhkngkbfehgghkaadeba [2014-09-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-06-07] (Advanced Micro Devices, Inc.) [File not signed]
S4 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [907040 2010-05-10] (Broadcom Corporation.)
R2 CFRDBService; c:\program files\Xcalibur\system\programs\CFRDBService.exe [335923 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [56648 2014-10-29] (Google Inc.)
R2 FinAutoLogOff; c:\program files\Xcalibur\system\programs\FinAutoLogOff.exe [86068 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 Finnigan Security Server; c:\program files\Xcalibur\system\programs\finSS_Server.exe [65536 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-04-30] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Printer Control; C:\windows\system32\PrintCtrl.exe [121856 2012-10-21] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-12] (TuneUp Software)
S4 XPrint-Client-Service; C:\Program Files (x86)\Schomaecker\XPrint-Client\XPrint-Client-Service\XPrint-Client-Service.exe [1501184 2008-09-30] (Schomäcker GmbH) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-29] (Disc Soft Ltd)
S3 hcw66xxx; C:\Windows\System32\Drivers\hcw66x64.sys [753408 2009-06-03] (Hauppauge Computer Works, Inc.)
S3 massfilter_hs; C:\windows\system32\drivers\massfilter_hs.sys [18456 2011-08-15] (HandSet Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [129432 2011-08-15] (ZTE Incorporated)
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
U2 DriverService; No ImagePath
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-02 13:03 - 2014-12-02 13:03 - 00000000 ____D () C:\Users\Lena\Downloads\FRST-OlderVersion
2014-12-01 16:32 - 2014-12-01 16:32 - 00085166 _____ () C:\Users\Lena\Downloads\Extras.Txt
2014-12-01 16:31 - 2014-12-01 16:31 - 00109642 _____ () C:\Users\Lena\Downloads\OTL.Txt
2014-12-01 16:26 - 2014-12-01 16:26 - 00080508 _____ () C:\Users\Lena\Desktop\bookmarks_chrome01.12.14.html
2014-12-01 16:12 - 2014-12-01 16:12 - 00602112 _____ (OldTimer Tools) C:\Users\Lena\Downloads\OTL.exe
2014-11-30 12:33 - 2014-11-30 12:34 - 00047199 _____ () C:\Users\Lena\Downloads\Addition.txt
2014-11-30 12:30 - 2014-12-02 13:04 - 00022756 _____ () C:\Users\Lena\Downloads\FRST.txt
2014-11-30 12:23 - 2014-12-02 13:03 - 02117120 _____ (Farbar) C:\Users\Lena\Downloads\FRST64.exe
2014-11-27 15:38 - 2014-11-27 15:38 - 00854414 _____ () C:\Users\Lena\Downloads\SecurityCheck.exe
2014-11-27 10:56 - 2014-11-27 11:01 - 00004230 _____ () C:\Users\Lena\Act2_output.txt
2014-11-27 08:46 - 2014-11-27 08:46 - 02347384 _____ (ESET) C:\Users\Lena\Downloads\esetsmartinstaller_deu.exe
2014-11-25 19:45 - 2014-11-25 19:45 - 00000000 ____D () C:\windows\ERUNT
2014-11-25 19:44 - 2014-11-25 19:44 - 01707532 _____ (Thisisu) C:\Users\Lena\Downloads\JRT.exe
2014-11-25 11:43 - 2014-11-25 19:20 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-25 11:43 - 2014-11-25 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-25 11:42 - 2014-11-25 11:43 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-25 11:42 - 2014-11-25 11:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-25 11:42 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-25 11:42 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-25 11:42 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-11-25 11:31 - 2014-11-21 13:20 - 00001465 _____ () C:\Users\Lena\Desktop\Internet Explorer (No Add-ons).lnk
2014-11-25 11:26 - 2014-12-01 16:32 - 00000000 ____D () C:\Users\Lena\Desktop\Virus
2014-11-25 10:27 - 2014-11-25 10:27 - 00380416 _____ () C:\Users\Lena\Downloads\Gmer-19357.exe
2014-11-25 10:17 - 2014-12-02 13:04 - 00000000 ____D () C:\FRST
2014-11-25 10:15 - 2014-11-25 10:15 - 00000168 _____ () C:\Users\Lena\defogger_reenable
2014-11-25 10:14 - 2014-11-25 10:14 - 00000000 __SHD () C:\Users\Lena\AppData\Local\EmieBrowserModeList
2014-11-25 10:12 - 2014-11-25 10:12 - 01029608 _____ () C:\Users\Lena\Downloads\Setup v2 1.exe
2014-11-24 13:52 - 2014-11-24 13:52 - 00175910 _____ () C:\Users\Lena\Downloads\unterbrochene_yachse.zip
2014-11-21 13:59 - 2014-11-21 13:59 - 02140160 _____ () C:\Users\Lena\Downloads\adwcleaner_4.101 (1).exe
2014-11-21 13:41 - 2014-11-21 13:43 - 00000557 _____ () C:\Users\Lena\Downloads\zdf_hdflash_none-f.akamaihd.net15754379.f4f
2014-11-21 13:41 - 2014-11-21 13:41 - 01742260 _____ () C:\Users\Lena\Downloads\neomagazin141120.flv
2014-11-21 13:39 - 2014-11-28 13:52 - 00000000 ____D () C:\AdwCleaner
2014-11-21 13:18 - 2014-11-21 13:18 - 00003146 _____ () C:\windows\System32\Tasks\{C588A2D1-8070-4EFA-B632-BE83B414FE31}
2014-11-21 12:31 - 2014-11-21 13:54 - 01740800 _____ () C:\Users\Lena\Downloads\zdf_hdflash_none-f.akamaihd.net11589865.f4f
2014-11-21 12:29 - 2014-11-21 12:29 - 00000000 ____D () C:\Users\Lena\Downloads\streamtransport_1.1.6.2
2014-11-21 12:28 - 2014-11-21 12:29 - 17805707 _____ () C:\Users\Lena\Downloads\streamtransport_1.1.6.2 (1).zip
2014-11-21 12:28 - 2014-11-21 12:28 - 17805707 _____ () C:\Users\Lena\Downloads\streamtransport_1.1.6.2.zip
2014-11-19 15:33 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-19 15:33 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-19 15:33 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-19 15:33 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-16 16:21 - 2014-11-16 16:22 - 1356902800 _____ () C:\Users\Lena\Desktop\Gute_Zeiten_schlechte_Zeiten_14.11.15_10-10_rtl_155_TVOON_DE.mpg.avi
2014-11-14 13:49 - 2014-11-14 13:50 - 03462033 _____ () C:\Users\Lena\Downloads\pci_4filerecovery.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-14 12:05 - 2014-11-14 12:06 - 00638888 _____ (Oracle Corporation) C:\Users\Lena\Downloads\chromeinstall-8u25 (1).exe
2014-11-14 12:05 - 2014-11-14 12:05 - 00638888 _____ (Oracle Corporation) C:\Users\Lena\Downloads\chromeinstall-8u25.exe
2014-11-13 08:40 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-13 08:40 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-13 08:40 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-13 08:40 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-13 08:40 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-11-13 08:40 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-13 08:40 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-13 08:40 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-11-13 08:40 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-11-13 08:40 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-13 08:40 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-13 08:40 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-13 08:40 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-13 08:40 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-13 08:40 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-11-13 08:40 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-11-13 08:40 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-13 08:40 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-13 08:40 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-13 08:40 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-13 08:40 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-13 08:40 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-13 08:40 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-11-13 08:40 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-13 08:40 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-11-13 08:40 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 08:40 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-13 08:40 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-13 08:40 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-13 08:40 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-13 08:40 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-13 08:40 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-13 08:40 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-13 08:40 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-11-13 08:40 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-13 08:40 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-13 08:40 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 08:40 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-13 08:40 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-13 08:40 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-11-13 08:40 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-13 08:40 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-13 08:40 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-13 08:40 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-13 08:40 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-13 08:40 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-13 08:40 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-13 08:40 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-13 08:40 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-11-13 08:40 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-13 08:40 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-13 08:40 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-13 08:40 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-13 08:40 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-13 08:40 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-13 08:40 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-11-13 08:40 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-13 08:40 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-13 08:40 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-13 08:40 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-13 08:40 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-13 08:40 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-13 08:40 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-13 08:40 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-13 08:40 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-13 08:40 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-13 08:40 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-13 08:40 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-13 08:39 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-13 08:39 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-13 08:39 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-13 08:39 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-13 08:39 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-13 08:38 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-13 08:38 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-13 08:38 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-13 08:38 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-13 08:38 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-13 08:38 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-13 08:38 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-13 08:37 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-13 08:37 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-13 08:32 - 2014-11-13 09:23 - 00000000 ____D () C:\Users\Lena\Desktop\an pascal
2014-11-13 08:27 - 2014-11-28 15:34 - 00000000 ____D () C:\Users\Lena\Desktop\Kram
2014-11-09 01:41 - 2014-11-09 01:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-09 01:41 - 2014-11-09 01:41 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-09 01:15 - 2014-11-16 16:22 - 00000697 _____ () C:\Users\Lena\Desktop\MultidecoderLog.log
2014-11-09 01:15 - 2014-11-09 01:17 - 1319788244 _____ () C:\Users\Lena\Downloads\Gute_Zeiten_schlechte_Zeiten_14.11.08_10-00_rtl_150_TVOON_DE.mpg.avi
2014-11-09 00:14 - 2014-11-09 00:14 - 00000000 ____D () C:\Users\Lena\Downloads\OTRDecoder_2.0.0.22
2014-11-09 00:14 - 2012-08-13 15:54 - 06623232 _____ (© onlinetvrecorder.com) C:\Users\Lena\Desktop\2009Decoder.exe
2014-11-09 00:13 - 2014-11-09 00:13 - 02082889 _____ () C:\Users\Lena\Downloads\OTRDecoder_2.0.0.22.zip
2014-11-09 00:11 - 2014-11-09 01:14 - 1319788766 _____ () C:\Users\Lena\Downloads\Gute_Zeiten_schlechte_Zeiten_14.11.08_10-00_rtl_150_TVOON_DE.mpg.avi.otrkey
2014-11-07 13:43 - 2014-11-07 13:46 - 00000000 ____D () C:\Users\Lena\Downloads\Dateiordner_MM_14_-_Katalyse
2014-11-07 13:42 - 2014-11-07 13:42 - 00062640 _____ () C:\Users\Lena\Downloads\Dateiordner_MM_14_-_Katalyse.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-02 13:06 - 2011-11-24 09:17 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-02 12:59 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-02 12:59 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-02 12:57 - 2012-08-12 17:55 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-02 12:57 - 2011-11-15 23:13 - 22901120 _____ () C:\windows\system32\perfh007.dat
2014-12-02 12:57 - 2011-11-15 23:13 - 07285048 _____ () C:\windows\system32\perfc007.dat
2014-12-02 12:57 - 2009-07-14 06:13 - 00782552 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-02 12:54 - 2011-11-24 08:59 - 01420416 _____ () C:\windows\system32\TPAPSLOG.LOG
2014-12-02 12:53 - 2012-02-03 21:08 - 00000000 ___RD () C:\Users\Lena\Dropbox
2014-12-02 12:52 - 2012-02-03 21:05 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Dropbox
2014-12-02 12:51 - 2011-11-24 09:17 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-02 12:51 - 2011-11-24 09:07 - 00130739 _____ () C:\windows\system32\fastboot.set
2014-12-02 12:51 - 2011-11-24 08:59 - 00904064 _____ () C:\windows\system32\TPHDLOG0.LOG
2014-12-02 12:51 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-02 12:51 - 2009-07-14 05:51 - 00180650 _____ () C:\windows\setupact.log
2014-12-01 17:04 - 2011-11-24 08:19 - 01486510 _____ () C:\windows\WindowsUpdate.log
2014-12-01 16:36 - 2011-11-24 09:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-01 16:04 - 2014-06-02 12:35 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{4B3F3E2B-693F-40FB-8136-4BD97FE2FB88}
2014-11-30 12:28 - 2010-11-21 04:47 - 00399904 _____ () C:\windows\PFRO.log
2014-11-28 13:52 - 2012-02-01 23:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-28 13:31 - 2012-02-01 23:57 - 00000000 ____D () C:\Users\Lena\AppData\Local\Mozilla
2014-11-27 10:56 - 2012-02-01 23:10 - 00000000 ____D () C:\Users\Lena
2014-11-27 10:55 - 2014-07-14 14:00 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\GWB
2014-11-26 15:57 - 2012-08-12 17:55 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 15:57 - 2012-04-26 15:09 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 15:57 - 2012-02-02 22:52 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-21 15:16 - 2012-02-05 13:52 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\vlc
2014-11-21 13:31 - 2011-11-24 08:34 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-11-21 13:20 - 2012-02-01 23:11 - 00001421 _____ () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-16 08:38 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-11-16 07:01 - 2011-11-24 09:17 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 07:01 - 2011-11-24 09:17 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-16 06:47 - 2012-02-03 21:07 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 12:57 - 2012-07-24 12:46 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-14 12:11 - 2014-03-21 14:31 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-11-14 12:11 - 2014-03-21 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-14 12:10 - 2014-03-21 14:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-13 15:29 - 2009-07-14 05:45 - 00466800 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-13 15:28 - 2014-05-06 15:30 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-13 14:19 - 2012-02-02 23:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 14:15 - 2013-07-17 16:08 - 00000000 ____D () C:\windows\system32\MRT
2014-11-13 14:07 - 2012-02-07 13:41 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-13 09:40 - 2012-02-02 23:43 - 00000000 ____D () C:\Users\Lena\AppData\Local\Microsoft Help
2014-11-13 08:30 - 2012-02-02 22:05 - 00000000 ____D () C:\Users\Lena\Desktop\Uni - aktuell
2014-11-09 11:47 - 2014-01-20 19:53 - 00003694 _____ () C:\windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-11-09 01:41 - 2012-02-03 22:49 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-04 13:40 - 2012-02-02 23:17 - 00002106 _____ () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk

Some content of TEMP:
====================
C:\Users\Lena\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpujpc5_.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 21:26

==================== End Of Log ============================
         

Geändert von Funchameleon (02.12.2014 um 12:30 Uhr)

Alt 03.12.2014, 07:43   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Malware und Adware Befall nach Installation von "StreamTransport" - Standard

Malware und Adware Befall nach Installation von "StreamTransport"



Ok, ich muss erstmal was klären mit den Herren Autoren. Ich melde mich wieder.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.12.2014, 09:48   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Malware und Adware Befall nach Installation von "StreamTransport" - Standard

Malware und Adware Befall nach Installation von "StreamTransport"



Downloade Dir HitmanProauf Deinen Desktop:

HitmanPro - 32 Bit
HitmanPro - 64 Bit
  • Starte die HitmanPro.exe
  • Klicke unten auf der Button-Leiste auf Einstellungen
  • Belasse die Standardeinstellungen und wähle nur bei "Nach potentiell unerwünschten Programmen suchen" als "Standardaktion" Löschen aus und bestätige mit Ok.
  • Klicke auf Weiter und akzeptiere die Lizenzbedingungen. Klicke auf Weiter.
  • Wähle "Nein, ich möchte nur einen Einmalscan zur Überprüfung dieses Computers ausführen" aus und klicke auf Weiter.
  • Lass am Ende des Suchlaufs alle auftretende Funde löschen und klicke auf Weiter.
  • Wähle unten links auf der Button-Leiste Logdatei speichern und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro.

Poste bitte den Inhalt der HitmanPro_<Datum_Uhrzeit>.txt mit Deiner nächsten Antwort.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.12.2014, 10:07   #14
Funchameleon
 
Malware und Adware Befall nach Installation von "StreamTransport" - Standard

Malware und Adware Befall nach Installation von "StreamTransport"



Code:
ATTFilter
HitmanPro 3.7.9.232
www.hitmanpro.com

   Computer name . . . . : LENA-PC
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : Lena-PC\Lena
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2014-12-05 10:56:02
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 14s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 2
   Traces  . . . . . . . : 6

   Objects scanned . . . : 2 542 872
   Files scanned . . . . : 169 141
   Remnants scanned  . . : 1 048 502 files / 1 325 229 keys

Malware _____________________________________________________________________

   C:\Users\Lena\Downloads\Setup v2 1.exe -> Deleted
      Size . . . . . . . : 1 029 608 bytes
      Age  . . . . . . . : 10.0 days (2014-11-25 10:12:25)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 5D9455243C3FF6C83904DBE34B7CADC178992DCC571BBB8339376C044E0A888A
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Bitdefender  . . . : Application.Bundler.SoftPulse.E
    > Kaspersky  . . . . : Trojan.Win32.Inject.tmvx
      Fuzzy  . . . . . . : 108.0

   C:\Users\Lena\Downloads\SVP12Build765\Sony Vegas Pro 12 Build 765 64-Bit\KeyGen\di-sp230\di-sp23\Keygen.exe -> Quarantined
      Size . . . . . . . : 3 747 840 bytes
      Age  . . . . . . . : 65.7 days (2014-09-30 17:08:21)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 328F712942A93BEAE528597B54FF7E8897F2A58D7BBC1A5956144181AF06A7E9
    > G Data . . . . . . : Trojan.Generic.9412602
      Fuzzy  . . . . . . : 118.0


Suspicious files ____________________________________________________________

   C:\Users\Lena\Downloads\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2 117 632 bytes
      Age  . . . . . . . : 4.9 days (2014-11-30 12:23:28)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 0A3AF33164BDB71EDE4BC4EC461207C03FC8E9FFEF291B4538F8BEC99AB804D8
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\Lena\Downloads\FRST64.exe
      Size . . . . . . . : 2 117 120 bytes
      Age  . . . . . . . : 2.9 days (2014-12-02 13:03:43)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 81232B69650A6091BC14D05B98CDD301CE78CF5DA433FB03FCB8C0CF85DB5BE8
      Needs elevation  . : Yes
      Source URL . . . . : hxxp://download.bleepingcomputer.com/dl/ea0fab41dc14f0667ba87b69e94cc953/547daab3/windows/security/security-utilities/f/farbar-recovery-scan-tool/64/FRST64.exe
      Fuzzy  . . . . . . : 27.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is downloaded from the Internet to this computer.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -48.6s C:\Users\Lena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KBOUPKXP\582237_285238378236334_455049394_n[1].jpg
         -45.7s C:\Users\Lena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KBOUPKXP\11020_865141546852751_6869598674098251471_n[1].jpg
         -30.1s C:\Users\Lena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QH8YTS5Z\EqsQ4YHnlQL[1].png
         -2.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{F0AB364D-2BC9-4BAA-92AE-7E083E9F5611}
         -1.2s C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Cookies\PTMUA1H1.txt
         -1.1s C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Cookies\VD5PTK4J.txt
         -1.1s C:\Users\Lena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W5W9YBM2\82[1].htm
          0.0s C:\Users\Lena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\83W67W86\FRST64[1].exe
          0.0s C:\Users\Lena\Downloads\FRST64.exe
          1.3s C:\Users\Lena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XGNON6XT\1471279_10201258209440814_1905482600_n[1].jpg
          1.7s C:\Users\Lena\Downloads\FRST-OlderVersion\
          4.3s C:\Windows\Prefetch\FRST64.EXE-91619141.pf


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}\ (DomalQ) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\ (DomalQ) -> Deleted
         

Alt 06.12.2014, 08:22   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Malware und Adware Befall nach Installation von "StreamTransport" - Standard

Malware und Adware Befall nach Installation von "StreamTransport"



Nochmal Hitman, alle Funde löschen lassen, dann bitte 2 frische FRST logs.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Malware und Adware Befall nach Installation von "StreamTransport"
device driver, fehlercode 22, fehlercode 28, fehlercode windows, neue tabs mit werbung, pup.optional.boost.a, pup.optional.bundle, pup.optional.clara.a, pup.optional.crossrider.a, pup.optional.globalupdate.a, pup.optional.livelyrics.a, pup.optional.opencandy, pup.optional.selectngo.a, pup.optional.smartsaver.a, pup.optional.soft32, pup.optional.wajam, riskware.tool.ck, spotify web helper, tabs mit werbung, this device is disabled. (code 22), trojan.onlinegames



Ähnliche Themen: Malware und Adware Befall nach Installation von "StreamTransport"


  1. Adware/Malware nach Jdownloader Installation
    Log-Analyse und Auswertung - 12.09.2015 (5)
  2. Windows7: Malware-Befall? PC langsam, "Keine Rückmeldung" etc.
    Log-Analyse und Auswertung - 18.06.2015 (19)
  3. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  4. Wann gilt aggressive und schädliche Adware "offiziell" als Malware (Downloadseiten!)
    Diskussionsforum - 26.11.2014 (16)
  5. "Fehler: Server nicht gefunden" immer noch nach "WAJAM.A.1"-Befall
    Plagegeister aller Art und deren Bekämpfung - 05.11.2014 (15)
  6. Windows 8, "Speed Check" Malware-Befall
    Log-Analyse und Auswertung - 28.10.2014 (7)
  7. Internet Explorer öffnet Pup ups von "lpcloudbox" nach Installation von FreeYoutubeDownloader "update"
    Log-Analyse und Auswertung - 07.09.2014 (5)
  8. OTL Analyse "Problem: search conduit" nach codec installation
    Log-Analyse und Auswertung - 03.02.2014 (2)
  9. dosearches.com nach installation von "free m4a to mp3 converter"
    Plagegeister aller Art und deren Bekämpfung - 16.10.2013 (11)
  10. Windows XP Nach Installation von HP Player immer zwei Startseiten beim Öffnen von Google chrome "start.iminent.com" und "Search gol"
    Log-Analyse und Auswertung - 08.10.2013 (5)
  11. Sicherheitscenter deaktiviert und Virus "ADWARE/InstallCo.HA" "ADWARE/bProtect.D" "TR/Mevade.A.95" gefunden
    Log-Analyse und Auswertung - 10.09.2013 (10)
  12. Virus nach installation von "hdplugin_firefox.exe" - Office und andere Programme gelöscht?
    Plagegeister aller Art und deren Bekämpfung - 23.08.2013 (29)
  13. Avira meldet "TR/Downloader.Gen8" und "TR/Matsnu.EB.130" nach öffnen von Malware
    Plagegeister aller Art und deren Bekämpfung - 20.03.2013 (32)
  14. PC nach Befall durch "TR/Crypt.XPACK.Gen" und "TR/Crypt.ZPACK.Gen2" extrem langsam
    Plagegeister aller Art und deren Bekämpfung - 29.11.2011 (7)
  15. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  16. "error cleaner" "privacy protector" "spyware&malware protection"
    Plagegeister aller Art und deren Bekämpfung - 28.06.2008 (7)
  17. "error cleaner" "privacy protector" "spyware und malware protection"
    Plagegeister aller Art und deren Bekämpfung - 28.06.2008 (2)

Zum Thema Malware und Adware Befall nach Installation von "StreamTransport" - Hallo. Ich habe mir vor ein paar Tagen das Programm StreamTransport erneut installiert. Ich nutzte dieses Programm bereits längere Zeit und alles war ok. Aus irgendeinem Grund habe ich es - Malware und Adware Befall nach Installation von "StreamTransport"...
Archiv
Du betrachtest: Malware und Adware Befall nach Installation von "StreamTransport" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.