| |
| |||||||
Log-Analyse und Auswertung: Malware und Adware Befall nach Installation von "StreamTransport"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
25.11.2014, 11:19
| #1 |
 |  Malware und Adware Befall nach Installation von "StreamTransport" Hallo. Ich habe mir vor ein paar Tagen das Programm StreamTransport erneut installiert. Ich nutzte dieses Programm bereits längere Zeit und alles war ok. Aus irgendeinem Grund habe ich es gelöscht und merkte dann dass ich es doch brauche, also installierte ich es neu und das stellte sich als großer Fehler heraus. Es installierten sich diverse Programme und Toolbard, die ich alle via Systemsteuerung deinstallierte. Dann war einen Tag lang Ruhe. Heute morgen öffnete mein Browser (Chrome) ständig neue Tabs mit Werbung oder Seiten die mir Programme andrehen wollen. Auch wenn ich eine Seite öffne, zB dieses Forum, werde ich nach kurzer Zeit auf so eine ominöse Website weitergeleitet. Beispiele: hxxp://www.736vzaz.com/... hxxp://www.adcash.com/script/... hxxp://www.4h17ybnjm.com/... Außerdem wird ständig überall Werbung angezeigt obwohl ich einen Adblocker habe (Sogar auf der Google Seite). Ich kann Chrome nun fast gar nicht mehr benutzen und bin daher grad mit dem Internet Explorer hier. Ich habe Defogger, FRST und GMER nach Anweisung hier im Forum benutzt und hänge mal die Logfiles an: Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:15 on 25/11/2014 (Lena)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by Lena (administrator) on LENA-PC on 25-11-2014 10:17:59
Running from C:\Users\Lena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RP2YU6S3
Loaded Profile: Lena (Available profiles: Lena)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\CFRDBService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\FinAutoLogOff.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\finSS_Server.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) C:\Windows\System32\PrintCtrl.exe
(Lenovo.) C:\Windows\System32\TPHDEXLG64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Wistron Corp.) C:\Program Files\CapsLK OSD\64\Capsosd.exe
(Dropbox, Inc.) C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_223_ActiveX.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\OneClickStarter.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2396968 2010-10-21] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\System32\TpShocks.exe [231328 2010-03-15] (Lenovo.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-11-24] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-11-24] (Lenovo(beijing) Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [PrintDisp] => C:\windows\system32\PrintDisp.exe [870400 2012-10-29] (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
HKLM\...\Run: [{BA1E422A-80A8-4AA0-B67B-CAA3D04C5162}] => C:\Program Files\CapsLK OSD\64\CAPSOSD.EXE [3699752 2010-10-25] (Wistron Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {23d88e2a-447e-11e4-87cc-f0def1a76e65} - F:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {3fe04515-d644-11e1-ac8e-f0def1a76e65} - E:\Startme.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {3fe04581-d644-11e1-ac8e-f0def1a76e65} - E:\Startme.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {43d7657b-4fda-11e1-a7cf-f0def1a76e65} - E:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {43d765bf-4fda-11e1-a7cf-f0def1a76e65} - E:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {82f4e8e7-8611-11e1-bcf1-806e6f6e6963} - G:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {ab275ee6-4e9f-11e1-ab3c-f0def1a76e65} - G:\Windows\CHECK\DriveNavigator.exe
IFEO\btwuiext.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\effectextractor.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\youcam.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {8C253AA9-4BE6-4BBE-AB53-B530F0B00EA0} => C:\windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {8C253AA9-4BE6-4BBE-AB53-B530F0B00EA0} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52051;https=127.0.0.1:52051
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{78766EAF-1FF5-492F-97B3-AB9B54FB7625}: [NameServer] 134.106.40.3,134.106.49.2
FireFox:
========
FF ProfilePath: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: imagessnarkcoil - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\images@snark.co.il [2014-11-25]
FF Extension: Adblock Plus - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-02-05]
FF Extension: Tab Mix Plus - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-02-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-24]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-03]
FF Extension: No Name - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\extensions\tylerkeith11@aol.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (Google Cast) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-05-01]
CHR Extension: (Adblock Plus) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-09-22]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-05-01]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-05-01]
CHR Extension: (AdBlock) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-09-12]
CHR Extension: (Wikipedia Search) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipakennkogpodadpikgipnogamhklmk [2012-09-12]
CHR Extension: (macpddegmcklbbnbdemccckkmhaegdlf) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\macpddegmcklbbnbdemccckkmhaegdlf [2014-11-25]
CHR Extension: (Google Wallet) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (PAYBACK Internet Assistent für Google Chrome) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbfjbhoglggakhkngkbfehgghkaadeba [2014-09-15]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-06-07] (Advanced Micro Devices, Inc.) [File not signed]
S4 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [907040 2010-05-10] (Broadcom Corporation.)
R2 CFRDBService; c:\program files\Xcalibur\system\programs\CFRDBService.exe [335923 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [56648 2014-10-29] (Google Inc.)
R2 FinAutoLogOff; c:\program files\Xcalibur\system\programs\FinAutoLogOff.exe [86068 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 Finnigan Security Server; c:\program files\Xcalibur\system\programs\finSS_Server.exe [65536 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-04-30] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Printer Control; C:\windows\system32\PrintCtrl.exe [121856 2012-10-21] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-12] (TuneUp Software)
S4 XPrint-Client-Service; C:\Program Files (x86)\Schomaecker\XPrint-Client\XPrint-Client-Service\XPrint-Client-Service.exe [1501184 2008-09-30] (Schomäcker GmbH) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-29] (Disc Soft Ltd)
S3 hcw66xxx; C:\Windows\System32\Drivers\hcw66x64.sys [753408 2009-06-03] (Hauppauge Computer Works, Inc.)
S3 massfilter_hs; C:\windows\system32\drivers\massfilter_hs.sys [18456 2011-08-15] (HandSet Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [129432 2011-08-15] (ZTE Incorporated)
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
U2 DriverService; No ImagePath
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-25 10:17 - 2014-11-25 10:18 - 00000000 ____D () C:\FRST
2014-11-25 10:15 - 2014-11-25 10:15 - 00000540 _____ () C:\Users\Lena\Desktop\defogger_disable.log
2014-11-25 10:15 - 2014-11-25 10:15 - 00000168 _____ () C:\Users\Lena\defogger_reenable
2014-11-25 10:14 - 2014-11-25 10:14 - 00000000 __SHD () C:\Users\Lena\AppData\Local\EmieBrowserModeList
2014-11-25 10:12 - 2014-11-25 10:12 - 01029608 _____ () C:\Users\Lena\Downloads\Setup v2 1.exe
2014-11-25 10:09 - 2014-11-25 10:17 - 00000793 _____ () C:\Users\Lena\Desktop\links.txt
2014-11-24 13:52 - 2014-11-24 13:52 - 00175910 _____ () C:\Users\Lena\Downloads\unterbrochene_yachse.zip
2014-11-21 13:59 - 2014-11-21 13:59 - 02140160 _____ () C:\Users\Lena\Downloads\adwcleaner_4.101 (1).exe
2014-11-21 13:41 - 2014-11-21 13:43 - 00000557 _____ () C:\Users\Lena\Downloads\zdf_hdflash_none-f.akamaihd.net15754379.f4f
2014-11-21 13:41 - 2014-11-21 13:41 - 01742260 _____ () C:\Users\Lena\Downloads\neomagazin141120.flv
2014-11-21 13:39 - 2014-11-25 09:47 - 00000000 ____D () C:\AdwCleaner
2014-11-21 13:37 - 2014-11-21 13:37 - 02140160 _____ () C:\Users\Lena\Downloads\adwcleaner_4.101.exe
2014-11-21 13:18 - 2014-11-21 13:18 - 00003146 _____ () C:\windows\System32\Tasks\{C588A2D1-8070-4EFA-B632-BE83B414FE31}
2014-11-21 12:37 - 2014-11-21 12:37 - 01522088 _____ (smart-saverplus) C:\Users\Lena\AppData\Roaming\JGQUYH.exe
2014-11-21 12:36 - 2014-11-21 12:36 - 02006952 _____ (smart-saverplus) C:\Users\Lena\AppData\Roaming\QIUEVW.exe
2014-11-21 12:31 - 2014-11-21 13:54 - 01740800 _____ () C:\Users\Lena\Downloads\zdf_hdflash_none-f.akamaihd.net11589865.f4f
2014-11-21 12:30 - 2014-11-21 12:30 - 00001091 _____ () C:\Users\Public\Desktop\StreamTransport.lnk
2014-11-21 12:30 - 2014-11-21 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport
2014-11-21 12:30 - 2014-11-21 12:30 - 00000000 ____D () C:\Program Files (x86)\StreamTransport
2014-11-21 12:29 - 2014-11-21 12:29 - 00000000 ____D () C:\Users\Lena\Downloads\streamtransport_1.1.6.2
2014-11-21 12:28 - 2014-11-21 12:29 - 17805707 _____ () C:\Users\Lena\Downloads\streamtransport_1.1.6.2 (1).zip
2014-11-21 12:28 - 2014-11-21 12:28 - 17805707 _____ () C:\Users\Lena\Downloads\streamtransport_1.1.6.2.zip
2014-11-19 15:33 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-19 15:33 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-19 15:33 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-19 15:33 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-16 16:21 - 2014-11-16 16:22 - 1356902800 _____ () C:\Users\Lena\Desktop\Gute_Zeiten_schlechte_Zeiten_14.11.15_10-10_rtl_155_TVOON_DE.mpg.avi
2014-11-14 13:49 - 2014-11-14 13:50 - 03462033 _____ () C:\Users\Lena\Downloads\pci_4filerecovery.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-14 12:05 - 2014-11-14 12:06 - 00638888 _____ (Oracle Corporation) C:\Users\Lena\Downloads\chromeinstall-8u25 (1).exe
2014-11-14 12:05 - 2014-11-14 12:05 - 00638888 _____ (Oracle Corporation) C:\Users\Lena\Downloads\chromeinstall-8u25.exe
2014-11-13 08:40 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-13 08:40 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-13 08:40 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-13 08:40 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-13 08:40 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-11-13 08:40 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-13 08:40 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-13 08:40 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-11-13 08:40 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-11-13 08:40 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-13 08:40 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-13 08:40 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-13 08:40 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-13 08:40 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-13 08:40 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-11-13 08:40 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-11-13 08:40 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-13 08:40 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-13 08:40 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-13 08:40 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-13 08:40 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-13 08:40 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-13 08:40 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-11-13 08:40 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-13 08:40 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-11-13 08:40 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 08:40 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-13 08:40 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-13 08:40 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-13 08:40 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-13 08:40 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-13 08:40 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-13 08:40 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-13 08:40 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-11-13 08:40 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-13 08:40 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-13 08:40 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 08:40 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-13 08:40 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-13 08:40 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-11-13 08:40 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-13 08:40 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-13 08:40 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-13 08:40 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-13 08:40 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-13 08:40 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-13 08:40 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-13 08:40 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-13 08:40 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-11-13 08:40 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-13 08:40 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-13 08:40 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-13 08:40 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-13 08:40 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-13 08:40 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-13 08:40 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-11-13 08:40 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-13 08:40 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-13 08:40 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-13 08:40 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-13 08:40 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-13 08:40 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-13 08:40 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-13 08:40 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-13 08:40 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-13 08:40 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-13 08:40 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-13 08:40 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-13 08:39 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-13 08:39 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-13 08:39 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-13 08:39 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-13 08:39 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-13 08:38 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-13 08:38 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-13 08:38 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-13 08:38 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-13 08:38 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-13 08:38 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-13 08:38 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-13 08:37 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-13 08:37 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-13 08:32 - 2014-11-13 09:23 - 00000000 ____D () C:\Users\Lena\Desktop\an pascal
2014-11-13 08:27 - 2014-11-13 08:28 - 00000000 ____D () C:\Users\Lena\Desktop\Kram
2014-11-12 21:57 - 2014-11-12 21:57 - 17926832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-09 01:41 - 2014-11-09 01:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-09 01:41 - 2014-11-09 01:41 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-09 01:15 - 2014-11-16 16:22 - 00000697 _____ () C:\Users\Lena\Desktop\MultidecoderLog.log
2014-11-09 01:15 - 2014-11-09 01:17 - 1319788244 _____ () C:\Users\Lena\Downloads\Gute_Zeiten_schlechte_Zeiten_14.11.08_10-00_rtl_150_TVOON_DE.mpg.avi
2014-11-09 00:14 - 2014-11-09 00:14 - 00000000 ____D () C:\Users\Lena\Downloads\OTRDecoder_2.0.0.22
2014-11-09 00:14 - 2012-08-13 15:54 - 06623232 _____ (© onlinetvrecorder.com) C:\Users\Lena\Desktop\2009Decoder.exe
2014-11-09 00:13 - 2014-11-09 00:13 - 02082889 _____ () C:\Users\Lena\Downloads\OTRDecoder_2.0.0.22.zip
2014-11-09 00:11 - 2014-11-09 01:14 - 1319788766 _____ () C:\Users\Lena\Downloads\Gute_Zeiten_schlechte_Zeiten_14.11.08_10-00_rtl_150_TVOON_DE.mpg.avi.otrkey
2014-11-07 13:43 - 2014-11-07 13:46 - 00000000 ____D () C:\Users\Lena\Downloads\Dateiordner_MM_14_-_Katalyse
2014-11-07 13:42 - 2014-11-07 13:42 - 00062640 _____ () C:\Users\Lena\Downloads\Dateiordner_MM_14_-_Katalyse.zip
2014-11-01 16:27 - 2014-11-01 16:28 - 00000000 ____D () C:\Users\Lena\Desktop\Jan
2014-10-28 12:53 - 2014-10-28 13:40 - 00000000 ____D () C:\Users\Lena\Downloads\wish i was evo
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-25 10:15 - 2012-02-01 23:10 - 00000000 ____D () C:\Users\Lena
2014-11-25 10:06 - 2011-11-24 09:17 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-25 10:01 - 2011-11-24 08:19 - 01161589 _____ () C:\windows\WindowsUpdate.log
2014-11-25 09:58 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-25 09:58 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-25 09:57 - 2012-08-12 17:55 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-25 09:55 - 2011-11-15 23:13 - 22605280 _____ () C:\windows\system32\perfh007.dat
2014-11-25 09:55 - 2011-11-15 23:13 - 07190328 _____ () C:\windows\system32\perfc007.dat
2014-11-25 09:55 - 2009-07-14 06:13 - 00782552 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-25 09:52 - 2012-02-03 21:08 - 00000000 ___RD () C:\Users\Lena\Dropbox
2014-11-25 09:51 - 2012-02-03 21:05 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Dropbox
2014-11-25 09:49 - 2011-11-24 09:17 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-25 09:49 - 2011-11-24 09:07 - 00118533 _____ () C:\windows\system32\fastboot.set
2014-11-25 09:49 - 2011-11-24 08:59 - 00899328 _____ () C:\windows\system32\TPHDLOG0.LOG
2014-11-25 09:48 - 2010-11-21 04:47 - 00379550 _____ () C:\windows\PFRO.log
2014-11-25 09:48 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-25 09:48 - 2009-07-14 05:51 - 00179698 _____ () C:\windows\setupact.log
2014-11-25 09:15 - 2014-06-02 12:35 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{4B3F3E2B-693F-40FB-8136-4BD97FE2FB88}
2014-11-24 20:59 - 2011-11-24 08:59 - 01417216 _____ () C:\windows\system32\TPAPSLOG.LOG
2014-11-21 15:16 - 2012-02-05 13:52 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\vlc
2014-11-21 13:31 - 2011-11-24 08:34 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-11-21 13:20 - 2012-02-01 23:11 - 00001421 _____ () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-19 15:20 - 2011-11-24 09:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-16 08:38 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-11-16 07:01 - 2011-11-24 09:17 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 07:01 - 2011-11-24 09:17 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-16 06:47 - 2012-02-03 21:07 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 12:57 - 2012-07-24 12:46 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-14 12:11 - 2014-03-21 14:31 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-11-14 12:11 - 2014-03-21 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-14 12:10 - 2014-03-21 14:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-13 15:29 - 2009-07-14 05:45 - 00466800 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-13 15:28 - 2014-05-06 15:30 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-13 14:19 - 2012-02-02 23:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 14:15 - 2013-07-17 16:08 - 00000000 ____D () C:\windows\system32\MRT
2014-11-13 14:07 - 2012-02-07 13:41 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-13 09:40 - 2012-02-02 23:43 - 00000000 ____D () C:\Users\Lena\AppData\Local\Microsoft Help
2014-11-13 08:30 - 2012-02-02 22:05 - 00000000 ____D () C:\Users\Lena\Desktop\Uni - aktuell
2014-11-12 21:58 - 2012-08-12 17:55 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 21:58 - 2012-04-26 15:09 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 21:58 - 2012-02-02 22:52 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-09 11:47 - 2014-01-20 19:53 - 00003694 _____ () C:\windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-11-09 01:41 - 2012-02-03 22:49 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-04 13:40 - 2012-02-02 23:17 - 00002106 _____ () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk
2014-11-01 19:05 - 2014-09-09 18:34 - 00000000 ____D () C:\ProgramData\Origin
2014-11-01 16:38 - 2014-09-09 18:34 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-01 16:28 - 2012-02-02 21:42 - 00000000 ____D () C:\Users\Lena\Desktop\Temp
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\Lena\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu7eah9.dll
C:\Users\Lena\AppData\Local\Temp\f4f2a446-6cf6-458d-b85a-dcb16e8ac472.exe
C:\Users\Lena\AppData\Local\Temp\Quarantine.exe
C:\Users\Lena\AppData\Local\Temp\s4s15.exe
C:\Users\Lena\AppData\Local\Temp\smt_mystartsearch.exe
C:\Users\Lena\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-16 08:30
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01
Ran by Lena at 2014-11-25 10:20:34
Running from C:\Users\Lena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RP2YU6S3
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
Active Protection System (HKLM-x32\...\{F493761C-E465-4B9E-9FC1-A312F161DE0A}) (Version: 1.70.11 - Lenovo)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
ATI AVIVO64 Codecs (Version: 11.6.0.10607 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{D119A8C4-21EE-9FE3-F63F-2A18FFA66B02}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Benutzerhandbuch (x32 Version: 1.0.0.6 - Lenovo) Hidden
CambridgeSoft ChemBioDraw Ultra 13.0 (HKLM-x32\...\{8A6A245D-D0CE-477F-A5D0-8F339B4FF921}) (Version: 13.0 - CambridgeSoft Corporation)
Canon MP530 (HKLM\...\{3215EBED-1D06-42fb-A05C-A752A46FB24C}) (Version: - )
CapsLK OSD (HKLM-x32\...\{BA1E422A-80A8-4AA0-B67B-CAA3D04C5162}) (Version: 1.01 - Wistron Corporation)
Chrome Remote Desktop Host (HKLM-x32\...\{8432E4EF-ABFB-48C8-B77B-24728E71D3DD}) (Version: 39.0.2171.46 - Google Inc.)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.48.0.0 - Conexant)
Cool Edit Pro 2.1 (HKLM-x32\...\Cool Edit Pro 2.1) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Die Sims 4 Digital Deluxe Edition MULTi2 1.0 (HKLM-x32\...\Die Sims 4 Digital Deluxe Edition MULTi2 1.0) (Version: - )
Dropbox (HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.1.0.7705 - Thomson Reuters)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.0 - Lenovo)
Energy Management (x32 Version: 6.0.2.0 - Lenovo) Hidden
Geochemical Data Toolkit (GCDkit) version 3.00 (HKLM-x32\...\GCDkit_is1) (Version: 3.00 - Vojtech Janousek)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2066.1.9B05 - )
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KaleidaGraph 4.0 (HKLM-x32\...\KaleidaGraph 4.0) (Version: - )
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.2100 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1119.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.5 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 3.1.14.0 - Lenovo)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - Croatian/Hrvatski (HKLM\...\Office14.OMUI.hr-hr) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - German/Deutsch (HKLM\...\Office14.OMUI.de-de) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{CE94C252-25AD-41A0-97B6-DD4F0E886F26}) (Version: 8.5.3.14 - Nitro)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Origin 8G (HKLM-x32\...\{A912021A-FEDD-4DA3-8DB4-245EBDA84778}) (Version: 8.0 - OriginLabCorporation)
Origin8 (x32 Version: 8.00.000 - OriginLab) Hidden
PowerXpressHybrid (x32 Version: 1.00.0000 - ATI) Hidden
R for Windows 2.13.2 (HKLM\...\R for Windows 2.13.2_is1) (Version: 2.13.2 - R Development Core Team)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - Thomson Reuters)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 64-Bit Edition (HKLM\...\{90140000-0100-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{F8F9897A-AA29-43EB-8847-94E0253CD458}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 64-Bit Edition (HKLM\...\{90140000-0100-041A-1000-0000000FF1CE}_Office14.OMUI.hr-hr_{F23A8864-BE36-42E6-B561-602F6D97F8B0}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
StreamTransport version: 1.1.6.2 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.20.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
The Geochemist's Workbench® Student (64-bit) (HKLM\...\The Geochemist's Workbench® Student) (Version: 10.0.2 - Aqueous Solutions LLC)
Trillian (HKLM-x32\...\Trillian) (Version: - )
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.143 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.143 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.143 - TuneUp Software) Hidden
Ulead PhotoImpact X3 (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 1.00.0000 - Corel)
Ulead PhotoImpact X3 (x32 Version: 1.00.0000 - Corel) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{3D46565E-4D02-11E3-A75C-F04DA23A5C58}) (Version: 12.0.765 - Sony)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Vokabel Trainer 5 (HKLM-x32\...\{5E0D2061-86AB-4B83-A671-A0BF3FF1537B}_is1) (Version: - Manuel Wäschle)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows-Treiberpaket - Silicon Laboratories (silabenm) Ports (10/18/2013 6.6.1.0) (HKLM\...\F92C2D6CB4EA0EE558BDF5F8BDD69083DFC62179) (Version: 10/18/2013 6.6.1.0 - Silicon Laboratories)
WinRAR 4.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
Wuala (HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\Wuala) (Version: 1.0.400.0 - LaCie)
Wuala CBFS (HKLM-x32\...\Wuala CBFS) (Version: 3.2.107.0 - LaCie)
Wuala OverlayIcons (HKLM-x32\...\Wuala OverlayIcons) (Version: 1.0.0.2 - LaCie)
Xcalibur (HKLM-x32\...\{2E6EE352-C3CB-49F3-8E8F-7D2ECD851025}) (Version: 2.0 - Thermo Electron Corporation)
Xcalibur (HKLM-x32\...\Xcalibur) (Version: - )
X-Print 4.0 Client (HKLM-x32\...\X-Print Client Uni Oldenburg_is1) (Version: - Schomaecker GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
12-11-2014 20:49:19 Windows Update
13-11-2014 13:04:27 Windows Update
18-11-2014 07:58:36 Windows Update
19-11-2014 15:56:36 Windows Update
24-11-2014 07:27:44 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2013-12-19 16:20 - 00000990 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 secure.tune-up.com
127.0.0.1 order.tune-up.com
127.0.0.1 tune-up.com
127.0.0.1 tune-up.com/order
127.0.0.1 registertuneup.com
127.0.0.1 tuneup.de
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {00E7614F-7E48-41CD-95E7-3F54ED4CE7B8} - System32\Tasks\{4020507A-ED5B-4C77-A26D-CB0874B79107} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {06FC69B4-BFBD-448F-AAB0-078F055B0D96} - System32\Tasks\{01DE917C-5949-4F01-83C0-03D6F0BB1724} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {0AC0427F-260F-4A27-A21F-684A632E3C1F} - System32\Tasks\{F2CD06AA-430C-420E-988B-96B4D24127E2} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {0C3748FE-3015-4409-8537-94E5A93EE163} - System32\Tasks\{08782E88-905D-4254-9B32-8110EFAC79C7} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {0EBF0398-71E9-4893-B257-54DF2638F34E} - System32\Tasks\{3EAA1582-32CC-48DB-8E68-05F27365DE70} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {14515E65-BDEC-46A6-ACF4-D7B8303CB74B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {1B365D98-FBC9-4D3C-A52E-3E24E61C6E2B} - System32\Tasks\{8576B14E-635C-4B11-BF46-828566916692} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {227872E2-C365-4E46-BB70-0E0A329A0131} - System32\Tasks\{AEEC5FEA-4964-43E4-B38A-FD3E109BEE37} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {24F7D27B-20BD-4673-90C9-6E7F237D4D6C} - System32\Tasks\{CB4F2896-9C21-403A-B127-7AF9515BBE21} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {266EA990-56F5-4F8D-8B6F-589C592F8D87} - System32\Tasks\{3006EAE6-D769-4AA0-9A54-19B04DF2B63C} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {299FA769-AA1B-4578-B039-A002FAA37C0F} - System32\Tasks\{D0A8A544-2466-48D3-A2D9-6CF7AA90BF6A} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {2C1E9FA6-9B55-4696-82C1-97505848CC62} - System32\Tasks\{D561BCFC-3B3E-4CE5-9C48-03B99780356D} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {33E36C43-594E-483F-968D-013D1A8A4CD4} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {348BC2D3-EBC4-42AB-9F44-59213BAE62D2} - System32\Tasks\{249874D2-B1C9-4DC7-AA00-D2B049EA2541} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {34E1DD06-F07B-45A3-AE98-5E5D6F04D1C8} - System32\Tasks\{22771F33-5DD5-4FA5-9A2B-7FDEFDAAA154} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {391C7C80-2F8E-4B26-9C81-546A4CC703A3} - System32\Tasks\{AF49ECC8-1FF1-4C89-8877-D3AED4EB9D29} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {4E75F262-FEF6-4B5F-BF7D-01BE19EBA13D} - System32\Tasks\{19FC3153-0A92-4F4B-A99F-C9ABA2DFDC01} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {50ACBDEE-7FBC-4CAF-A8D1-522D6622D849} - System32\Tasks\{01167FF7-EBD1-410E-B570-C65B8006CB02} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {523CE372-6D9C-4007-81C1-7BD51FD5F2DB} - System32\Tasks\{BBDAA678-02CA-4436-8DCA-FA8514C39505} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {5504C353-4C09-45B7-9E3E-E058F4D8C0BF} - System32\Tasks\{2B0D0EDC-9FB8-40D4-A2C3-B5BFE0CC1F53} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {55D6BEAD-4561-4740-BB44-29A864A9F6F8} - System32\Tasks\{BA392231-58B1-4214-94CD-36C155CC4E97} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {570F1C0C-2CFB-4078-9488-87B487E3E159} - System32\Tasks\{B3B7FE93-261C-4923-AF5C-00C408E8EAE6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {587A52E1-BC58-453F-B31D-61D4D390B13D} - System32\Tasks\{AAC990F9-3A2E-4703-AA6D-C3A4A6CA5F51} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {58C1AE44-135D-4B8C-B800-60F9C6687924} - System32\Tasks\{5DE8D8BB-13A0-4454-BE44-BAF03DA06BF6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {58F3FE2A-DE6F-499C-9D26-A2F6C7AB886E} - System32\Tasks\{A54D0C57-C5D0-4E29-BEB3-CADAA0FD0DB0} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {60FBD709-C038-48D7-A067-BCCDF9F81511} - System32\Tasks\{913F3351-5754-4D31-823E-1E20580D08F5} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {63DE05B4-D775-41AA-85A3-EBEC4AE24D97} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-09-12] (Adobe Systems Incorporated)
Task: {66C90E4D-1392-46C6-8FE7-1AB14C2D877C} - System32\Tasks\{7C186B9B-B67F-46C6-A368-A60C6F24F85B} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6962AF8A-9BD1-4E54-BA76-32D1CDCE3506} - System32\Tasks\{E483989C-7E6D-40B4-8251-918BD76AB8C1} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6A97F3BB-98CE-404D-B9CF-4146C353264C} - System32\Tasks\{A7AFC2C1-1D45-4107-8247-9B4B56E8045F} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6AAFD2DC-69E2-4F0C-BD04-E75A41112ED8} - System32\Tasks\{0BA9020C-4F7A-4F93-9F89-FDD40C38E9CA} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6C6C5D56-98A8-4203-9519-3FB20ED29694} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1212337627-971504644-1430933440-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6CFAF34B-9CE0-43FE-B806-28159EB0BAD7} - System32\Tasks\{EE47BD74-879C-43F0-9391-6284BF34095A} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6F6881F0-3B25-4499-A7BC-FFE5B8B9217A} - System32\Tasks\{109DEE8F-C2B6-405D-AD74-FDF8D790D2B5} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {77D2DE5F-3527-46A6-9968-7FDA9B60C7DC} - System32\Tasks\{BC9228D7-982F-4CBE-8738-9153AA4205C4} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {7914820F-20B4-48B5-99FE-AC8E1BFEE04A} - System32\Tasks\{E9AA7520-FC3A-4EA1-B4C6-CB6C061083CF} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {7EDA1AA7-E47C-49A0-922D-7E09AFC554AD} - System32\Tasks\{2B255C49-9E64-4C59-8BCE-C31EC531D1D2} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {7EF2126F-05E9-4602-B6C7-8223DC9F80A1} - System32\Tasks\{47397D46-CFB4-48CC-97A3-078486CB13FA} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {7FBEA9E5-1A82-46C9-A08D-17D5B9DA750E} - System32\Tasks\{F092AF25-2C88-479A-A42D-5A1431C69F1D} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {83AC4797-54B7-4D04-95DA-38D87FACCC08} - System32\Tasks\{AFF6F41E-FC9B-4FFB-8216-0463AD0F673C} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {86456C99-DF69-4B12-9A6C-EB7335850507} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {86C66B62-3D9A-4A18-B8A5-770AC639F70E} - System32\Tasks\{7D412BCF-BCC3-474F-9FB6-74DF95DBBBA9} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {88C87A12-D22B-4CDA-A2DE-981D5FCF7EFD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {897094FF-C05B-4353-AD0F-4AA94FA3B8B4} - System32\Tasks\{26069290-B482-45FB-87D1-20D01578E95F} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {8CB4E6AF-A41B-4276-A34F-A7ED43C2673D} - System32\Tasks\{41136BC5-7AD2-4278-B3A5-0F38C8B19430} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {8E17507E-3BBF-4DA2-8F5E-284C2F1096CF} - System32\Tasks\{33B1792C-CD7A-48C2-A0CB-FD5A9675311D} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {923BE8F8-FCB1-42E2-901E-B7C32549BB91} - System32\Tasks\{58161606-0679-4D1B-B0A8-8F95A57925DB} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {951B034B-15F7-487A-A9AE-FA9D53290469} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {97888C78-931B-4639-A3B4-949FAEBCBE0D} - System32\Tasks\ESTsoft RunAsStdUser 13956130Task => C:\Program Files (x86)\ESTsoft\ALZip\ALZip.exe
Task: {9845E76E-F1E1-4D79-A82C-436AA59CE056} - System32\Tasks\{CB2A185E-9E1D-447D-9304-C4F8A6EB7AB6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {9D512684-C235-45E1-B839-5BAD68601E6D} - System32\Tasks\{BF84DDEF-17D8-4E7F-8360-B3AEEC843D4F} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {9D694E75-36D4-4F1C-AFC2-617EE9EA55F5} - System32\Tasks\{9BE280A0-C1D2-4790-9E3B-0B7B5B214F1F} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A106E5C3-6B0A-485B-95F4-77AA07354D22} - System32\Tasks\{ADDA7E9B-C494-4596-AC26-172F8F070537} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A19B571E-3D98-4B7B-947E-D1B3F0A16E16} - System32\Tasks\{4565AE61-6D16-4218-A319-6AE82C9889C6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A538BA99-E8F2-40F0-83FC-B8443EB36264} - System32\Tasks\{BABE07E1-AC3D-4C3E-9299-3ED866B08DA5} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A6828F60-3541-4F1F-B7DE-C500EB78264E} - System32\Tasks\{894BBCBE-5D5F-463B-A4AD-BA0A5D457A35} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A9D50511-9116-427D-A9E1-E45C5155EF05} - System32\Tasks\{DB441232-02FE-40A6-8727-76989185FD26} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {AA0418A4-F211-4999-B9DC-2F568FA107E6} - System32\Tasks\{BD14321C-7945-4711-9CE5-AC048BD024FC} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {AAF4B297-F7B7-4CF9-B00A-28CD2409D5C1} - System32\Tasks\{CE686764-6487-4D94-955F-B0A1AD6311F1} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {ABAAA8F6-3BCC-495A-8542-7A52D263EC03} - System32\Tasks\{74C66739-DB18-4A09-BEF6-BD07C5E42630} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {B933231D-8ECA-4DE6-8EB1-F25F478B0F0D} - System32\Tasks\{29EB7EC0-610B-492D-AE41-BB7BC77BBA8B} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {B9355C7E-0414-4364-A545-9CFD07C5AB93} - System32\Tasks\{67656875-8FF7-45D0-9B9C-B935DC0A3B99} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {BAD6127F-DA5B-499F-A762-0F3878DB8518} - System32\Tasks\{9DAA7BA6-E4D0-484A-BBCC-CC97E11D1064} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {BC888F8E-77F6-4E51-9760-1B0CFFEF58A6} - System32\Tasks\{2C24AF76-7016-4308-BACC-19633B0DE882} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {C305FB85-5FBC-4270-BED5-252B6BD2A379} - System32\Tasks\{E13B99C4-DADA-4BA0-A2EA-A630F074A73E} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {C8321C3B-BCCC-4197-B5AE-AF634EB78E57} - System32\Tasks\{3BEE7C77-9EE7-4EBC-9645-DB03B85251CB} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {DA37B859-6CF0-4681-BCA1-58F5FB44EAC3} - System32\Tasks\{1D448051-C7CE-45E1-9958-9144E5D0238B} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E08298BF-6509-44C0-89B8-FFB46654BA28} - System32\Tasks\{B9DF42DC-8DBE-4B35-9A35-B37417B84FBF} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E3B66D5E-B5D4-4362-A390-4AD360E1CA7F} - System32\Tasks\{D7F30625-EC9F-41D8-9F4A-05086D937DD6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E4E0ABB4-A4EB-4F45-A5B8-DFB20C16A902} - System32\Tasks\{7F41E535-FCC2-4689-954B-DBF2EAEE989B} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {EA3FA594-C5AE-401D-B46B-383A132A11B5} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2013-10-12] (TuneUp Software)
Task: {ECDDA82D-B8CB-4FB8-B7B7-1032A7E28721} - System32\Tasks\{F6214170-A254-44AE-9B03-554FC2A1AC41} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {EF82450D-9FEA-4A41-8814-39B1478DB095} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1212337627-971504644-1430933440-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {F00C3D0A-4C75-4DCB-A30E-EB9A485179A2} - System32\Tasks\{C270808F-23A4-4CBA-80DF-99D169A0C119} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F2445EE1-F5D5-4745-A638-25EFF5045E5B} - System32\Tasks\{4646FE01-8E8A-4144-BF7C-FDCE2314C62F} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F6F80E92-2432-4245-BF48-3FAA2F131547} - System32\Tasks\{68627B48-73BD-434C-8CAC-62506298D7E4} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F8787AB1-D908-411C-A623-F79FC8022F6C} - System32\Tasks\{090A20F8-1ACF-4472-9048-4EBAEB5E8E52} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F9D977FB-FE0B-4BAA-8FDD-7F8F3496EB54} - System32\Tasks\{CED677EA-BB9C-4F0C-806E-A9155E01838F} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-02-07 13:24 - 2007-02-09 10:41 - 00014848 _____ () C:\windows\System32\KOAZXJ_L.dll
2011-06-07 23:09 - 2011-06-07 23:09 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-10-12 02:29 - 2013-10-12 02:29 - 00757048 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2008-12-20 04:20 - 2011-11-24 09:25 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 04:20 - 2011-11-24 09:25 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2011-11-24 08:49 - 2010-10-25 13:43 - 00015400 _____ () C:\Program Files\CapsLK OSD\64\COKHOOK.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2010-03-23 13:26 - 2010-03-23 13:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2014-11-25 09:50 - 2014-11-25 09:50 - 00043008 _____ () c:\users\lena\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu7eah9.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Lena\AppData\Roaming\Dropbox\bin\libcef.dll
2014-06-12 08:39 - 2014-06-12 08:40 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-06-12 08:40 - 2014-06-12 08:40 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-12 08:40 - 2014-06-12 08:40 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2012-11-22 09:05 - 2012-11-21 06:26 - 00008704 _____ () C:\Users\Lena\AppData\Roaming\Thunderbird\Profiles\haek98nc.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk => C:\windows\pss\vpngui.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^xprint-client.lnk => C:\windows\pss\xprint-client.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Lena^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Wuala.lnk => C:\windows\pss\Wuala.lnk.Startup
MSCONFIG\startupreg: 332BigDog => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Lenovo EE Boot Optimizer => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
MSCONFIG\startupreg: lxdiamon => "C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe"
MSCONFIG\startupreg: lxdimon.exe => "C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\Lena\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Lena\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: UIExec => "C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe"
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
========================= Accounts: ==========================
Administrator (S-1-5-21-1212337627-971504644-1430933440-500 - Administrator - Disabled)
Gast (S-1-5-21-1212337627-971504644-1430933440-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1212337627-971504644-1430933440-1003 - Limited - Enabled)
Lena (S-1-5-21-1212337627-971504644-1430933440-1001 - Administrator - Enabled) => C:\Users\Lena
Xcalibur_System (S-1-5-21-1212337627-971504644-1430933440-1004 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/25/2014 09:55:32 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (11/25/2014 09:50:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/25/2014 09:13:08 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (11/25/2014 09:03:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/24/2014 07:49:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (11/24/2014 07:10:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (11/24/2014 08:29:52 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (11/24/2014 08:24:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/21/2014 03:18:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (11/21/2014 03:11:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (11/25/2014 09:48:40 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (11/25/2014 09:47:39 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (11/25/2014 09:27:38 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
Error: (11/25/2014 09:01:08 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (11/24/2014 09:04:35 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (11/24/2014 04:49:57 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Browser erreicht.
Error: (11/24/2014 08:22:31 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (11/21/2014 03:26:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (11/21/2014 03:10:11 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (11/21/2014 02:38:50 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Microsoft Office Sessions:
=========================
Error: (11/25/2014 09:55:32 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (11/25/2014 09:50:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/25/2014 09:13:08 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (11/25/2014 09:03:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/24/2014 07:49:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (11/24/2014 07:10:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (11/24/2014 08:29:52 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (11/24/2014 08:24:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/21/2014 03:18:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (11/21/2014 03:11:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: AMD E-450 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 42%
Total physical RAM: 3688.67 MB
Available physical RAM: 2117.01 MB
Total Pagefile: 13375.52 MB
Available Pagefile: 11532.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:421.81 GB) (Free:100.2 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:7.38 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9DA6949F)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-25 10:58:19
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000073 ST950032 rev.0011 465.76GB
Running: Gmer-19357.exe; Driver: C:\Users\Lena\AppData\Local\Temp\kxldapow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff8000340a000 65 bytes [29, 65, 30, 0F, 29, 6D, 40, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 594 fffff8000340a042 37 bytes {ADD [RAX], AL; ADD [RBX+RCX*4-0x7b], CL; CALL 0xffffffffa800000b}
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819ea40ae
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819ea40ae@90c11569f9c1 0x7F 0xF2 0x2D 0x70 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819ea40ae@d850e60ee635 0x6F 0xD0 0x90 0xD3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819ea40ae@9ce6e711052b 0x06 0x4B 0x58 0x20 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819ea40ae (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819ea40ae@90c11569f9c1 0x7F 0xF2 0x2D 0x70 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819ea40ae@d850e60ee635 0x6F 0xD0 0x90 0xD3 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819ea40ae@9ce6e711052b 0x06 0x4B 0x58 0x20 ...
---- EOF - GMER 2.1 ----
 |
|
25.11.2014, 11:34
| #2 |
| /// the machine /// TB-Ausbilder    | Malware und Adware Befall nach Installation von "StreamTransport" hi,
__________________Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
25.11.2014, 20:12
| #3 |
| | Malware und Adware Befall nach Installation von "StreamTransport" So, hier die nächsten Scans:
__________________MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 25.11.2014 Suchlauf-Zeit: 18:41:39 Logdatei: mbam.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.11.25.10 Rootkit Datenbank: v2014.11.22.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Lena Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 339796 Verstrichene Zeit: 34 Min, 6 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 1 PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.26182, In Quarantäne, [ea1470cf4a3280b6c33f42e561a203fd], Dateien: 27 PUP.Optional.SmartSaver.A, C:\Users\Lena\AppData\Roaming\JGQUYH.exe, In Quarantäne, [c43af84785f76ccad6d5f284b54ce51b], PUP.Optional.SmartSaver.A, C:\Users\Lena\AppData\Roaming\QIUEVW.exe, In Quarantäne, [48b65ce3f28af93dfcaf8bebb24f7789], Trojan.Onlinegames, C:\$Recycle.Bin\S-1-5-21-1212337627-971504644-1430933440-1001\$RAKANHB.dll, In Quarantäne, [4faf44fb8fed39fd1bc28c2a17ebc937], PUP.Optional.Soft32, C:\$Recycle.Bin\S-1-5-21-1212337627-971504644-1430933440-1001\$R4CFSAV.exe, In Quarantäne, [21dd95aad6a60b2b0501ffc49c65f60a], Trojan.Onlinegames, C:\$Recycle.Bin\S-1-5-21-1212337627-971504644-1430933440-1001\$RGTJ0QV\3dmgame.rar, In Quarantäne, [bb43b48b502c3ef874696e4842c0da26], PUP.Optional.Bundle, C:\Users\Lena\AppData\Local\Temp\smt_mystartsearch.exe, In Quarantäne, [c23c3d02ea92a78f2143984f13ee9d63], PUP.Optional.Wajam, C:\Users\Lena\AppData\Local\Temp\9FDA.tmp, In Quarantäne, [b04e4cf3ceae90a69872a2178e73748c], PUP.Optional.CrossRider.A, C:\Users\Lena\AppData\Local\Temp\s4s15.exe, In Quarantäne, [fc02b78884f834026b4f2dae05fc2ed2], PUP.Optional.Clara.A, C:\Users\Lena\AppData\Local\Temp\f4f2a446-6cf6-458d-b85a-dcb16e8ac472.exe, In Quarantäne, [7a84013e1e5ec274ea3556776a974ab6], PUP.Optional.OpenCandy, C:\Users\Lena\Downloads\DTLite4491-0356 (1).exe, In Quarantäne, [649a5ae5d5a7e056a336304bbb4a50b0], RiskWare.Tool.CK, C:\Windows\KMService.exe, In Quarantäne, [42bc80bfa3d94fe7b9ecbc7747bba55b], PUP.Optional.Boost.A, C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage, In Quarantäne, [75894ff0b9c31d19eb98421249baee12], PUP.Optional.Boost.A, C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, In Quarantäne, [906ecb749fddea4c2b58d67ec34002fe], PUP.Optional.SelectNGo.A, C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, In Quarantäne, [1ee0e6595c20ad8917a7a9b747bc5fa1], PUP.Optional.SelectNGo.A, C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, In Quarantäne, [5f9f5ce3c4b8db5b823caeb20ef57090], PUP.Optional.LiveLyrics.A, C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage, In Quarantäne, [ce30fa45adcfa591bd4c8dd529da51af], PUP.Optional.LiveLyrics.A, C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal, In Quarantäne, [cc32d56a324a280e61a8b4ae29da1ce4], PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.26182\GoogleCrashHandler.exe, In Quarantäne, [ea1470cf4a3280b6c33f42e561a203fd], PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.26182\GoogleUpdate.exe, In Quarantäne, [ea1470cf4a3280b6c33f42e561a203fd], PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.26182\GoogleUpdateBroker.exe, In Quarantäne, [ea1470cf4a3280b6c33f42e561a203fd], PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.26182\GoogleUpdateHelper.msi, In Quarantäne, [ea1470cf4a3280b6c33f42e561a203fd], PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.26182\GoogleUpdateOnDemand.exe, In Quarantäne, [ea1470cf4a3280b6c33f42e561a203fd], PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.26182\goopdate.dll, In Quarantäne, [ea1470cf4a3280b6c33f42e561a203fd], PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.26182\goopdateres_en.dll, In Quarantäne, [ea1470cf4a3280b6c33f42e561a203fd], PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.26182\npGoogleUpdate4.dll, In Quarantäne, [ea1470cf4a3280b6c33f42e561a203fd], PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.26182\psmachine.dll, In Quarantäne, [ea1470cf4a3280b6c33f42e561a203fd], PUP.Optional.GlobalUpdate.A, C:\Users\Lena\AppData\Local\Temp\comh.26182\psuser.dll, In Quarantäne, [ea1470cf4a3280b6c33f42e561a203fd], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.102 - Bericht erstellt am 25/11/2014 um 19:39:44
# Aktualisiert 23/11/2014 von Xplode
# Database : 2014-11-25.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Lena - LENA-PC
# Gestartet von : C:\Users\Lena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XUSSHS55\AdwCleaner_4.102.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gelöscht : C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17420
-\\ Mozilla Firefox v
-\\ Google Chrome v39.0.2171.65
*************************
AdwCleaner[R0].txt - [9228 octets] - [21/11/2014 13:39:06]
AdwCleaner[R1].txt - [1025 octets] - [21/11/2014 14:19:06]
AdwCleaner[R2].txt - [2579 octets] - [25/11/2014 09:15:25]
AdwCleaner[R3].txt - [1907 octets] - [25/11/2014 19:24:20]
AdwCleaner[S0].txt - [8440 octets] - [21/11/2014 13:54:26]
AdwCleaner[S1].txt - [1087 octets] - [21/11/2014 14:33:53]
AdwCleaner[S2].txt - [2640 octets] - [25/11/2014 09:47:06]
AdwCleaner[S3].txt - [1689 octets] - [25/11/2014 19:39:44]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1749 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by Lena on 25.11.2014 at 19:45:50.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\windows\s.bat"
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{1E1B671B-3F38-4B03-8E22-46B5BB55AAA0}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{23DC4DDE-E5FB-44E5-B55F-B79AA0C4311C}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{289F7ABD-4E09-48D4-994A-038C8917E380}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{4ABEB3B1-99BF-4D4E-81BB-8C91149DE11B}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{59BB0E92-FDEC-4ED6-BC28-FBCAFB20F017}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{6F1C7B74-AA71-46FA-864A-1F54968C9626}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{811D4618-1137-4FBD-BD8F-4473C88F4E7F}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{829C472D-E232-4FB6-8D13-07D18808D60C}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{A0AFB9C8-DFEA-4C7B-B596-ACB39037FC05}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{BC9BF0E7-18BC-44D2-863C-779B7017E6C2}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{CA87122C-6F1E-4ED5-96AF-6E5C525EB727}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{D19C6C32-D66B-4465-8AEA-0C03257512AC}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{E3E7A408-FD13-4BE3-B049-C2F424AD6760}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{FD215A26-191C-4B7E-8C66-F503E04FEDEC}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.11.2014 at 19:53:15.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by Lena (administrator) on LENA-PC on 25-11-2014 20:04:49
Running from C:\Users\Lena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RP2YU6S3
Loaded Profile: Lena (Available profiles: Lena)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\CFRDBService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\FinAutoLogOff.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\finSS_Server.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) C:\Windows\System32\PrintCtrl.exe
(Lenovo.) C:\Windows\System32\TPHDEXLG64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe
(Wistron Corp.) C:\Program Files\CapsLK OSD\64\Capsosd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_223_ActiveX.exe
(Farbar) C:\Users\Lena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RP2YU6S3\FRST64 (1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2396968 2010-10-21] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\System32\TpShocks.exe [231328 2010-03-15] (Lenovo.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-11-24] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-11-24] (Lenovo(beijing) Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [PrintDisp] => C:\windows\system32\PrintDisp.exe [870400 2012-10-29] (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
HKLM\...\Run: [{BA1E422A-80A8-4AA0-B67B-CAA3D04C5162}] => C:\Program Files\CapsLK OSD\64\CAPSOSD.EXE [3699752 2010-10-25] (Wistron Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {23d88e2a-447e-11e4-87cc-f0def1a76e65} - F:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {3fe04515-d644-11e1-ac8e-f0def1a76e65} - E:\Startme.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {3fe04581-d644-11e1-ac8e-f0def1a76e65} - E:\Startme.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {43d7657b-4fda-11e1-a7cf-f0def1a76e65} - E:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {43d765bf-4fda-11e1-a7cf-f0def1a76e65} - E:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {82f4e8e7-8611-11e1-bcf1-806e6f6e6963} - G:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {ab275ee6-4e9f-11e1-ab3c-f0def1a76e65} - G:\Windows\CHECK\DriveNavigator.exe
IFEO\btwuiext.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\effectextractor.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\youcam.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {8C253AA9-4BE6-4BBE-AB53-B530F0B00EA0} => C:\windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {8C253AA9-4BE6-4BBE-AB53-B530F0B00EA0} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52051;https=127.0.0.1:52051
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{78766EAF-1FF5-492F-97B3-AB9B54FB7625}: [NameServer] 134.106.40.3,134.106.49.2
FireFox:
========
FF ProfilePath: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: imagessnarkcoil - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\images@snark.co.il [2014-11-25]
FF Extension: Adblock Plus - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-02-05]
FF Extension: Tab Mix Plus - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-02-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-24]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-03]
FF Extension: No Name - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\extensions\tylerkeith11@aol.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (Google Cast) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-05-01]
CHR Extension: (Adblock Plus) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-09-22]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-05-01]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-05-01]
CHR Extension: (AdBlock) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-09-12]
CHR Extension: (Wikipedia Search) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipakennkogpodadpikgipnogamhklmk [2012-09-12]
CHR Extension: (macpddegmcklbbnbdemccckkmhaegdlf) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\macpddegmcklbbnbdemccckkmhaegdlf [2014-11-25]
CHR Extension: (Google Wallet) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (PAYBACK Internet Assistent für Google Chrome) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbfjbhoglggakhkngkbfehgghkaadeba [2014-09-15]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-06-07] (Advanced Micro Devices, Inc.) [File not signed]
S4 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [907040 2010-05-10] (Broadcom Corporation.)
R2 CFRDBService; c:\program files\Xcalibur\system\programs\CFRDBService.exe [335923 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [56648 2014-10-29] (Google Inc.)
R2 FinAutoLogOff; c:\program files\Xcalibur\system\programs\FinAutoLogOff.exe [86068 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 Finnigan Security Server; c:\program files\Xcalibur\system\programs\finSS_Server.exe [65536 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-04-30] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Printer Control; C:\windows\system32\PrintCtrl.exe [121856 2012-10-21] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-12] (TuneUp Software)
S4 XPrint-Client-Service; C:\Program Files (x86)\Schomaecker\XPrint-Client\XPrint-Client-Service\XPrint-Client-Service.exe [1501184 2008-09-30] (Schomäcker GmbH) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-29] (Disc Soft Ltd)
S3 hcw66xxx; C:\Windows\System32\Drivers\hcw66x64.sys [753408 2009-06-03] (Hauppauge Computer Works, Inc.)
S3 massfilter_hs; C:\windows\system32\drivers\massfilter_hs.sys [18456 2011-08-15] (HandSet Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [129432 2011-08-15] (ZTE Incorporated)
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
U2 DriverService; No ImagePath
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-25 19:45 - 2014-11-25 19:45 - 00000000 ____D () C:\windows\ERUNT
2014-11-25 19:44 - 2014-11-25 19:44 - 01707532 _____ (Thisisu) C:\Users\Lena\Downloads\JRT.exe
2014-11-25 11:43 - 2014-11-25 19:20 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-25 11:43 - 2014-11-25 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-11-25 11:42 - 2014-11-25 11:43 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-11-25 11:42 - 2014-11-25 11:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-25 11:42 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-25 11:42 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-25 11:42 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-11-25 11:31 - 2014-11-21 13:20 - 00001465 _____ () C:\Users\Lena\Desktop\Internet Explorer (No Add-ons).lnk
2014-11-25 11:26 - 2014-11-25 19:53 - 00000000 ____D () C:\Users\Lena\Desktop\Virus
2014-11-25 10:27 - 2014-11-25 10:27 - 00380416 _____ () C:\Users\Lena\Downloads\Gmer-19357.exe
2014-11-25 10:17 - 2014-11-25 20:04 - 00000000 ____D () C:\FRST
2014-11-25 10:15 - 2014-11-25 10:15 - 00000168 _____ () C:\Users\Lena\defogger_reenable
2014-11-25 10:14 - 2014-11-25 10:14 - 00000000 __SHD () C:\Users\Lena\AppData\Local\EmieBrowserModeList
2014-11-25 10:12 - 2014-11-25 10:12 - 01029608 _____ () C:\Users\Lena\Downloads\Setup v2 1.exe
2014-11-24 13:52 - 2014-11-24 13:52 - 00175910 _____ () C:\Users\Lena\Downloads\unterbrochene_yachse.zip
2014-11-21 13:59 - 2014-11-21 13:59 - 02140160 _____ () C:\Users\Lena\Downloads\adwcleaner_4.101 (1).exe
2014-11-21 13:41 - 2014-11-21 13:43 - 00000557 _____ () C:\Users\Lena\Downloads\zdf_hdflash_none-f.akamaihd.net15754379.f4f
2014-11-21 13:41 - 2014-11-21 13:41 - 01742260 _____ () C:\Users\Lena\Downloads\neomagazin141120.flv
2014-11-21 13:39 - 2014-11-25 19:39 - 00000000 ____D () C:\AdwCleaner
2014-11-21 13:18 - 2014-11-21 13:18 - 00003146 _____ () C:\windows\System32\Tasks\{C588A2D1-8070-4EFA-B632-BE83B414FE31}
2014-11-21 12:31 - 2014-11-21 13:54 - 01740800 _____ () C:\Users\Lena\Downloads\zdf_hdflash_none-f.akamaihd.net11589865.f4f
2014-11-21 12:30 - 2014-11-21 12:30 - 00001091 _____ () C:\Users\Public\Desktop\StreamTransport.lnk
2014-11-21 12:30 - 2014-11-21 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport
2014-11-21 12:30 - 2014-11-21 12:30 - 00000000 ____D () C:\Program Files (x86)\StreamTransport
2014-11-21 12:29 - 2014-11-21 12:29 - 00000000 ____D () C:\Users\Lena\Downloads\streamtransport_1.1.6.2
2014-11-21 12:28 - 2014-11-21 12:29 - 17805707 _____ () C:\Users\Lena\Downloads\streamtransport_1.1.6.2 (1).zip
2014-11-21 12:28 - 2014-11-21 12:28 - 17805707 _____ () C:\Users\Lena\Downloads\streamtransport_1.1.6.2.zip
2014-11-19 15:33 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-19 15:33 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-19 15:33 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-19 15:33 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-16 16:21 - 2014-11-16 16:22 - 1356902800 _____ () C:\Users\Lena\Desktop\Gute_Zeiten_schlechte_Zeiten_14.11.15_10-10_rtl_155_TVOON_DE.mpg.avi
2014-11-14 13:49 - 2014-11-14 13:50 - 03462033 _____ () C:\Users\Lena\Downloads\pci_4filerecovery.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-14 12:05 - 2014-11-14 12:06 - 00638888 _____ (Oracle Corporation) C:\Users\Lena\Downloads\chromeinstall-8u25 (1).exe
2014-11-14 12:05 - 2014-11-14 12:05 - 00638888 _____ (Oracle Corporation) C:\Users\Lena\Downloads\chromeinstall-8u25.exe
2014-11-13 08:40 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-13 08:40 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-13 08:40 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-13 08:40 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-13 08:40 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-11-13 08:40 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-13 08:40 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-13 08:40 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-11-13 08:40 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-11-13 08:40 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-13 08:40 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-13 08:40 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-13 08:40 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-13 08:40 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-13 08:40 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-11-13 08:40 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-11-13 08:40 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-13 08:40 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-13 08:40 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-13 08:40 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-13 08:40 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-13 08:40 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-13 08:40 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-11-13 08:40 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-13 08:40 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-11-13 08:40 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 08:40 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-13 08:40 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-13 08:40 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-13 08:40 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-13 08:40 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-13 08:40 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-13 08:40 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-13 08:40 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-11-13 08:40 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-13 08:40 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-13 08:40 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 08:40 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-13 08:40 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-13 08:40 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-11-13 08:40 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-13 08:40 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-13 08:40 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-13 08:40 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-13 08:40 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-13 08:40 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-13 08:40 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-13 08:40 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-13 08:40 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-11-13 08:40 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-13 08:40 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-13 08:40 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-13 08:40 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-13 08:40 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-13 08:40 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-13 08:40 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-11-13 08:40 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-13 08:40 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-13 08:40 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-13 08:40 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-13 08:40 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-13 08:40 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-13 08:40 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-13 08:40 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-13 08:40 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-13 08:40 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-13 08:40 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-13 08:40 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-13 08:39 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-13 08:39 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-13 08:39 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-13 08:39 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-13 08:39 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-13 08:38 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-13 08:38 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-13 08:38 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-13 08:38 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-13 08:38 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-13 08:38 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-13 08:38 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-13 08:37 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-13 08:37 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-13 08:32 - 2014-11-13 09:23 - 00000000 ____D () C:\Users\Lena\Desktop\an pascal
2014-11-13 08:27 - 2014-11-13 08:28 - 00000000 ____D () C:\Users\Lena\Desktop\Kram
2014-11-12 21:57 - 2014-11-12 21:57 - 17926832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-09 01:41 - 2014-11-09 01:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-09 01:41 - 2014-11-09 01:41 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-09 01:15 - 2014-11-16 16:22 - 00000697 _____ () C:\Users\Lena\Desktop\MultidecoderLog.log
2014-11-09 01:15 - 2014-11-09 01:17 - 1319788244 _____ () C:\Users\Lena\Downloads\Gute_Zeiten_schlechte_Zeiten_14.11.08_10-00_rtl_150_TVOON_DE.mpg.avi
2014-11-09 00:14 - 2014-11-09 00:14 - 00000000 ____D () C:\Users\Lena\Downloads\OTRDecoder_2.0.0.22
2014-11-09 00:14 - 2012-08-13 15:54 - 06623232 _____ (© onlinetvrecorder.com) C:\Users\Lena\Desktop\2009Decoder.exe
2014-11-09 00:13 - 2014-11-09 00:13 - 02082889 _____ () C:\Users\Lena\Downloads\OTRDecoder_2.0.0.22.zip
2014-11-09 00:11 - 2014-11-09 01:14 - 1319788766 _____ () C:\Users\Lena\Downloads\Gute_Zeiten_schlechte_Zeiten_14.11.08_10-00_rtl_150_TVOON_DE.mpg.avi.otrkey
2014-11-07 13:43 - 2014-11-07 13:46 - 00000000 ____D () C:\Users\Lena\Downloads\Dateiordner_MM_14_-_Katalyse
2014-11-07 13:42 - 2014-11-07 13:42 - 00062640 _____ () C:\Users\Lena\Downloads\Dateiordner_MM_14_-_Katalyse.zip
2014-11-01 16:27 - 2014-11-01 16:28 - 00000000 ____D () C:\Users\Lena\Desktop\Jan
2014-10-28 12:53 - 2014-10-28 13:40 - 00000000 ____D () C:\Users\Lena\Downloads\wish i was evo
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-25 20:06 - 2011-11-24 09:17 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-25 20:04 - 2011-11-24 08:59 - 01418112 _____ () C:\windows\system32\TPAPSLOG.LOG
2014-11-25 20:03 - 2012-02-03 21:08 - 00000000 ___RD () C:\Users\Lena\Dropbox
2014-11-25 20:02 - 2012-02-03 21:05 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Dropbox
2014-11-25 20:01 - 2011-11-24 09:17 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-25 20:01 - 2011-11-24 09:07 - 00114431 _____ () C:\windows\system32\fastboot.set
2014-11-25 20:01 - 2011-11-24 08:59 - 00900096 _____ () C:\windows\system32\TPHDLOG0.LOG
2014-11-25 20:01 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-25 20:01 - 2009-07-14 05:51 - 00179922 _____ () C:\windows\setupact.log
2014-11-25 20:00 - 2011-11-24 08:19 - 01191939 _____ () C:\windows\WindowsUpdate.log
2014-11-25 19:59 - 2011-11-15 23:13 - 22664448 _____ () C:\windows\system32\perfh007.dat
2014-11-25 19:59 - 2011-11-15 23:13 - 07209272 _____ () C:\windows\system32\perfc007.dat
2014-11-25 19:59 - 2009-07-14 06:13 - 00782552 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-25 19:57 - 2012-08-12 17:55 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-25 19:48 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-25 19:48 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-25 19:40 - 2010-11-21 04:47 - 00388690 _____ () C:\windows\PFRO.log
2014-11-25 10:15 - 2012-02-01 23:10 - 00000000 ____D () C:\Users\Lena
2014-11-25 09:15 - 2014-06-02 12:35 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{4B3F3E2B-693F-40FB-8136-4BD97FE2FB88}
2014-11-21 15:16 - 2012-02-05 13:52 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\vlc
2014-11-21 13:31 - 2011-11-24 08:34 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-11-21 13:20 - 2012-02-01 23:11 - 00001421 _____ () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-19 15:20 - 2011-11-24 09:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-16 08:38 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-11-16 07:01 - 2011-11-24 09:17 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 07:01 - 2011-11-24 09:17 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-16 06:47 - 2012-02-03 21:07 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 12:57 - 2012-07-24 12:46 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-14 12:11 - 2014-03-21 14:31 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-11-14 12:11 - 2014-03-21 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-14 12:10 - 2014-03-21 14:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-13 15:29 - 2009-07-14 05:45 - 00466800 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-13 15:28 - 2014-05-06 15:30 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-13 14:19 - 2012-02-02 23:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 14:15 - 2013-07-17 16:08 - 00000000 ____D () C:\windows\system32\MRT
2014-11-13 14:07 - 2012-02-07 13:41 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-13 09:40 - 2012-02-02 23:43 - 00000000 ____D () C:\Users\Lena\AppData\Local\Microsoft Help
2014-11-13 08:30 - 2012-02-02 22:05 - 00000000 ____D () C:\Users\Lena\Desktop\Uni - aktuell
2014-11-12 21:58 - 2012-08-12 17:55 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 21:58 - 2012-04-26 15:09 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 21:58 - 2012-02-02 22:52 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-09 11:47 - 2014-01-20 19:53 - 00003694 _____ () C:\windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-11-09 01:41 - 2012-02-03 22:49 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-04 13:40 - 2012-02-02 23:17 - 00002106 _____ () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk
2014-11-01 19:05 - 2014-09-09 18:34 - 00000000 ____D () C:\ProgramData\Origin
2014-11-01 16:38 - 2014-09-09 18:34 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-01 16:28 - 2012-02-02 21:42 - 00000000 ____D () C:\Users\Lena\Desktop\Temp
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\Lena\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzkirv7.dll
C:\Users\Lena\AppData\Local\Temp\Quarantine.exe
C:\Users\Lena\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-16 08:30
==================== End Of Log ============================
|
|
26.11.2014, 21:08
| #4 |
| /// the machine /// TB-Ausbilder | Malware und Adware Befall nach Installation von "StreamTransport"ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.11.2014, 13:39
| #5 |
| | Malware und Adware Befall nach Installation von "StreamTransport" Hallo. Die Scans sind nun endlich fertig geworden. Hier die logs: ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5d43decdeb53cb4fa9077d9942e64f2d
# engine=21287
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-27 02:31:16
# local_time=2014-11-27 03:31:16 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 6734252 111276286 0 0
# scanned=334569
# found=16
# cleaned=0
# scan_time=23905
sh=1CD938B47A629EE9C0D4D0C0BA4E20EA7B93AB75 ft=1 fh=7ca20754e5d7b048 vn="Variante von MSIL/Soft32Downloader.C evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1212337627-971504644-1430933440-1001\$RGKRGIR.exe"
sh=2FC3A5E92137A2B80A59D68B7C62C774C50FFE00 ft=1 fh=938e1c7bdaa228ad vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir"
sh=12EBF6FC8AD543662053CA101C2D5DA175137EB2 ft=1 fh=c71c00119e5c1a87 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir"
sh=8F0ABE23DDA3F9DC04497B1A4F455AF8CE9D45B8 ft=1 fh=787e176d56997de7 vn="Win64/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir"
sh=43B2963293CE3865C32132A4802B92531C16D256 ft=1 fh=e1d0248c77f0c9d9 vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=9AE9A2C0B8241366357206097FD312B5671FCAE8 ft=1 fh=dc7a3c84863e13b7 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir"
sh=2B55DF509EC5D62C5FB44E14E63AAC90371B917F ft=1 fh=918bb53878474d1f vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=84616836894B9CACA83D683872A132424128D9CB ft=1 fh=23b3d2b5787c7150 vn="Win32/ELEX.BC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=91ED2700DBFDAA31B3BFEBDFE42A82560839F79F ft=1 fh=880198fb47121cea vn="Variante von Win32/Packed.VMProtect.AAA Trojaner" ac=I fn="C:\Program Files (x86)\Die Sims 4 Digital Deluxe Edition\Game\Bin\3dmgame.dll"
sh=4D50D87B348650F99E46B9125AF0817D233D1B92 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lena\AppData\Local\Temp\FC8B.tmp"
sh=CF919FED236CA05A64A33F0083CBEFD3449FB276 ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2012-1723.AL Trojaner" ac=I fn="C:\Users\Lena\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\2c832eda-366e0b2c"
sh=8B3141CE7DCA47BD4FF37ED9F0DA4053F5B0B0C2 ft=1 fh=6c7012509d6c7827 vn="Variante von Win32/SoftPulse.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lena\Downloads\Setup v2 1.exe"
sh=F346D91A2E5F5FBEFF8F19023463F079E6E89B7A ft=0 fh=0000000000000000 vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lena\Downloads\streamtransport_1.1.6.2 (1).zip"
sh=F346D91A2E5F5FBEFF8F19023463F079E6E89B7A ft=0 fh=0000000000000000 vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lena\Downloads\streamtransport_1.1.6.2.zip"
sh=075478ED256C74207FB1540F41BE4934B47D549B ft=1 fh=5a1a58d6a5023955 vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lena\Downloads\streamtransport_1.1.6.2\streamtransport_chrome_setup1.1.6.2.exe"
sh=E18B5242B0C893DF09E34A9E89DE551503F31591 ft=1 fh=5a1a58d6d884f372 vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lena\Downloads\streamtransport_1.1.6.2\Streamtransport IE10\streamtransport_setup.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.90
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
TuneUp Utilities 2014
TuneUp Utilities 2014 (de-DE)
TuneUp Utilities 2014
Java 8 Update 25
Java version out of Date!
Adobe Flash Player 15.0.0.239
Adobe Reader XI
Mozilla Thunderbird (24.6.0)
Google Chrome (39.0.2171.65)
Google Chrome (39.0.2171.71)
Google Chrome (chrome.exe..)
Google Chrome (Dictionaries...)
Google Chrome (master_preferences...)
Google Chrome (wow_helper.exe..)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by Lena (administrator) on LENA-PC on 27-11-2014 15:52:37
Running from C:\Users\Lena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y3QBGZDE
Loaded Profile: Lena (Available profiles: Lena)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\CFRDBService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\FinAutoLogOff.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\finSS_Server.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) C:\Windows\System32\PrintCtrl.exe
(Lenovo.) C:\Windows\System32\TPHDEXLG64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Wistron Corp.) C:\Program Files\CapsLK OSD\64\Capsosd.exe
(Dropbox, Inc.) C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_239_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2396968 2010-10-21] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\System32\TpShocks.exe [231328 2010-03-15] (Lenovo.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-11-24] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-11-24] (Lenovo(beijing) Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [PrintDisp] => C:\windows\system32\PrintDisp.exe [870400 2012-10-29] (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
HKLM\...\Run: [{BA1E422A-80A8-4AA0-B67B-CAA3D04C5162}] => C:\Program Files\CapsLK OSD\64\CAPSOSD.EXE [3699752 2010-10-25] (Wistron Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {23d88e2a-447e-11e4-87cc-f0def1a76e65} - F:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {3fe04515-d644-11e1-ac8e-f0def1a76e65} - E:\Startme.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {3fe04581-d644-11e1-ac8e-f0def1a76e65} - E:\Startme.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {43d7657b-4fda-11e1-a7cf-f0def1a76e65} - E:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {43d765bf-4fda-11e1-a7cf-f0def1a76e65} - E:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {82f4e8e7-8611-11e1-bcf1-806e6f6e6963} - G:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {ab275ee6-4e9f-11e1-ab3c-f0def1a76e65} - G:\Windows\CHECK\DriveNavigator.exe
IFEO\btwuiext.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\effectextractor.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\youcam.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {8C253AA9-4BE6-4BBE-AB53-B530F0B00EA0} => C:\windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {8C253AA9-4BE6-4BBE-AB53-B530F0B00EA0} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52051;https=127.0.0.1:52051
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{78766EAF-1FF5-492F-97B3-AB9B54FB7625}: [NameServer] 134.106.40.3,134.106.49.2
FireFox:
========
FF ProfilePath: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: imagessnarkcoil - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\images@snark.co.il [2014-11-25]
FF Extension: Adblock Plus - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-02-05]
FF Extension: Tab Mix Plus - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-02-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-24]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-03]
FF Extension: No Name - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\extensions\tylerkeith11@aol.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (Google Cast) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-05-01]
CHR Extension: (Adblock Plus) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-09-22]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-05-01]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-05-01]
CHR Extension: (AdBlock) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-09-12]
CHR Extension: (Wikipedia Search) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipakennkogpodadpikgipnogamhklmk [2012-09-12]
CHR Extension: (macpddegmcklbbnbdemccckkmhaegdlf) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\macpddegmcklbbnbdemccckkmhaegdlf [2014-11-25]
CHR Extension: (Google Wallet) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (PAYBACK Internet Assistent für Google Chrome) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbfjbhoglggakhkngkbfehgghkaadeba [2014-09-15]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-06-07] (Advanced Micro Devices, Inc.) [File not signed]
S4 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [907040 2010-05-10] (Broadcom Corporation.)
R2 CFRDBService; c:\program files\Xcalibur\system\programs\CFRDBService.exe [335923 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [56648 2014-10-29] (Google Inc.)
R2 FinAutoLogOff; c:\program files\Xcalibur\system\programs\FinAutoLogOff.exe [86068 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 Finnigan Security Server; c:\program files\Xcalibur\system\programs\finSS_Server.exe [65536 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-04-30] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Printer Control; C:\windows\system32\PrintCtrl.exe [121856 2012-10-21] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-12] (TuneUp Software)
S4 XPrint-Client-Service; C:\Program Files (x86)\Schomaecker\XPrint-Client\XPrint-Client-Service\XPrint-Client-Service.exe [1501184 2008-09-30] (Schomäcker GmbH) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-29] (Disc Soft Ltd)
S3 hcw66xxx; C:\Windows\System32\Drivers\hcw66x64.sys [753408 2009-06-03] (Hauppauge Computer Works, Inc.)
S3 massfilter_hs; C:\windows\system32\drivers\massfilter_hs.sys [18456 2011-08-15] (HandSet Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [129432 2011-08-15] (ZTE Incorporated)
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
U2 DriverService; No ImagePath
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-27 15:38 - 2014-11-27 15:38 - 00854414 _____ () C:\Users\Lena\Downloads\SecurityCheck.exe
2014-11-27 10:56 - 2014-11-27 11:01 - 00004230 _____ () C:\Users\Lena\Act2_output.txt
2014-11-27 08:46 - 2014-11-27 08:46 - 02347384 _____ (ESET) C:\Users\Lena\Downloads\esetsmartinstaller_deu.exe
2014-11-25 19:45 - 2014-11-25 19:45 - 00000000 ____D () C:\windows\ERUNT
2014-11-25 19:44 - 2014-11-25 19:44 - 01707532 _____ (Thisisu) C:\Users\Lena\Downloads\JRT.exe
2014-11-25 11:43 - 2014-11-25 19:20 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-25 11:43 - 2014-11-25 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-11-25 11:42 - 2014-11-25 11:43 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-11-25 11:42 - 2014-11-25 11:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-25 11:42 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-25 11:42 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-25 11:42 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-11-25 11:31 - 2014-11-21 13:20 - 00001465 _____ () C:\Users\Lena\Desktop\Internet Explorer (No Add-ons).lnk
2014-11-25 11:26 - 2014-11-27 15:51 - 00000000 ____D () C:\Users\Lena\Desktop\Virus
2014-11-25 10:27 - 2014-11-25 10:27 - 00380416 _____ () C:\Users\Lena\Downloads\Gmer-19357.exe
2014-11-25 10:17 - 2014-11-27 15:52 - 00000000 ____D () C:\FRST
2014-11-25 10:15 - 2014-11-25 10:15 - 00000168 _____ () C:\Users\Lena\defogger_reenable
2014-11-25 10:14 - 2014-11-25 10:14 - 00000000 __SHD () C:\Users\Lena\AppData\Local\EmieBrowserModeList
2014-11-25 10:12 - 2014-11-25 10:12 - 01029608 _____ () C:\Users\Lena\Downloads\Setup v2 1.exe
2014-11-24 13:52 - 2014-11-24 13:52 - 00175910 _____ () C:\Users\Lena\Downloads\unterbrochene_yachse.zip
2014-11-21 13:59 - 2014-11-21 13:59 - 02140160 _____ () C:\Users\Lena\Downloads\adwcleaner_4.101 (1).exe
2014-11-21 13:41 - 2014-11-21 13:43 - 00000557 _____ () C:\Users\Lena\Downloads\zdf_hdflash_none-f.akamaihd.net15754379.f4f
2014-11-21 13:41 - 2014-11-21 13:41 - 01742260 _____ () C:\Users\Lena\Downloads\neomagazin141120.flv
2014-11-21 13:39 - 2014-11-25 19:39 - 00000000 ____D () C:\AdwCleaner
2014-11-21 13:18 - 2014-11-21 13:18 - 00003146 _____ () C:\windows\System32\Tasks\{C588A2D1-8070-4EFA-B632-BE83B414FE31}
2014-11-21 12:31 - 2014-11-21 13:54 - 01740800 _____ () C:\Users\Lena\Downloads\zdf_hdflash_none-f.akamaihd.net11589865.f4f
2014-11-21 12:29 - 2014-11-21 12:29 - 00000000 ____D () C:\Users\Lena\Downloads\streamtransport_1.1.6.2
2014-11-21 12:28 - 2014-11-21 12:29 - 17805707 _____ () C:\Users\Lena\Downloads\streamtransport_1.1.6.2 (1).zip
2014-11-21 12:28 - 2014-11-21 12:28 - 17805707 _____ () C:\Users\Lena\Downloads\streamtransport_1.1.6.2.zip
2014-11-19 15:33 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-19 15:33 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-19 15:33 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-19 15:33 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-16 16:21 - 2014-11-16 16:22 - 1356902800 _____ () C:\Users\Lena\Desktop\Gute_Zeiten_schlechte_Zeiten_14.11.15_10-10_rtl_155_TVOON_DE.mpg.avi
2014-11-14 13:49 - 2014-11-14 13:50 - 03462033 _____ () C:\Users\Lena\Downloads\pci_4filerecovery.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-14 12:05 - 2014-11-14 12:06 - 00638888 _____ (Oracle Corporation) C:\Users\Lena\Downloads\chromeinstall-8u25 (1).exe
2014-11-14 12:05 - 2014-11-14 12:05 - 00638888 _____ (Oracle Corporation) C:\Users\Lena\Downloads\chromeinstall-8u25.exe
2014-11-13 08:40 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-13 08:40 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-13 08:40 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-13 08:40 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-13 08:40 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-11-13 08:40 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-13 08:40 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-13 08:40 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-11-13 08:40 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-11-13 08:40 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-13 08:40 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-13 08:40 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-13 08:40 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-13 08:40 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-13 08:40 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-11-13 08:40 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-11-13 08:40 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-13 08:40 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-13 08:40 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-13 08:40 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-13 08:40 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-13 08:40 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-13 08:40 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-11-13 08:40 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-13 08:40 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-11-13 08:40 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 08:40 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-13 08:40 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-13 08:40 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-13 08:40 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-13 08:40 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-13 08:40 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-13 08:40 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-13 08:40 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-11-13 08:40 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-13 08:40 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-13 08:40 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 08:40 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-13 08:40 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-13 08:40 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-11-13 08:40 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-13 08:40 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-13 08:40 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-13 08:40 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-13 08:40 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-13 08:40 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-13 08:40 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-13 08:40 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-13 08:40 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-11-13 08:40 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-13 08:40 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-13 08:40 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-13 08:40 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-13 08:40 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-13 08:40 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-13 08:40 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-11-13 08:40 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-13 08:40 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-13 08:40 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-13 08:40 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-13 08:40 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-13 08:40 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-13 08:40 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-13 08:40 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-13 08:40 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-13 08:40 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-13 08:40 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-13 08:40 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-13 08:39 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-13 08:39 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-13 08:39 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-13 08:39 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-13 08:39 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-13 08:38 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-13 08:38 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-13 08:38 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-13 08:38 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-13 08:38 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-13 08:38 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-13 08:38 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-13 08:37 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-13 08:37 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-13 08:32 - 2014-11-13 09:23 - 00000000 ____D () C:\Users\Lena\Desktop\an pascal
2014-11-13 08:27 - 2014-11-27 08:56 - 00000000 ____D () C:\Users\Lena\Desktop\Kram
2014-11-09 01:41 - 2014-11-09 01:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-09 01:41 - 2014-11-09 01:41 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-09 01:15 - 2014-11-16 16:22 - 00000697 _____ () C:\Users\Lena\Desktop\MultidecoderLog.log
2014-11-09 01:15 - 2014-11-09 01:17 - 1319788244 _____ () C:\Users\Lena\Downloads\Gute_Zeiten_schlechte_Zeiten_14.11.08_10-00_rtl_150_TVOON_DE.mpg.avi
2014-11-09 00:14 - 2014-11-09 00:14 - 00000000 ____D () C:\Users\Lena\Downloads\OTRDecoder_2.0.0.22
2014-11-09 00:14 - 2012-08-13 15:54 - 06623232 _____ (© onlinetvrecorder.com) C:\Users\Lena\Desktop\2009Decoder.exe
2014-11-09 00:13 - 2014-11-09 00:13 - 02082889 _____ () C:\Users\Lena\Downloads\OTRDecoder_2.0.0.22.zip
2014-11-09 00:11 - 2014-11-09 01:14 - 1319788766 _____ () C:\Users\Lena\Downloads\Gute_Zeiten_schlechte_Zeiten_14.11.08_10-00_rtl_150_TVOON_DE.mpg.avi.otrkey
2014-11-07 13:43 - 2014-11-07 13:46 - 00000000 ____D () C:\Users\Lena\Downloads\Dateiordner_MM_14_-_Katalyse
2014-11-07 13:42 - 2014-11-07 13:42 - 00062640 _____ () C:\Users\Lena\Downloads\Dateiordner_MM_14_-_Katalyse.zip
2014-11-01 16:27 - 2014-11-01 16:28 - 00000000 ____D () C:\Users\Lena\Desktop\Jan
2014-10-28 12:53 - 2014-10-28 13:40 - 00000000 ____D () C:\Users\Lena\Downloads\wish i was evo
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-27 15:44 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-27 15:44 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-27 15:41 - 2011-11-24 08:59 - 00902016 _____ () C:\windows\system32\TPHDLOG0.LOG
2014-11-27 15:41 - 2011-11-24 08:19 - 01282889 _____ () C:\windows\WindowsUpdate.log
2014-11-27 15:06 - 2011-11-24 09:17 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-27 14:57 - 2012-08-12 17:55 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-27 10:56 - 2012-02-01 23:10 - 00000000 ____D () C:\Users\Lena
2014-11-27 10:55 - 2014-07-14 14:00 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\GWB
2014-11-27 08:56 - 2011-11-24 08:59 - 01419520 _____ () C:\windows\system32\TPAPSLOG.LOG
2014-11-27 08:46 - 2011-11-15 23:13 - 22782784 _____ () C:\windows\system32\perfh007.dat
2014-11-27 08:46 - 2011-11-15 23:13 - 07247160 _____ () C:\windows\system32\perfc007.dat
2014-11-27 08:46 - 2009-07-14 06:13 - 00782552 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-27 08:45 - 2012-02-03 21:08 - 00000000 ___RD () C:\Users\Lena\Dropbox
2014-11-27 08:44 - 2012-02-03 21:05 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Dropbox
2014-11-27 08:41 - 2011-11-24 09:17 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-27 08:41 - 2011-11-24 09:07 - 00157529 _____ () C:\windows\system32\fastboot.set
2014-11-27 08:41 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-27 08:41 - 2009-07-14 05:51 - 00180202 _____ () C:\windows\setupact.log
2014-11-26 15:57 - 2012-08-12 17:55 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 15:57 - 2012-04-26 15:09 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 15:57 - 2012-02-02 22:52 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 14:26 - 2014-06-02 12:35 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{4B3F3E2B-693F-40FB-8136-4BD97FE2FB88}
2014-11-25 19:40 - 2010-11-21 04:47 - 00388690 _____ () C:\windows\PFRO.log
2014-11-21 15:16 - 2012-02-05 13:52 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\vlc
2014-11-21 13:31 - 2011-11-24 08:34 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-11-21 13:20 - 2012-02-01 23:11 - 00001421 _____ () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-19 15:20 - 2011-11-24 09:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-16 08:38 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-11-16 07:01 - 2011-11-24 09:17 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 07:01 - 2011-11-24 09:17 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-16 06:47 - 2012-02-03 21:07 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 12:57 - 2012-07-24 12:46 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-14 12:11 - 2014-03-21 14:31 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-11-14 12:11 - 2014-03-21 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-14 12:10 - 2014-03-21 14:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-13 15:29 - 2009-07-14 05:45 - 00466800 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-13 15:28 - 2014-05-06 15:30 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-13 14:19 - 2012-02-02 23:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 14:15 - 2013-07-17 16:08 - 00000000 ____D () C:\windows\system32\MRT
2014-11-13 14:07 - 2012-02-07 13:41 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-13 09:40 - 2012-02-02 23:43 - 00000000 ____D () C:\Users\Lena\AppData\Local\Microsoft Help
2014-11-13 08:30 - 2012-02-02 22:05 - 00000000 ____D () C:\Users\Lena\Desktop\Uni - aktuell
2014-11-09 11:47 - 2014-01-20 19:53 - 00003694 _____ () C:\windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-11-09 01:41 - 2012-02-03 22:49 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-04 13:40 - 2012-02-02 23:17 - 00002106 _____ () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk
2014-11-01 19:05 - 2014-09-09 18:34 - 00000000 ____D () C:\ProgramData\Origin
2014-11-01 16:38 - 2014-09-09 18:34 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-01 16:28 - 2012-02-02 21:42 - 00000000 ____D () C:\Users\Lena\Desktop\Temp
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\Lena\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxj89ym.dll
C:\Users\Lena\AppData\Local\Temp\Quarantine.exe
C:\Users\Lena\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-25 21:26
==================== End Of Log ============================
Gehe ich auf chip.de zeigt Adblock 68 geblockte Inhalte an und auf der rechten Seite sehe ich so eine Art Popup-Werbefenster, welches schon ganz zu Anfang des Adware-Befalls immer auftauchte (unten dran steht "Bereitgestellt von Info" oder "ads by Info"). Sobald ich auf irgendeiner Seite auf einen Link klicke öffnet sich eine Adware-Seite., zB: hxxp://fugupdates106.com/lp/... hxxp://de.reimageplus.com/lp/... Da Chrome ja unbenutzbar durch die Adware ist und ich nach 2 Tagen Internet Explorer von diesem (der aber nicht betroffen ist) nur noch angenervt bin habe ich mir Firefox runtergeladen. Leider treten die Adware-Probleme bei dem auch sofort auf... |
|
29.11.2014, 09:32
| #6 |
| /// the machine /// TB-Ausbilder | Malware und Adware Befall nach Installation von "StreamTransport" Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52051;https=127.0.0.1:52051
FF Extension: No Name - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\extensions\tylerkeith11@aol.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
FRST öffnen, Haken setzen bei Addition und scannen, poste bitte beide Logfiles.
__________________ --> Malware und Adware Befall nach Installation von "StreamTransport" |
|
30.11.2014, 12:43
| #7 |
| | Malware und Adware Befall nach Installation von "StreamTransport" Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01
Ran by Lena at 2014-11-30 12:24:20 Run:1
Running from C:\Users\Lena\Downloads
Loaded Profile: Lena (Available profiles: Lena)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52051;https=127.0.0.1:52051
FF Extension: No Name - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\extensions\tylerkeith11@aol.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Emptytemp:
*****************
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\extensions\tylerkeith11@aol.com not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
EmptyTemp: => Removed 663.2 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by Lena (administrator) on LENA-PC on 30-11-2014 12:30:22
Running from C:\Users\Lena\Downloads
Loaded Profile: Lena (Available profiles: Lena)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\CFRDBService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\FinAutoLogOff.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\finSS_Server.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) C:\Windows\System32\PrintCtrl.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe
(Lenovo.) C:\Windows\System32\TPHDEXLG64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Wistron Corp.) C:\Program Files\CapsLK OSD\64\Capsosd.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2396968 2010-10-21] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\System32\TpShocks.exe [231328 2010-03-15] (Lenovo.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-11-24] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-11-24] (Lenovo(beijing) Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [PrintDisp] => C:\windows\system32\PrintDisp.exe [870400 2012-10-29] (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
HKLM\...\Run: [{BA1E422A-80A8-4AA0-B67B-CAA3D04C5162}] => C:\Program Files\CapsLK OSD\64\CAPSOSD.EXE [3699752 2010-10-25] (Wistron Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {23d88e2a-447e-11e4-87cc-f0def1a76e65} - F:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {3fe04515-d644-11e1-ac8e-f0def1a76e65} - E:\Startme.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {3fe04581-d644-11e1-ac8e-f0def1a76e65} - E:\Startme.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {43d7657b-4fda-11e1-a7cf-f0def1a76e65} - E:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {43d765bf-4fda-11e1-a7cf-f0def1a76e65} - E:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {82f4e8e7-8611-11e1-bcf1-806e6f6e6963} - G:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {ab275ee6-4e9f-11e1-ab3c-f0def1a76e65} - G:\Windows\CHECK\DriveNavigator.exe
IFEO\btwuiext.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\effectextractor.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\youcam.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {8C253AA9-4BE6-4BBE-AB53-B530F0B00EA0} => C:\windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {8C253AA9-4BE6-4BBE-AB53-B530F0B00EA0} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52051;https=127.0.0.1:52051
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{78766EAF-1FF5-492F-97B3-AB9B54FB7625}: [NameServer] 134.106.40.3,134.106.49.2
FireFox:
========
FF ProfilePath: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default
FF DefaultSearchEngine: Wikipedia (de)
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: imagessnarkcoil - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\images@snark.co.il [2014-11-25]
FF Extension: Adblock Plus - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-02-05]
FF Extension: Tab Mix Plus - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-02-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-24]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-03]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (Google Cast) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-05-01]
CHR Extension: (Adblock Plus) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-09-22]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-05-01]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-05-01]
CHR Extension: (AdBlock) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-09-12]
CHR Extension: (Wikipedia Search) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipakennkogpodadpikgipnogamhklmk [2012-09-12]
CHR Extension: (macpddegmcklbbnbdemccckkmhaegdlf) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\macpddegmcklbbnbdemccckkmhaegdlf [2014-11-25]
CHR Extension: (Google Wallet) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (PAYBACK Internet Assistent für Google Chrome) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbfjbhoglggakhkngkbfehgghkaadeba [2014-09-15]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-06-07] (Advanced Micro Devices, Inc.) [File not signed]
S4 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [907040 2010-05-10] (Broadcom Corporation.)
R2 CFRDBService; c:\program files\Xcalibur\system\programs\CFRDBService.exe [335923 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [56648 2014-10-29] (Google Inc.)
R2 FinAutoLogOff; c:\program files\Xcalibur\system\programs\FinAutoLogOff.exe [86068 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 Finnigan Security Server; c:\program files\Xcalibur\system\programs\finSS_Server.exe [65536 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-04-30] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Printer Control; C:\windows\system32\PrintCtrl.exe [121856 2012-10-21] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-12] (TuneUp Software)
S4 XPrint-Client-Service; C:\Program Files (x86)\Schomaecker\XPrint-Client\XPrint-Client-Service\XPrint-Client-Service.exe [1501184 2008-09-30] (Schomäcker GmbH) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-29] (Disc Soft Ltd)
S3 hcw66xxx; C:\Windows\System32\Drivers\hcw66x64.sys [753408 2009-06-03] (Hauppauge Computer Works, Inc.)
S3 massfilter_hs; C:\windows\system32\drivers\massfilter_hs.sys [18456 2011-08-15] (HandSet Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [129432 2011-08-15] (ZTE Incorporated)
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
U2 DriverService; No ImagePath
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-30 12:30 - 2014-11-30 12:32 - 00021623 _____ () C:\Users\Lena\Downloads\FRST.txt
2014-11-30 12:23 - 2014-11-30 12:23 - 02117632 _____ (Farbar) C:\Users\Lena\Downloads\FRST64.exe
2014-11-27 15:38 - 2014-11-27 15:38 - 00854414 _____ () C:\Users\Lena\Downloads\SecurityCheck.exe
2014-11-27 10:56 - 2014-11-27 11:01 - 00004230 _____ () C:\Users\Lena\Act2_output.txt
2014-11-27 08:46 - 2014-11-27 08:46 - 02347384 _____ (ESET) C:\Users\Lena\Downloads\esetsmartinstaller_deu.exe
2014-11-25 19:45 - 2014-11-25 19:45 - 00000000 ____D () C:\windows\ERUNT
2014-11-25 19:44 - 2014-11-25 19:44 - 01707532 _____ (Thisisu) C:\Users\Lena\Downloads\JRT.exe
2014-11-25 11:43 - 2014-11-25 19:20 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-25 11:43 - 2014-11-25 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-11-25 11:42 - 2014-11-25 11:43 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-11-25 11:42 - 2014-11-25 11:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-25 11:42 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-25 11:42 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-25 11:42 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-11-25 11:31 - 2014-11-21 13:20 - 00001465 _____ () C:\Users\Lena\Desktop\Internet Explorer (No Add-ons).lnk
2014-11-25 11:26 - 2014-11-30 12:30 - 00000000 ____D () C:\Users\Lena\Desktop\Virus
2014-11-25 10:27 - 2014-11-25 10:27 - 00380416 _____ () C:\Users\Lena\Downloads\Gmer-19357.exe
2014-11-25 10:17 - 2014-11-30 12:30 - 00000000 ____D () C:\FRST
2014-11-25 10:15 - 2014-11-25 10:15 - 00000168 _____ () C:\Users\Lena\defogger_reenable
2014-11-25 10:14 - 2014-11-25 10:14 - 00000000 __SHD () C:\Users\Lena\AppData\Local\EmieBrowserModeList
2014-11-25 10:12 - 2014-11-25 10:12 - 01029608 _____ () C:\Users\Lena\Downloads\Setup v2 1.exe
2014-11-24 13:52 - 2014-11-24 13:52 - 00175910 _____ () C:\Users\Lena\Downloads\unterbrochene_yachse.zip
2014-11-21 13:59 - 2014-11-21 13:59 - 02140160 _____ () C:\Users\Lena\Downloads\adwcleaner_4.101 (1).exe
2014-11-21 13:41 - 2014-11-21 13:43 - 00000557 _____ () C:\Users\Lena\Downloads\zdf_hdflash_none-f.akamaihd.net15754379.f4f
2014-11-21 13:41 - 2014-11-21 13:41 - 01742260 _____ () C:\Users\Lena\Downloads\neomagazin141120.flv
2014-11-21 13:39 - 2014-11-28 13:52 - 00000000 ____D () C:\AdwCleaner
2014-11-21 13:18 - 2014-11-21 13:18 - 00003146 _____ () C:\windows\System32\Tasks\{C588A2D1-8070-4EFA-B632-BE83B414FE31}
2014-11-21 12:31 - 2014-11-21 13:54 - 01740800 _____ () C:\Users\Lena\Downloads\zdf_hdflash_none-f.akamaihd.net11589865.f4f
2014-11-21 12:29 - 2014-11-21 12:29 - 00000000 ____D () C:\Users\Lena\Downloads\streamtransport_1.1.6.2
2014-11-21 12:28 - 2014-11-21 12:29 - 17805707 _____ () C:\Users\Lena\Downloads\streamtransport_1.1.6.2 (1).zip
2014-11-21 12:28 - 2014-11-21 12:28 - 17805707 _____ () C:\Users\Lena\Downloads\streamtransport_1.1.6.2.zip
2014-11-19 15:33 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-19 15:33 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-19 15:33 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-19 15:33 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-16 16:21 - 2014-11-16 16:22 - 1356902800 _____ () C:\Users\Lena\Desktop\Gute_Zeiten_schlechte_Zeiten_14.11.15_10-10_rtl_155_TVOON_DE.mpg.avi
2014-11-14 13:49 - 2014-11-14 13:50 - 03462033 _____ () C:\Users\Lena\Downloads\pci_4filerecovery.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-14 12:05 - 2014-11-14 12:06 - 00638888 _____ (Oracle Corporation) C:\Users\Lena\Downloads\chromeinstall-8u25 (1).exe
2014-11-14 12:05 - 2014-11-14 12:05 - 00638888 _____ (Oracle Corporation) C:\Users\Lena\Downloads\chromeinstall-8u25.exe
2014-11-13 08:40 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-13 08:40 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-13 08:40 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-13 08:40 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-13 08:40 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-11-13 08:40 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-13 08:40 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-13 08:40 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-11-13 08:40 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-11-13 08:40 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-13 08:40 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-13 08:40 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-13 08:40 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-13 08:40 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-13 08:40 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-11-13 08:40 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-11-13 08:40 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-13 08:40 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-13 08:40 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-13 08:40 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-13 08:40 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-13 08:40 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-13 08:40 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-11-13 08:40 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-13 08:40 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-11-13 08:40 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 08:40 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-13 08:40 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-13 08:40 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-13 08:40 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-13 08:40 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-13 08:40 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-13 08:40 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-13 08:40 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-11-13 08:40 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-13 08:40 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-13 08:40 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 08:40 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-13 08:40 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-13 08:40 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-11-13 08:40 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-13 08:40 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-13 08:40 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-13 08:40 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-13 08:40 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-13 08:40 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-13 08:40 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-13 08:40 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-13 08:40 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-11-13 08:40 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-13 08:40 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-13 08:40 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-13 08:40 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-13 08:40 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-13 08:40 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-13 08:40 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-11-13 08:40 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-13 08:40 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-13 08:40 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-13 08:40 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-13 08:40 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-13 08:40 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-13 08:40 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-13 08:40 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-13 08:40 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-13 08:40 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-13 08:40 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-13 08:40 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-13 08:39 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-13 08:39 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-13 08:39 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-13 08:39 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-13 08:39 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-13 08:38 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-13 08:38 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-13 08:38 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-13 08:38 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-13 08:38 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-13 08:38 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-13 08:38 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-13 08:37 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-13 08:37 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-13 08:32 - 2014-11-13 09:23 - 00000000 ____D () C:\Users\Lena\Desktop\an pascal
2014-11-13 08:27 - 2014-11-28 15:34 - 00000000 ____D () C:\Users\Lena\Desktop\Kram
2014-11-09 01:41 - 2014-11-09 01:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-09 01:41 - 2014-11-09 01:41 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-09 01:15 - 2014-11-16 16:22 - 00000697 _____ () C:\Users\Lena\Desktop\MultidecoderLog.log
2014-11-09 01:15 - 2014-11-09 01:17 - 1319788244 _____ () C:\Users\Lena\Downloads\Gute_Zeiten_schlechte_Zeiten_14.11.08_10-00_rtl_150_TVOON_DE.mpg.avi
2014-11-09 00:14 - 2014-11-09 00:14 - 00000000 ____D () C:\Users\Lena\Downloads\OTRDecoder_2.0.0.22
2014-11-09 00:14 - 2012-08-13 15:54 - 06623232 _____ (© onlinetvrecorder.com) C:\Users\Lena\Desktop\2009Decoder.exe
2014-11-09 00:13 - 2014-11-09 00:13 - 02082889 _____ () C:\Users\Lena\Downloads\OTRDecoder_2.0.0.22.zip
2014-11-09 00:11 - 2014-11-09 01:14 - 1319788766 _____ () C:\Users\Lena\Downloads\Gute_Zeiten_schlechte_Zeiten_14.11.08_10-00_rtl_150_TVOON_DE.mpg.avi.otrkey
2014-11-07 13:43 - 2014-11-07 13:46 - 00000000 ____D () C:\Users\Lena\Downloads\Dateiordner_MM_14_-_Katalyse
2014-11-07 13:42 - 2014-11-07 13:42 - 00062640 _____ () C:\Users\Lena\Downloads\Dateiordner_MM_14_-_Katalyse.zip
2014-11-01 16:27 - 2014-11-01 16:28 - 00000000 ____D () C:\Users\Lena\Desktop\Jan
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-30 12:30 - 2012-02-03 21:08 - 00000000 ___RD () C:\Users\Lena\Dropbox
2014-11-30 12:30 - 2012-02-03 21:05 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Dropbox
2014-11-30 12:29 - 2011-11-24 09:07 - 00130329 _____ () C:\windows\system32\fastboot.set
2014-11-30 12:28 - 2011-11-24 09:17 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-30 12:28 - 2011-11-24 08:59 - 00903424 _____ () C:\windows\system32\TPHDLOG0.LOG
2014-11-30 12:28 - 2010-11-21 04:47 - 00399904 _____ () C:\windows\PFRO.log
2014-11-30 12:28 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-30 12:28 - 2009-07-14 05:51 - 00180538 _____ () C:\windows\setupact.log
2014-11-30 12:27 - 2011-11-24 08:19 - 01404506 _____ () C:\windows\WindowsUpdate.log
2014-11-30 12:22 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-30 12:22 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-30 12:19 - 2011-11-15 23:13 - 22841952 _____ () C:\windows\system32\perfh007.dat
2014-11-30 12:19 - 2011-11-15 23:13 - 07266104 _____ () C:\windows\system32\perfc007.dat
2014-11-30 12:19 - 2009-07-14 06:13 - 00782552 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-30 12:17 - 2014-06-02 12:35 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{4B3F3E2B-693F-40FB-8136-4BD97FE2FB88}
2014-11-30 12:15 - 2011-11-24 08:59 - 01420224 _____ () C:\windows\system32\TPAPSLOG.LOG
2014-11-28 14:06 - 2011-11-24 09:17 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-28 13:57 - 2012-08-12 17:55 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-28 13:52 - 2012-02-01 23:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-28 13:31 - 2012-02-01 23:57 - 00000000 ____D () C:\Users\Lena\AppData\Local\Mozilla
2014-11-27 10:56 - 2012-02-01 23:10 - 00000000 ____D () C:\Users\Lena
2014-11-27 10:55 - 2014-07-14 14:00 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\GWB
2014-11-26 15:57 - 2012-08-12 17:55 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 15:57 - 2012-04-26 15:09 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 15:57 - 2012-02-02 22:52 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-21 15:16 - 2012-02-05 13:52 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\vlc
2014-11-21 13:31 - 2011-11-24 08:34 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-11-21 13:20 - 2012-02-01 23:11 - 00001421 _____ () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-19 15:20 - 2011-11-24 09:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-16 08:38 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-11-16 07:01 - 2011-11-24 09:17 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 07:01 - 2011-11-24 09:17 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-16 06:47 - 2012-02-03 21:07 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 12:57 - 2012-07-24 12:46 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-14 12:11 - 2014-03-21 14:31 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-11-14 12:11 - 2014-03-21 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-14 12:10 - 2014-03-21 14:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-13 15:29 - 2009-07-14 05:45 - 00466800 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-13 15:28 - 2014-05-06 15:30 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-13 14:19 - 2012-02-02 23:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 14:15 - 2013-07-17 16:08 - 00000000 ____D () C:\windows\system32\MRT
2014-11-13 14:07 - 2012-02-07 13:41 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-13 09:40 - 2012-02-02 23:43 - 00000000 ____D () C:\Users\Lena\AppData\Local\Microsoft Help
2014-11-13 08:30 - 2012-02-02 22:05 - 00000000 ____D () C:\Users\Lena\Desktop\Uni - aktuell
2014-11-09 11:47 - 2014-01-20 19:53 - 00003694 _____ () C:\windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-11-09 01:41 - 2012-02-03 22:49 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-04 13:40 - 2012-02-02 23:17 - 00002106 _____ () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk
2014-11-01 19:05 - 2014-09-09 18:34 - 00000000 ____D () C:\ProgramData\Origin
2014-11-01 16:38 - 2014-09-09 18:34 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-01 16:28 - 2012-02-02 21:42 - 00000000 ____D () C:\Users\Lena\Desktop\Temp
Some content of TEMP:
====================
C:\Users\Lena\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpabtb9n.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-25 21:26
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
Ran by Lena at 2014-11-30 12:33:39
Running from C:\Users\Lena\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
Active Protection System (HKLM-x32\...\{F493761C-E465-4B9E-9FC1-A312F161DE0A}) (Version: 1.70.11 - Lenovo)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
ATI AVIVO64 Codecs (Version: 11.6.0.10607 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{D119A8C4-21EE-9FE3-F63F-2A18FFA66B02}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Benutzerhandbuch (x32 Version: 1.0.0.6 - Lenovo) Hidden
CambridgeSoft ChemBioDraw Ultra 13.0 (HKLM-x32\...\{8A6A245D-D0CE-477F-A5D0-8F339B4FF921}) (Version: 13.0 - CambridgeSoft Corporation)
Canon MP530 (HKLM\...\{3215EBED-1D06-42fb-A05C-A752A46FB24C}) (Version: - )
CapsLK OSD (HKLM-x32\...\{BA1E422A-80A8-4AA0-B67B-CAA3D04C5162}) (Version: 1.01 - Wistron Corporation)
Chrome Remote Desktop Host (HKLM-x32\...\{8432E4EF-ABFB-48C8-B77B-24728E71D3DD}) (Version: 39.0.2171.46 - Google Inc.)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.48.0.0 - Conexant)
Cool Edit Pro 2.1 (HKLM-x32\...\Cool Edit Pro 2.1) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Die Sims 4 Digital Deluxe Edition MULTi2 1.0 (HKLM-x32\...\Die Sims 4 Digital Deluxe Edition MULTi2 1.0) (Version: - )
Dropbox (HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.1.0.7705 - Thomson Reuters)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.0 - Lenovo)
Energy Management (x32 Version: 6.0.2.0 - Lenovo) Hidden
Geochemical Data Toolkit (GCDkit) version 3.00 (HKLM-x32\...\GCDkit_is1) (Version: 3.00 - Vojtech Janousek)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2066.1.9B05 - )
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KaleidaGraph 4.0 (HKLM-x32\...\KaleidaGraph 4.0) (Version: - )
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.2100 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1119.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.5 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 3.1.14.0 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - Croatian/Hrvatski (HKLM\...\Office14.OMUI.hr-hr) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - German/Deutsch (HKLM\...\Office14.OMUI.de-de) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{CE94C252-25AD-41A0-97B6-DD4F0E886F26}) (Version: 8.5.3.14 - Nitro)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Origin 8G (HKLM-x32\...\{A912021A-FEDD-4DA3-8DB4-245EBDA84778}) (Version: 8.0 - OriginLabCorporation)
Origin8 (x32 Version: 8.00.000 - OriginLab) Hidden
PowerXpressHybrid (x32 Version: 1.00.0000 - ATI) Hidden
R for Windows 2.13.2 (HKLM\...\R for Windows 2.13.2_is1) (Version: 2.13.2 - R Development Core Team)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - Thomson Reuters)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 64-Bit Edition (HKLM\...\{90140000-0100-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{F8F9897A-AA29-43EB-8847-94E0253CD458}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 64-Bit Edition (HKLM\...\{90140000-0100-041A-1000-0000000FF1CE}_Office14.OMUI.hr-hr_{F23A8864-BE36-42E6-B561-602F6D97F8B0}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.20.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
The Geochemist's Workbench® Student (64-bit) (HKLM\...\The Geochemist's Workbench® Student) (Version: 10.0.2 - Aqueous Solutions LLC)
Trillian (HKLM-x32\...\Trillian) (Version: - )
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.143 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.143 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.143 - TuneUp Software) Hidden
Ulead PhotoImpact X3 (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 1.00.0000 - Corel)
Ulead PhotoImpact X3 (x32 Version: 1.00.0000 - Corel) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{3D46565E-4D02-11E3-A75C-F04DA23A5C58}) (Version: 12.0.765 - Sony)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Vokabel Trainer 5 (HKLM-x32\...\{5E0D2061-86AB-4B83-A671-A0BF3FF1537B}_is1) (Version: - Manuel Wäschle)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows-Treiberpaket - Silicon Laboratories (silabenm) Ports (10/18/2013 6.6.1.0) (HKLM\...\F92C2D6CB4EA0EE558BDF5F8BDD69083DFC62179) (Version: 10/18/2013 6.6.1.0 - Silicon Laboratories)
WinRAR 4.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
Wuala (HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\Wuala) (Version: 1.0.400.0 - LaCie)
Wuala CBFS (HKLM-x32\...\Wuala CBFS) (Version: 3.2.107.0 - LaCie)
Wuala OverlayIcons (HKLM-x32\...\Wuala OverlayIcons) (Version: 1.0.0.2 - LaCie)
Xcalibur (HKLM-x32\...\{2E6EE352-C3CB-49F3-8E8F-7D2ECD851025}) (Version: 2.0 - Thermo Electron Corporation)
Xcalibur (HKLM-x32\...\Xcalibur) (Version: - )
X-Print 4.0 Client (HKLM-x32\...\X-Print Client Uni Oldenburg_is1) (Version: - Schomaecker GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1212337627-971504644-1430933440-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
13-11-2014 13:04:27 Windows Update
18-11-2014 07:58:36 Windows Update
19-11-2014 15:56:36 Windows Update
24-11-2014 07:27:44 Windows Update
27-11-2014 22:06:36 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2013-12-19 16:20 - 00000990 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 secure.tune-up.com
127.0.0.1 order.tune-up.com
127.0.0.1 tune-up.com
127.0.0.1 tune-up.com/order
127.0.0.1 registertuneup.com
127.0.0.1 tuneup.de
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {00E7614F-7E48-41CD-95E7-3F54ED4CE7B8} - System32\Tasks\{4020507A-ED5B-4C77-A26D-CB0874B79107} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {06FC69B4-BFBD-448F-AAB0-078F055B0D96} - System32\Tasks\{01DE917C-5949-4F01-83C0-03D6F0BB1724} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {0AC0427F-260F-4A27-A21F-684A632E3C1F} - System32\Tasks\{F2CD06AA-430C-420E-988B-96B4D24127E2} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {0C3748FE-3015-4409-8537-94E5A93EE163} - System32\Tasks\{08782E88-905D-4254-9B32-8110EFAC79C7} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {0EBF0398-71E9-4893-B257-54DF2638F34E} - System32\Tasks\{3EAA1582-32CC-48DB-8E68-05F27365DE70} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {14515E65-BDEC-46A6-ACF4-D7B8303CB74B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {1B365D98-FBC9-4D3C-A52E-3E24E61C6E2B} - System32\Tasks\{8576B14E-635C-4B11-BF46-828566916692} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {227872E2-C365-4E46-BB70-0E0A329A0131} - System32\Tasks\{AEEC5FEA-4964-43E4-B38A-FD3E109BEE37} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {24F7D27B-20BD-4673-90C9-6E7F237D4D6C} - System32\Tasks\{CB4F2896-9C21-403A-B127-7AF9515BBE21} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {266EA990-56F5-4F8D-8B6F-589C592F8D87} - System32\Tasks\{3006EAE6-D769-4AA0-9A54-19B04DF2B63C} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {299FA769-AA1B-4578-B039-A002FAA37C0F} - System32\Tasks\{D0A8A544-2466-48D3-A2D9-6CF7AA90BF6A} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {2C1E9FA6-9B55-4696-82C1-97505848CC62} - System32\Tasks\{D561BCFC-3B3E-4CE5-9C48-03B99780356D} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {33E36C43-594E-483F-968D-013D1A8A4CD4} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {348BC2D3-EBC4-42AB-9F44-59213BAE62D2} - System32\Tasks\{249874D2-B1C9-4DC7-AA00-D2B049EA2541} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {34E1DD06-F07B-45A3-AE98-5E5D6F04D1C8} - System32\Tasks\{22771F33-5DD5-4FA5-9A2B-7FDEFDAAA154} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {391C7C80-2F8E-4B26-9C81-546A4CC703A3} - System32\Tasks\{AF49ECC8-1FF1-4C89-8877-D3AED4EB9D29} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {4E75F262-FEF6-4B5F-BF7D-01BE19EBA13D} - System32\Tasks\{19FC3153-0A92-4F4B-A99F-C9ABA2DFDC01} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {50ACBDEE-7FBC-4CAF-A8D1-522D6622D849} - System32\Tasks\{01167FF7-EBD1-410E-B570-C65B8006CB02} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {523CE372-6D9C-4007-81C1-7BD51FD5F2DB} - System32\Tasks\{BBDAA678-02CA-4436-8DCA-FA8514C39505} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {5504C353-4C09-45B7-9E3E-E058F4D8C0BF} - System32\Tasks\{2B0D0EDC-9FB8-40D4-A2C3-B5BFE0CC1F53} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {55D6BEAD-4561-4740-BB44-29A864A9F6F8} - System32\Tasks\{BA392231-58B1-4214-94CD-36C155CC4E97} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {570F1C0C-2CFB-4078-9488-87B487E3E159} - System32\Tasks\{B3B7FE93-261C-4923-AF5C-00C408E8EAE6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {587A52E1-BC58-453F-B31D-61D4D390B13D} - System32\Tasks\{AAC990F9-3A2E-4703-AA6D-C3A4A6CA5F51} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {58C1AE44-135D-4B8C-B800-60F9C6687924} - System32\Tasks\{5DE8D8BB-13A0-4454-BE44-BAF03DA06BF6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {58F3FE2A-DE6F-499C-9D26-A2F6C7AB886E} - System32\Tasks\{A54D0C57-C5D0-4E29-BEB3-CADAA0FD0DB0} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {60FBD709-C038-48D7-A067-BCCDF9F81511} - System32\Tasks\{913F3351-5754-4D31-823E-1E20580D08F5} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {63DE05B4-D775-41AA-85A3-EBEC4AE24D97} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-09-12] (Adobe Systems Incorporated)
Task: {66C90E4D-1392-46C6-8FE7-1AB14C2D877C} - System32\Tasks\{7C186B9B-B67F-46C6-A368-A60C6F24F85B} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6962AF8A-9BD1-4E54-BA76-32D1CDCE3506} - System32\Tasks\{E483989C-7E6D-40B4-8251-918BD76AB8C1} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6A97F3BB-98CE-404D-B9CF-4146C353264C} - System32\Tasks\{A7AFC2C1-1D45-4107-8247-9B4B56E8045F} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6AAFD2DC-69E2-4F0C-BD04-E75A41112ED8} - System32\Tasks\{0BA9020C-4F7A-4F93-9F89-FDD40C38E9CA} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6C6C5D56-98A8-4203-9519-3FB20ED29694} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1212337627-971504644-1430933440-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6CFAF34B-9CE0-43FE-B806-28159EB0BAD7} - System32\Tasks\{EE47BD74-879C-43F0-9391-6284BF34095A} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6F6881F0-3B25-4499-A7BC-FFE5B8B9217A} - System32\Tasks\{109DEE8F-C2B6-405D-AD74-FDF8D790D2B5} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {77D2DE5F-3527-46A6-9968-7FDA9B60C7DC} - System32\Tasks\{BC9228D7-982F-4CBE-8738-9153AA4205C4} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {7914820F-20B4-48B5-99FE-AC8E1BFEE04A} - System32\Tasks\{E9AA7520-FC3A-4EA1-B4C6-CB6C061083CF} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {7EDA1AA7-E47C-49A0-922D-7E09AFC554AD} - System32\Tasks\{2B255C49-9E64-4C59-8BCE-C31EC531D1D2} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {7EF2126F-05E9-4602-B6C7-8223DC9F80A1} - System32\Tasks\{47397D46-CFB4-48CC-97A3-078486CB13FA} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {7FBEA9E5-1A82-46C9-A08D-17D5B9DA750E} - System32\Tasks\{F092AF25-2C88-479A-A42D-5A1431C69F1D} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {83AC4797-54B7-4D04-95DA-38D87FACCC08} - System32\Tasks\{AFF6F41E-FC9B-4FFB-8216-0463AD0F673C} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {86456C99-DF69-4B12-9A6C-EB7335850507} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {86C66B62-3D9A-4A18-B8A5-770AC639F70E} - System32\Tasks\{7D412BCF-BCC3-474F-9FB6-74DF95DBBBA9} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {88C87A12-D22B-4CDA-A2DE-981D5FCF7EFD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {897094FF-C05B-4353-AD0F-4AA94FA3B8B4} - System32\Tasks\{26069290-B482-45FB-87D1-20D01578E95F} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {8CB4E6AF-A41B-4276-A34F-A7ED43C2673D} - System32\Tasks\{41136BC5-7AD2-4278-B3A5-0F38C8B19430} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {8E17507E-3BBF-4DA2-8F5E-284C2F1096CF} - System32\Tasks\{33B1792C-CD7A-48C2-A0CB-FD5A9675311D} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {923BE8F8-FCB1-42E2-901E-B7C32549BB91} - System32\Tasks\{58161606-0679-4D1B-B0A8-8F95A57925DB} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {951B034B-15F7-487A-A9AE-FA9D53290469} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {97888C78-931B-4639-A3B4-949FAEBCBE0D} - System32\Tasks\ESTsoft RunAsStdUser 13956130Task => C:\Program Files (x86)\ESTsoft\ALZip\ALZip.exe
Task: {9845E76E-F1E1-4D79-A82C-436AA59CE056} - System32\Tasks\{CB2A185E-9E1D-447D-9304-C4F8A6EB7AB6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {9D512684-C235-45E1-B839-5BAD68601E6D} - System32\Tasks\{BF84DDEF-17D8-4E7F-8360-B3AEEC843D4F} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {9D694E75-36D4-4F1C-AFC2-617EE9EA55F5} - System32\Tasks\{9BE280A0-C1D2-4790-9E3B-0B7B5B214F1F} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A106E5C3-6B0A-485B-95F4-77AA07354D22} - System32\Tasks\{ADDA7E9B-C494-4596-AC26-172F8F070537} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A19B571E-3D98-4B7B-947E-D1B3F0A16E16} - System32\Tasks\{4565AE61-6D16-4218-A319-6AE82C9889C6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A538BA99-E8F2-40F0-83FC-B8443EB36264} - System32\Tasks\{BABE07E1-AC3D-4C3E-9299-3ED866B08DA5} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A6828F60-3541-4F1F-B7DE-C500EB78264E} - System32\Tasks\{894BBCBE-5D5F-463B-A4AD-BA0A5D457A35} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A9D50511-9116-427D-A9E1-E45C5155EF05} - System32\Tasks\{DB441232-02FE-40A6-8727-76989185FD26} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {AA0418A4-F211-4999-B9DC-2F568FA107E6} - System32\Tasks\{BD14321C-7945-4711-9CE5-AC048BD024FC} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {AAF4B297-F7B7-4CF9-B00A-28CD2409D5C1} - System32\Tasks\{CE686764-6487-4D94-955F-B0A1AD6311F1} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {ABAAA8F6-3BCC-495A-8542-7A52D263EC03} - System32\Tasks\{74C66739-DB18-4A09-BEF6-BD07C5E42630} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {B933231D-8ECA-4DE6-8EB1-F25F478B0F0D} - System32\Tasks\{29EB7EC0-610B-492D-AE41-BB7BC77BBA8B} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {B9355C7E-0414-4364-A545-9CFD07C5AB93} - System32\Tasks\{67656875-8FF7-45D0-9B9C-B935DC0A3B99} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {BAD6127F-DA5B-499F-A762-0F3878DB8518} - System32\Tasks\{9DAA7BA6-E4D0-484A-BBCC-CC97E11D1064} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {BC888F8E-77F6-4E51-9760-1B0CFFEF58A6} - System32\Tasks\{2C24AF76-7016-4308-BACC-19633B0DE882} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {C305FB85-5FBC-4270-BED5-252B6BD2A379} - System32\Tasks\{E13B99C4-DADA-4BA0-A2EA-A630F074A73E} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {C8321C3B-BCCC-4197-B5AE-AF634EB78E57} - System32\Tasks\{3BEE7C77-9EE7-4EBC-9645-DB03B85251CB} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {DA37B859-6CF0-4681-BCA1-58F5FB44EAC3} - System32\Tasks\{1D448051-C7CE-45E1-9958-9144E5D0238B} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E08298BF-6509-44C0-89B8-FFB46654BA28} - System32\Tasks\{B9DF42DC-8DBE-4B35-9A35-B37417B84FBF} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E3B66D5E-B5D4-4362-A390-4AD360E1CA7F} - System32\Tasks\{D7F30625-EC9F-41D8-9F4A-05086D937DD6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E4E0ABB4-A4EB-4F45-A5B8-DFB20C16A902} - System32\Tasks\{7F41E535-FCC2-4689-954B-DBF2EAEE989B} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {EA3FA594-C5AE-401D-B46B-383A132A11B5} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2013-10-12] (TuneUp Software)
Task: {ECDDA82D-B8CB-4FB8-B7B7-1032A7E28721} - System32\Tasks\{F6214170-A254-44AE-9B03-554FC2A1AC41} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {EF82450D-9FEA-4A41-8814-39B1478DB095} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1212337627-971504644-1430933440-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {F00C3D0A-4C75-4DCB-A30E-EB9A485179A2} - System32\Tasks\{C270808F-23A4-4CBA-80DF-99D169A0C119} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F2445EE1-F5D5-4745-A638-25EFF5045E5B} - System32\Tasks\{4646FE01-8E8A-4144-BF7C-FDCE2314C62F} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F6F80E92-2432-4245-BF48-3FAA2F131547} - System32\Tasks\{68627B48-73BD-434C-8CAC-62506298D7E4} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F8787AB1-D908-411C-A623-F79FC8022F6C} - System32\Tasks\{090A20F8-1ACF-4472-9048-4EBAEB5E8E52} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F9D977FB-FE0B-4BAA-8FDD-7F8F3496EB54} - System32\Tasks\{CED677EA-BB9C-4F0C-806E-A9155E01838F} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-02-07 13:24 - 2007-02-09 10:41 - 00014848 _____ () C:\windows\System32\KOAZXJ_L.dll
2011-06-07 23:09 - 2011-06-07 23:09 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2008-12-20 04:20 - 2011-11-24 09:25 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 04:20 - 2011-11-24 09:25 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2013-10-12 02:29 - 2013-10-12 02:29 - 00757048 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2011-11-24 08:49 - 2010-10-25 13:43 - 00015400 _____ () C:\Program Files\CapsLK OSD\64\COKHOOK.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2010-03-23 13:26 - 2010-03-23 13:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2014-11-30 12:29 - 2014-11-30 12:29 - 00043008 _____ () c:\users\lena\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpabtb9n.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Lena\AppData\Roaming\Dropbox\bin\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk => C:\windows\pss\vpngui.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^xprint-client.lnk => C:\windows\pss\xprint-client.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Lena^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Wuala.lnk => C:\windows\pss\Wuala.lnk.Startup
MSCONFIG\startupreg: 332BigDog => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Lenovo EE Boot Optimizer => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
MSCONFIG\startupreg: lxdiamon => "C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe"
MSCONFIG\startupreg: lxdimon.exe => "C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\Lena\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Lena\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: UIExec => "C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe"
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
========================= Accounts: ==========================
Administrator (S-1-5-21-1212337627-971504644-1430933440-500 - Administrator - Disabled)
Gast (S-1-5-21-1212337627-971504644-1430933440-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1212337627-971504644-1430933440-1003 - Limited - Enabled)
Lena (S-1-5-21-1212337627-971504644-1430933440-1001 - Administrator - Enabled) => C:\Users\Lena
Xcalibur_System (S-1-5-21-1212337627-971504644-1430933440-1004 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/30/2014 00:30:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/30/2014 00:23:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/30/2014 00:21:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 61c
Startzeit: 01d00c8ebbc6d7d5
Endzeit: 47
Anwendungspfad: C:\windows\Explorer.EXE
Berichts-ID: 0d28f24b-7883-11e4-ab1b-f0def1a76e65
Error: (11/30/2014 00:19:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (11/30/2014 00:13:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/28/2014 03:34:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/28/2014 02:02:10 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (11/28/2014 01:59:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 11.0.9600.17420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1294
Startzeit: 01d00b0ad6edc5c0
Endzeit: 80
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID:
Error: (11/28/2014 01:56:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/28/2014 08:55:19 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
System errors:
=============
Error: (11/30/2014 00:28:15 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (11/30/2014 00:27:21 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.189.853.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.6.0305.00
Quellpfad: 4.6.0305.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (11/30/2014 00:27:17 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (11/30/2014 00:11:46 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (11/28/2014 03:35:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (11/28/2014 03:32:41 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (11/28/2014 02:41:52 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (11/28/2014 02:04:14 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 40.
Error: (11/28/2014 01:54:52 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (11/28/2014 01:53:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Microsoft Office Sessions:
=========================
Error: (11/30/2014 00:30:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/30/2014 00:23:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Lena\Downloads\esetsmartinstaller_deu.exe
Error: (11/30/2014 00:21:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.1756761c01d00c8ebbc6d7d547C:\windows\Explorer.EXE0d28f24b-7883-11e4-ab1b-f0def1a76e65
Error: (11/30/2014 00:19:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (11/30/2014 00:13:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/28/2014 03:34:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/28/2014 02:02:10 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (11/28/2014 01:59:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17420129401d00b0ad6edc5c080C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Error: (11/28/2014 01:56:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/28/2014 08:55:19 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
==================== Memory info ===========================
Processor: AMD E-450 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 62%
Total physical RAM: 3688.67 MB
Available physical RAM: 1382.33 MB
Total Pagefile: 13375.52 MB
Available Pagefile: 11257.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:421.81 GB) (Free:123.27 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:7.38 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9DA6949F)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
==================== End Of Log ============================
|
|
30.11.2014, 17:53
| #8 |
| /// the machine /// TB-Ausbilder | Malware und Adware Befall nach Installation von "StreamTransport" Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.12.2014, 16:34
| #9 |
| | Malware und Adware Befall nach Installation von "StreamTransport" OTL: Code:
ATTFilter OTL logfile created on: 01.12.2014 16:13:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lena\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17420) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.60 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 45.21% Memory free 13.06 Gb Paging File | 10.58 Gb Available in Paging File | 80.98% Paging File free Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6000 12000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 421.81 Gb Total Space | 121.84 Gb Free Space | 28.89% Space Free | Partition Type: NTFS Drive D: | 29.00 Gb Total Space | 7.38 Gb Free Space | 25.44% Space Free | Partition Type: NTFS Computer Name: LENA-PC | User Name: Lena | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\Lena\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe (Google Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.) PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - c:\Program Files\Xcalibur\system\programs\FinAutoLogOff.exe (Thermo Electron Corporation) PRC - c:\Program Files\Xcalibur\system\programs\finSS_Server.exe (Thermo Electron Corporation) PRC - c:\Program Files\Xcalibur\system\programs\CFRDBService.exe (Thermo Electron Corporation) ========== Modules (No Company Name) ========== MOD - c:\users\lena\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdcfcqw.dll () MOD - C:\Users\Lena\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll () MOD - C:\Users\Lena\AppData\Roaming\Dropbox\bin\libcef.dll () MOD - C:\Users\Lena\AppData\Roaming\Thunderbird\Profiles\haek98nc.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll () ========== Services (SafeList) ========== SRV:64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (FlexNet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe (Flexera Software LLC) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (NitroDriverReadSpool8) -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe (Nitro PDF Software) SRV:64bit: - (Printer Control) -- C:\Windows\SysNative\PrintCtrl.exe (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.) SRV:64bit: - (FinAutoLogOff) -- c:\Program Files\Xcalibur\system\programs\FinAutoLogOff.exe (Thermo Electron Corporation) SRV:64bit: - (Finnigan Security Server) -- c:\Program Files\Xcalibur\system\programs\finSS_Server.exe (Thermo Electron Corporation) SRV:64bit: - (CFRDBService) -- c:\Program Files\Xcalibur\system\programs\CFRDBService.exe (Thermo Electron Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (chromoting) -- C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe (Google Inc.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (nlsX86cc) -- C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.) SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (XPrint-Client-Service) -- C:\Program Files (x86)\Schomaecker\XPrint-Client\XPrint-Client-Service\XPrint-Client-Service.exe (Schomäcker GmbH) ========== Driver Services (SafeList) ========== DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (Disc Soft Ltd) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (silabser) -- C:\Windows\SysNative\drivers\silabser.sys (Silicon Laboratories) DRV:64bit: - (silabenm) -- C:\Windows\SysNative\drivers\silabenm.sys (Silicon Laboratories) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (cbfs3) -- C:\Windows\SysNative\drivers\cbfs3.sys (EldoS Corporation) DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo) DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.) DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation) DRV:64bit: - (zghsmdm) -- C:\Windows\SysNative\drivers\zghsmdm.sys (ZTE Incorporated) DRV:64bit: - (massfilter_hs) -- C:\Windows\SysNative\drivers\massfilter_hs.sys (HandSet Incorporated) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vm332avs) -- C:\Windows\SysNative\drivers\vm332avs.sys (Vimicro Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.) DRV:64bit: - (vm2uvcflt) -- C:\Windows\SysNative\drivers\vm2uvcflt.sys (Vimicro Corporation) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys () DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hcw66xxx) -- C:\Windows\SysNative\drivers\hcw66x64.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (pfc) -- C:\Windows\SysWOW64\drivers\pfc.sys (Padus, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Wikipedia (de)" FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: images%40snark.co.il:1000.89.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=13.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.) FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=13.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\ChemDraw\npcdp32.dll (CambridgeSoft Corp.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found [2012.02.01 23:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lena\AppData\Roaming\mozilla\Extensions [2014.11.28 13:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lena\AppData\Roaming\mozilla\Firefox\Profiles\uqdgewfi.default\extensions [2014.11.25 09:01:45 | 000,000,000 | ---D | M] (imagessnarkcoil) -- C:\Users\Lena\AppData\Roaming\mozilla\Firefox\Profiles\uqdgewfi.default\extensions\images@snark.co.il [2014.11.28 13:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lena\AppData\Roaming\mozilla\Firefox\Profiles\uqdgewfi.default\extensions\staged [2012.07.25 11:45:21 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Lena\AppData\Roaming\mozilla\firefox\profiles\uqdgewfi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.07.22 00:36:42 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Lena\AppData\Roaming\mozilla\firefox\profiles\uqdgewfi.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014.11.28 13:32:01 | 000,801,883 | ---- | M] () (No name found) -- C:\Users\Lena\AppData\Roaming\mozilla\firefox\profiles\uqdgewfi.default\extensions\staged\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014.06.12 08:39:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.24 12:47:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.03 08:18:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: ChemDraw Pro Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npcdp32.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.330.5 (Enabled) = C:\windows\SysWOW64\npdeployJava1.dll CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: No name found = C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\ CHR - Extension: No name found = C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.1027.0.1_0\ CHR - Extension: No name found = C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.7_0\ CHR - Extension: No name found = C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl\2.0.0.7_0\ CHR - Extension: No name found = C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\39.0.2171.46_0\ CHR - Extension: No name found = C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.13.2_0\ CHR - Extension: No name found = C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipakennkogpodadpikgipnogamhklmk\6.0_0\ CHR - Extension: No name found = C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\macpddegmcklbbnbdemccckkmhaegdlf\10804.5863.4374_0\ CHR - Extension: No name found = C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ CHR - Extension: No name found = C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbfjbhoglggakhkngkbfehgghkaadeba\1.0.0.26_0\ O1 HOSTS File: ([2013.12.19 16:20:20 | 000,000,990 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 secure.tune-up.com O1 - Hosts: 127.0.0.1 order.tune-up.com O1 - Hosts: 127.0.0.1 tune-up.com O1 - Hosts: 127.0.0.1 tune-up.com/order O1 - Hosts: 127.0.0.1 registertuneup.com O1 - Hosts: 127.0.0.1 tuneup.de O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [{BA1E422A-80A8-4AA0-B67B-CAA3D04C5162}] C:\Program Files\CapsLK OSD\64\CAPSOSD.EXE (Wistron Corp.) O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [PrintDisp] C:\Windows\SysNative\PrintDisp.exe (ActMask Co.,Ltd - hxxp://www.all2pdf.com) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab (Java Plug-in 11.25.2) O16 - DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab (Java Plug-in 1.8.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab (Java Plug-in 11.25.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78766EAF-1FF5-492F-97B3-AB9B54FB7625}: NameServer = 134.106.40.3,134.106.49.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E9270B2-9736-47F1-AD8E-CCD94EC2CF51}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O27:64bit: - HKLM IFEO\btwuiext.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\effectextractor.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\unins000.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\youcam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\btwuiext.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\effectextractor.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\unins000.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\youcam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{23d88e2a-447e-11e4-87cc-f0def1a76e65}\Shell - "" = AutoRun O33 - MountPoints2\{23d88e2a-447e-11e4-87cc-f0def1a76e65}\Shell\AutoRun\command - "" = F:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083 O33 - MountPoints2\{3fe04515-d644-11e1-ac8e-f0def1a76e65}\Shell - "" = AutoRun O33 - MountPoints2\{3fe04515-d644-11e1-ac8e-f0def1a76e65}\Shell\AutoRun\command - "" = E:\Startme.exe O33 - MountPoints2\{3fe04581-d644-11e1-ac8e-f0def1a76e65}\Shell - "" = AutoRun O33 - MountPoints2\{3fe04581-d644-11e1-ac8e-f0def1a76e65}\Shell\AutoRun\command - "" = E:\Startme.exe O33 - MountPoints2\{43d7657b-4fda-11e1-a7cf-f0def1a76e65}\Shell - "" = AutoRun O33 - MountPoints2\{43d7657b-4fda-11e1-a7cf-f0def1a76e65}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{43d765bf-4fda-11e1-a7cf-f0def1a76e65}\Shell - "" = AutoRun O33 - MountPoints2\{43d765bf-4fda-11e1-a7cf-f0def1a76e65}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{82f4e8e7-8611-11e1-bcf1-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{82f4e8e7-8611-11e1-bcf1-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{ab275ee6-4e9f-11e1-ab3c-f0def1a76e65}\Shell - "" = AutoRun O33 - MountPoints2\{ab275ee6-4e9f-11e1-ab3c-f0def1a76e65}\Shell\AutoRun\command - "" = G:\Windows\CHECK\DriveNavigator.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.11.25 19:45:44 | 000,000,000 | ---D | C] -- C:\windows\ERUNT [2014.11.25 11:43:36 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys [2014.11.25 11:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware [2014.11.25 11:42:47 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys [2014.11.25 11:42:47 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys [2014.11.25 11:42:47 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2014.11.25 11:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware [2014.11.25 11:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014.11.25 11:26:50 | 000,000,000 | ---D | C] -- C:\Users\Lena\Desktop\Virus [2014.11.25 10:17:38 | 000,000,000 | ---D | C] -- C:\FRST [2014.11.25 10:14:31 | 000,000,000 | -HSD | C] -- C:\Users\Lena\AppData\Local\EmieBrowserModeList [2014.11.24 08:29:42 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat [2014.11.24 08:29:40 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat [2014.11.21 13:39:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014.11.14 12:57:55 | 000,176,552 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe [2014.11.14 12:57:55 | 000,176,552 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe [2014.11.14 12:57:55 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll [2014.11.14 12:12:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2014.11.13 08:40:52 | 000,304,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\generaltel.dll [2014.11.13 08:40:52 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll [2014.11.13 08:40:49 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll [2014.11.13 08:40:35 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll [2014.11.13 08:40:35 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\adtschema.dll [2014.11.13 08:40:35 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\adtschema.dll [2014.11.13 08:40:34 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msaudite.dll [2014.11.13 08:40:34 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msaudite.dll [2014.11.13 08:40:21 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe [2014.11.13 08:40:21 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll [2014.11.13 08:40:21 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll [2014.11.13 08:40:21 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll [2014.11.13 08:40:20 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe [2014.11.13 08:40:20 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2014.11.13 08:40:20 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll [2014.11.13 08:40:19 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll [2014.11.13 08:40:19 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll [2014.11.13 08:40:16 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll [2014.11.13 08:40:16 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll [2014.11.13 08:40:15 | 002,051,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2014.11.13 08:40:14 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll [2014.11.13 08:40:14 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll [2014.11.13 08:40:13 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe [2014.11.13 08:40:13 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2014.11.13 08:40:12 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2014.11.13 08:40:12 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2014.11.13 08:40:12 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll [2014.11.13 08:40:11 | 000,799,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll [2014.11.13 08:40:11 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll [2014.11.13 08:40:10 | 002,124,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2014.11.13 08:40:08 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll [2014.11.13 08:40:07 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2014.11.13 08:40:06 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll [2014.11.13 08:40:06 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll [2014.11.13 08:40:05 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2014.11.13 08:40:05 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll [2014.11.13 08:40:03 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll [2014.11.13 08:40:03 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll [2014.11.13 08:40:03 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2014.11.13 08:40:02 | 006,040,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2014.11.13 08:40:02 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2014.11.13 08:40:01 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll [2014.11.13 08:40:01 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll [2014.11.13 08:39:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll [2014.11.13 08:39:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll [2014.11.13 08:39:00 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IMJP10K.DLL [2014.11.13 08:38:59 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IMJP10K.DLL [2014.11.13 08:38:42 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll [2014.11.13 08:38:24 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AUDIOKSE.dll [2014.11.13 08:38:24 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\AUDIOKSE.dll [2014.11.13 08:38:23 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioEng.dll [2014.11.13 08:38:23 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioSes.dll [2014.11.13 08:38:23 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\EncDump.dll [2014.11.13 08:38:22 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\packager.dll [2014.11.13 08:38:22 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\packager.dll [2014.11.13 08:38:08 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll [2014.11.13 08:37:56 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll [2014.11.13 08:32:38 | 000,000,000 | ---D | C] -- C:\Users\Lena\Desktop\an pascal [2014.11.13 08:27:37 | 000,000,000 | ---D | C] -- C:\Users\Lena\Desktop\Kram [2014.11.09 01:41:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2014.11.09 01:41:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2014.11.09 00:14:07 | 006,623,232 | ---- | C] (© onlinetvrecorder.com) -- C:\Users\Lena\Desktop\2009Decoder.exe [2014.11.01 16:27:57 | 000,000,000 | ---D | C] -- C:\Users\Lena\Desktop\Jan [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\Users\Lena\Desktop\*.tmp files -> C:\Users\Lena\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014.12.01 16:09:20 | 000,028,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.12.01 16:09:20 | 000,028,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.12.01 16:06:38 | 000,001,110 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2014.12.01 16:05:40 | 022,886,328 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2014.12.01 16:05:40 | 000,654,480 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2014.12.01 16:05:40 | 000,122,352 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2014.12.01 16:05:39 | 007,280,312 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2014.12.01 16:05:39 | 000,782,552 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2014.12.01 16:02:13 | 000,130,817 | ---- | M] () -- C:\windows\SysNative\fastboot.set [2014.12.01 16:01:44 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2014.12.01 16:01:12 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2014.12.01 16:01:03 | 2900,889,600 | -HS- | M] () -- C:\hiberfil.sys [2014.11.30 13:57:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2014.11.26 15:57:40 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2014.11.26 15:57:39 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2014.11.25 19:20:06 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys [2014.11.25 10:15:28 | 000,000,168 | ---- | M] () -- C:\Users\Lena\defogger_reenable [2014.11.21 13:20:08 | 000,001,465 | ---- | M] () -- C:\Users\Lena\Desktop\Internet Explorer (No Add-ons).lnk [2014.11.16 16:22:17 | 1356,902,800 | ---- | M] () -- C:\Users\Lena\Desktop\Gute_Zeiten_schlechte_Zeiten_14.11.15_10-10_rtl_155_TVOON_DE.mpg.avi [2014.11.16 06:48:12 | 000,001,047 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014.11.14 12:11:18 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll [2014.11.14 12:11:10 | 000,272,296 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe [2014.11.14 12:11:10 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe [2014.11.14 12:11:09 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe [2014.11.13 15:29:57 | 000,466,800 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2014.11.13 09:23:06 | 000,084,029 | ---- | M] () -- C:\Users\Lena\Desktop\IC.pdf [2014.11.13 09:22:16 | 000,060,956 | ---- | M] () -- C:\Users\Lena\Desktop\IC2005.pdf [2014.11.06 05:03:50 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll [2014.11.06 04:47:03 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll [2014.11.06 04:46:12 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2014.11.06 04:46:12 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll [2014.11.06 04:44:28 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll [2014.11.06 04:35:59 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll [2014.11.06 04:31:48 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2014.11.06 04:30:22 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2014.11.06 04:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe [2014.11.06 04:29:18 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll [2014.11.06 04:23:57 | 006,040,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2014.11.06 04:20:18 | 000,968,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe [2014.11.06 04:16:23 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll [2014.11.06 04:13:36 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll [2014.11.06 04:12:44 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll [2014.11.06 04:10:58 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll [2014.11.06 04:07:29 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll [2014.11.06 04:03:56 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll [2014.11.06 04:02:05 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll [2014.11.06 04:00:56 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2014.11.06 04:00:51 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2014.11.06 03:59:36 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2014.11.06 03:58:38 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll [2014.11.06 03:57:38 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll [2014.11.06 03:42:36 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll [2014.11.06 03:41:26 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2014.11.06 03:41:26 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe [2014.11.06 03:39:39 | 001,359,360 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll [2014.11.06 03:38:25 | 002,124,288 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2014.11.06 03:37:58 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll [2014.11.06 03:36:47 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2014.11.06 03:21:25 | 002,051,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2014.11.06 03:20:37 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll [2014.11.06 02:53:19 | 000,799,232 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll [2014.11.06 02:47:17 | 000,708,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll [2014.11.05 18:56:54 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\generaltel.dll [2014.11.05 18:56:36 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll [2014.11.05 18:52:22 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\Users\Lena\Desktop\*.tmp files -> C:\Users\Lena\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2014.11.25 11:31:53 | 000,001,465 | ---- | C] () -- C:\Users\Lena\Desktop\Internet Explorer (No Add-ons).lnk [2014.11.25 10:15:28 | 000,000,168 | ---- | C] () -- C:\Users\Lena\defogger_reenable [2014.11.16 16:21:14 | 1356,902,800 | ---- | C] () -- C:\Users\Lena\Desktop\Gute_Zeiten_schlechte_Zeiten_14.11.15_10-10_rtl_155_TVOON_DE.mpg.avi [2014.11.13 09:23:06 | 000,084,029 | ---- | C] () -- C:\Users\Lena\Desktop\IC.pdf [2014.11.13 09:22:14 | 000,060,956 | ---- | C] () -- C:\Users\Lena\Desktop\IC2005.pdf [2014.11.09 01:41:45 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2014.09.25 15:28:54 | 000,584,584 | ---- | C] () -- C:\windows\adb.exe [2014.07.14 14:30:39 | 000,009,525 | ---- | C] () -- C:\Users\Lena\gtplot_conf.gtc [2014.04.02 09:34:37 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI [2013.10.04 11:43:59 | 001,391,616 | ---- | C] () -- C:\windows\SysWow64\ActPDF.dll [2013.04.04 22:57:31 | 000,023,152 | ---- | C] () -- C:\Users\Lena\13c.pdf [2012.11.04 16:47:37 | 000,001,757 | ---- | C] () -- C:\Users\Lena\.swfinfo [2012.02.08 22:25:57 | 000,011,205 | ---- | C] () -- C:\Users\Lena\gsview64.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014.06.25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences < End of report > Code:
ATTFilter OTL Extras logfile created on: 01.12.2014 16:13:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lena\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.60 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 45.21% Memory free
13.06 Gb Paging File | 10.58 Gb Available in Paging File | 80.98% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6000 12000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 121.84 Gb Free Space | 28.89% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 7.38 Gb Free Space | 25.44% Space Free | Partition Type: NTFS
Computer Name: LENA-PC | User Name: Lena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0269D9B2-046E-4C96-8DD2-3C6EC0C4B999}" = rport=445 | protocol=6 | dir=out | app=system |
"{04BF49DF-C80B-4259-A12E-2968F40153A2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{08961CF6-FEB7-4EDF-B9F3-FEE16634A604}" = lport=138 | protocol=17 | dir=in | app=system |
"{199E68A0-5EB3-432C-A951-55C254038285}" = lport=137 | protocol=17 | dir=in | app=system |
"{1A0488EF-E2A2-4255-BBD4-4117DB5C7CD0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{27DDFD28-DC3C-4B34-8825-1B49C5F211EE}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{38A2BE54-3D93-455B-ACC4-FB000E6234B3}" = rport=139 | protocol=6 | dir=out | app=system |
"{3B0C3EBB-2E1F-4FF0-BE57-CAD3AFBDE590}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4163B87F-A570-4071-907C-A7261CFD08D0}" = lport=139 | protocol=6 | dir=in | app=system |
"{48F71806-2392-4803-B49F-DADF2A3E2C51}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B75584F-9566-4BAF-A14C-A6E9C942D206}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4D1BBC13-B0CD-43A3-B8EE-6244E27C5F89}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4D539AD1-FA6D-47F9-B2D3-BA3B38AC9308}" = lport=445 | protocol=6 | dir=in | app=system |
"{626C5E56-E582-490F-8FDD-C26F3783A5C7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{68AD3D72-D796-4FF2-86D5-F1AD63FF7716}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7265D3BC-66B2-46A4-8B5B-0DCC024311BF}" = rport=137 | protocol=17 | dir=out | app=system |
"{8A2C72A5-0A42-4519-96E6-7714100B1A2C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{974A6855-5943-49A9-BA36-177BDCD2815F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9A8B4DDA-D095-4A98-B11D-B09DCE751BFF}" = rport=138 | protocol=17 | dir=out | app=system |
"{A5E285B1-4CCC-4BB9-A811-CB45772779D2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C1DAB465-6259-4201-9BF5-572C9EEA2565}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DFD5B443-4FD8-4ADE-8269-80418AC50D5F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E9853909-B8F9-4614-BA3A-A1F98F174B8D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EC13FF34-9F88-4C04-8457-35C7DDF0BDAE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{ECF2A81B-7CE8-4E3E-A1D9-CB656D2BDA7E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F690FF56-7448-4294-9406-0491EDA79C40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14A9C98F-C768-4B61-A53C-332C619F3D91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{17497A9A-75AF-4C1A-9954-3749F0651B5D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{17A74CCB-AFC9-41DA-856A-DF5152B11C5C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{1B397378-5590-4DC8-A57F-4BAF0F4263FD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1E751B2C-8677-4430-ABD3-5EB313C2489B}" = dir=in | app=c:\program files (x86)\google\chrome remote desktop\39.0.2171.46\remoting_host.exe |
"{216ABE98-200F-441B-BCD9-BE6E8530F3A0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{2B8AAF9D-CD04-4B09-9B90-1B886F1A4E65}" = protocol=6 | dir=out | app=system |
"{4520EE7E-7FD2-4E80-A548-499FDFA91767}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{4F105D20-9B7C-46B8-9D7A-68C7DD1D85C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60AB2E9C-2364-44C3-A8B2-FB541F1E6D2C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61BA5E02-D47D-4CCD-9012-FE096996EDBD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{75455C56-87E8-43D9-8B42-6F2AB47074BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7A7F390C-4834-4E46-B765-CC668C70E65D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7D688D00-7F25-4968-9134-4F6404EDFF41}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8B62A122-2756-41E1-8A37-4C042E0B2873}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{99ABC7D8-E59F-4207-9746-3BA3735EAA47}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9F163A0C-E24B-4538-B886-C5125EDCC014}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A0CCBC56-8EA6-432E-ACBA-8E4A7AE92BBB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A2AD53A8-DFCE-459B-ABDC-35A19FC54158}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A4D3EDEF-78B9-434C-8FF8-3A8F7DF44C87}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BA3C05DD-94AA-4C70-B3E0-340CF041D106}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BA61CB08-E185-43D9-948F-7ACD223A54B5}" = protocol=17 | dir=in | app=c:\users\lena\appdata\roaming\dropbox\bin\dropbox.exe |
"{DF43B602-D312-4673-80F7-4CF5F171E554}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E7BAAE61-3FEE-4E3B-B7D6-49CAB515E35A}" = protocol=6 | dir=in | app=c:\users\lena\appdata\roaming\dropbox\bin\dropbox.exe |
"{EF9C3C3F-623A-402A-B009-B4997C6B3A0B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F2452511-AACB-4413-8BDF-8033FFC2A15F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FA4A7915-5069-45D4-A729-FA4DBC60E587}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{22C8B835-5C69-4D8E-AB52-8F311E0535F8}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"TCP Query User{26332CA1-6565-4097-85F1-6D01D5A1F091}C:\program files (x86)\cambridgesoft\chemoffice2012\chem3d\chem3d.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2012\chem3d\chem3d.exe |
"TCP Query User{2EE7E169-C9F8-451C-8667-345B80DEAB7A}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"TCP Query User{37AD13A4-D434-474A-9394-9C24B0ACC2E2}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"TCP Query User{69F4F18B-ACA5-4A30-9D32-DD42B9C85104}C:\program files (x86)\cambridgesoft\chemoffice2012\chemdraw\chemdraw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2012\chemdraw\chemdraw.exe |
"TCP Query User{83691E7A-1D2F-4CE8-A78C-FAD281FD7A8B}C:\users\lena\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\lena\appdata\roaming\wuala\wuala.exe |
"TCP Query User{8A37B2F7-CBEB-4936-88F5-A0ADB09549C3}C:\users\lena\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\lena\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{96DD4505-A280-4DF2-8CB8-83307789D884}C:\program files (x86)\cambridgesoft\chemoffice2012\chemfinder\cfword.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2012\chemfinder\cfword.exe |
"TCP Query User{9F1B8149-0B79-46E4-87FB-23776A32C35F}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{A17914DF-D4A4-4AE1-B49E-E3B7C80DEFC4}C:\users\lena\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\lena\appdata\roaming\wuala\wuala.exe |
"UDP Query User{09981713-AB32-42AC-BEDB-E86F7276C518}C:\users\lena\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\lena\appdata\roaming\wuala\wuala.exe |
"UDP Query User{1A06C615-26BE-45FA-A7B7-EFCCB5141CB9}C:\users\lena\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\lena\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{477CEF49-82DA-494B-A7F5-3AB2F31F665F}C:\program files (x86)\cambridgesoft\chemoffice2012\chemdraw\chemdraw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2012\chemdraw\chemdraw.exe |
"UDP Query User{53658244-83CA-4863-B0F0-D447B771EB09}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{6C155CDF-A8D2-4E5E-A101-85E9C5F124F7}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"UDP Query User{A7BBD358-CBF1-43DF-BF35-6E547410D920}C:\program files (x86)\cambridgesoft\chemoffice2012\chem3d\chem3d.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2012\chem3d\chem3d.exe |
"UDP Query User{B4B3183A-425B-430E-9D88-62162C3BECCD}C:\program files (x86)\cambridgesoft\chemoffice2012\chemfinder\cfword.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2012\chemfinder\cfword.exe |
"UDP Query User{F65DE317-FB9C-4DFE-8845-7D7747952B02}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"UDP Query User{FA7B9FF8-873C-42E0-98B7-D972B44DB185}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"UDP Query User{FD2C6614-CE2F-4EE6-AE47-63057C3F09BA}C:\users\lena\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\lena\appdata\roaming\wuala\wuala.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client
"{247DC663-8C19-AF97-13B4-56C113B48631}" = ccc-utility64
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{345F3F90-0505-4EDF-B7A9-5E3AC1AC6CE4}" = 64 Bit HP CIO Components Installer
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{3D46565E-4D02-11E3-A75C-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{431FAEB0-4D02-11E3-9F31-F04DA23A5C58}" = MSVCRT Redists
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{83E198D6-F0DB-FC52-D3B7-C131C53356E6}" = AMD Fuel
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-041A-1000-0000000FF1CE}" = Microsoft Office Access MUI (Croatian) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-041A-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Croatian) 2010
"{90140000-0017-0407-1000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-041A-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Croatian) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-041A-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Croatian) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-041A-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Croatian) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-041A-1000-0000000FF1CE}" = Microsoft Office Word MUI (Croatian) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-041A-1000-0000000FF1CE}" = Microsoft Office Proof (Croatian) 2010
"{90140000-001F-081A-1000-0000000FF1CE}" = Microsoft Office Proof (Serbian (Latin)) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-041A-1000-0000000FF1CE}" = Microsoft Office Proofing (Croatian) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-041A-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Croatian) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-041A-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Croatian) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-041A-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Croatian) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-041A-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Croatian) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-041A-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Croatian) 2010
"{90140000-0100-0407-1000-0000000FF1CE}" = Microsoft Office O MUI (German) 2010
"{90140000-0100-041A-1000-0000000FF1CE}" = Microsoft Office O MUI (Croatian) 2010
"{90140000-0101-0407-1000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010
"{90140000-0101-041A-1000-0000000FF1CE}" = Microsoft Office X MUI (Croatian) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{BE422014-ABDB-01EB-5E76-92FEE6476929}" = ATI AVIVO64 Codecs
"{C513739C-5F16-37B5-9ACF-99925FF1C1F3}" = Microsoft .NET Framework 4.5.1 (DEU)
"{CE94C252-25AD-41A0-97B6-DD4F0E886F26}" = Nitro Pro 8
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D119A8C4-21EE-9FE3-F63F-2A18FFA66B02}" = ATI Catalyst Install Manager
"{D2D77DC2-8299-11D1-8949-444553540000}_is1" = Handset USB Driver
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E8F838B2-21E2-D6B9-34BE-453FEE7E5F11}" = AMD Media Foundation Decoders
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"DE7217D2A8B057F15EC6E52329FDAB84231521E8" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
"F92C2D6CB4EA0EE558BDF5F8BDD69083DFC62179" = Windows-Treiberpaket - Silicon Laboratories (silabenm) Ports (10/18/2013 6.6.1.0)
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.OMUI.de-de" = Microsoft Office Language Pack 2010 - German/Deutsch
"Office14.OMUI.hr-hr" = Microsoft Office Language Pack 2010 - Croatian/Hrvatski
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"R for Windows 2.13.2_is1" = R for Windows 2.13.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Geochemist's Workbench® Student" = The Geochemist's Workbench® Student (64-bit)
"WinRAR archiver" = WinRAR 4.10 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03DBD331-3B99-63BB-7C7F-742905F2BB3A}" = Catalyst Control Center Localization All
"{097E024D-BE30-4D95-B5F3-B6AE9C1568D4}" = PowerXpressHybrid
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{17B22CEC-41F3-BCDB-C8B6-169A8BABD435}" = CCC Help Finnish
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}" = System Requirements Lab for Intel
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver
"{2E1939D4-5B77-5A56-9162-FD67006E45E0}" = AMD VISION Engine Control Center
"{2E6EE352-C3CB-49F3-8E8F-7D2ECD851025}" = Xcalibur
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{30755F85-0FC1-C72B-2F48-3A41B99EA46C}" = CCC Help Danish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{400C239A-BE90-C8AC-1E42-EF0FCAD0CE52}" = CCC Help Chinese Standard
"{48052BE2-70BD-9BF8-B516-1B8BA94607F1}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A9E79C2-18DB-CBCB-6949-3FA1122FAD42}" = Catalyst Control Center Graphics Previews Common
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E396741-EAF9-4E21-9B4F-B16DEFA531A6}" = Catalyst Control Center - Branding
"{4E39C7C1-DF0C-B33D-98B5-6DEF133A7987}" = CCC Help French
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{54FAAC74-75CA-95D0-5B75-BCF680CC95E9}" = CCC Help Russian
"{57FFA83D-5264-02C6-D418-226D066B6D43}" = CCC Help Greek
"{5C929F95-5B3A-DA3F-8E6E-DD49D5B662D7}" = Catalyst Control Center Profiles Mobile
"{5E0D2061-86AB-4B83-A671-A0BF3FF1537B}_is1" = Vokabel Trainer 5
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D29B8FC-C40D-69DA-D663-602E7858E5E5}" = CCC Help Hungarian
"{6DD38FB3-98C5-A504-1761-75A9338DF1BA}" = CCC Help Czech
"{6F7ECDE7-894D-7A94-AC32-BAE0AF13AC6C}" = CCC Help Korean
"{6FED8283-F73E-042D-5013-38A5BF7488A5}" = CCC Help Swedish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D13A8A-5D91-3B26-A6F1-F8848310B711}" = CCC Help Japanese
"{7f51bdb9-ee21-49ee-94d6-90afc321780e}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
"{838AB498-9AB6-242C-5EED-14B98E65E5F0}" = Catalyst Control Center InstallProxy
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8432E4EF-ABFB-48C8-B77B-24728E71D3DD}" = Chrome Remote Desktop Host
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}" = EndNote X7
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A6A245D-D0CE-477F-A5D0-8F339B4FF921}" = CambridgeSoft ChemBioDraw Ultra 13.0
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A119FE0-D74C-6E6D-F2B7-F3FE80B7D356}" = CCC Help Portuguese
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AC326E6-650B-4287-6A8E-C4B2A41C8FE3}" = CCC Help Italian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A4DE1B70-4A3F-0B79-036E-D56D794B8D11}" = CCC Help Spanish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A912021A-FEDD-4DA3-8DB4-245EBDA84778}" = Origin 8G
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.09) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{AFDE6AB3-BFFD-1411-262E-E7E364D6424D}" = CCC Help Norwegian
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1646873-447F-F477-CEEF-8F0A4BD59BF2}" = CCC Help Turkish
"{BA1E422A-80A8-4AA0-B67B-CAA3D04C5162}" = CapsLK OSD
"{BBD1BADF-F0DC-DA01-A774-A555F20907AD}" = CCC Help Dutch
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEE173E5-F9A6-1657-EF62-8E7679D5B05F}" = CCC Help Polish
"{D031A9FA-9B49-C572-B0E6-810EA5C94D10}" = CCC Help German
"{D049112D-1A05-497C-A82E-3E2402FDA943}" = Origin8
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D26F58B7-92C6-CB25-88CA-B0798494052A}" = CCC Help English
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DEA566C9-30BA-FB13-D443-4E3D0AB8EB01}" = CCC Help Thai
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA594E28-547D-4FB5-AED8-3628EFB1474D}" = TuneUp Utilities 2014 (de-DE)
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F493761C-E465-4B9E-9FC1-A312F161DE0A}" = Active Protection System
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}" = TuneUp Utilities 2014
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"DAEMON Tools Lite" = DAEMON Tools Lite
"Die Sims 4 Digital Deluxe Edition MULTi2 1.0" = Die Sims 4 Digital Deluxe Edition MULTi2 1.0
"GCDkit_is1" = Geochemical Data Toolkit (GCDkit) version 3.00
"Google Chrome" = Google Chrome
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"KaleidaGraph 4.0" = KaleidaGraph 4.0
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.3.1025
"Mozilla Thunderbird 24.6.0 (x86 de)" = Mozilla Thunderbird 24.6.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"Trillian" = Trillian
"TuneUp Utilities" = TuneUp Utilities 2014
"VLC media player" = VLC media player 2.1.3
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"Wuala CBFS" = Wuala CBFS
"Wuala OverlayIcons" = Wuala OverlayIcons
"Xcalibur" = Xcalibur
"X-Print Client Uni Oldenburg_is1" = X-Print 4.0 Client
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
"Wuala" = Wuala
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.11.2014 10:34:28 | Computer Name = Lena-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.11.2014 07:13:32 | Computer Name = Lena-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.11.2014 07:19:27 | Computer Name = Lena-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 30.11.2014 07:21:44 | Computer Name = Lena-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 61c Startzeit: 01d00c8ebbc6d7d5 Endzeit: 47 Anwendungspfad:
C:\windows\Explorer.EXE Berichts-ID: 0d28f24b-7883-11e4-ab1b-f0def1a76e65
Error - 30.11.2014 07:23:52 | Computer Name = Lena-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Lena\Downloads\esetsmartinstaller_deu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 30.11.2014 07:30:04 | Computer Name = Lena-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.11.2014 07:36:06 | Computer Name = Lena-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 30.11.2014 08:15:22 | Computer Name = Lena-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 01.12.2014 11:02:53 | Computer Name = Lena-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.12.2014 11:05:39 | Computer Name = Lena-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
[ System Events ]
Error - 28.11.2014 09:04:14 | Computer Name = Lena-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
Error - 28.11.2014 09:41:52 | Computer Name = Lena-PC | Source = DCOM | ID = 10010
Description =
Error - 28.11.2014 10:32:41 | Computer Name = Lena-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 28.11.2014 10:35:10 | Computer Name = Lena-PC | Source = DCOM | ID = 10010
Description =
Error - 30.11.2014 07:11:46 | Computer Name = Lena-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 30.11.2014 07:27:17 | Computer Name = Lena-PC | Source = DCOM | ID = 10010
Description =
Error - 30.11.2014 07:27:21 | Computer Name = Lena-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.189.853.0 Aktualisierungsquelle: %%859
Aktualisierungsphase:
%%854 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803
Benutzer:
NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.11202.0 Fehlercode:
0x8024001e Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
unter "Hilfe und Support".
Error - 30.11.2014 07:28:15 | Computer Name = Lena-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 30.11.2014 09:41:22 | Computer Name = Lena-PC | Source = DCOM | ID = 10010
Description =
Error - 01.12.2014 11:01:03 | Computer Name = Lena-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
< End of report >
|
|
02.12.2014, 12:06
| #10 |
| /// the machine /// TB-Ausbilder | Malware und Adware Befall nach Installation von "StreamTransport" Irgendwie versteh ich das gerade nicht. Poste bitte nochmal ein frisches FRST Log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.12.2014, 13:18
| #11 |
| | Malware und Adware Befall nach Installation von "StreamTransport"Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014
Ran by Lena (administrator) on LENA-PC on 02-12-2014 13:03:51
Running from C:\Users\Lena\Downloads
Loaded Profile: Lena (Available profiles: Lena)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\CFRDBService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\FinAutoLogOff.exe
(Thermo Electron Corporation) C:\Program Files\Xcalibur\system\programs\finSS_Server.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) C:\Windows\System32\PrintCtrl.exe
(Lenovo.) C:\Windows\System32\TPHDEXLG64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe
(Wistron Corp.) C:\Program Files\CapsLK OSD\64\Capsosd.exe
(Dropbox, Inc.) C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_239_ActiveX.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2396968 2010-10-21] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\System32\TpShocks.exe [231328 2010-03-15] (Lenovo.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-11-24] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-11-24] (Lenovo(beijing) Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [PrintDisp] => C:\windows\system32\PrintDisp.exe [870400 2012-10-29] (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
HKLM\...\Run: [{BA1E422A-80A8-4AA0-B67B-CAA3D04C5162}] => C:\Program Files\CapsLK OSD\64\CAPSOSD.EXE [3699752 2010-10-25] (Wistron Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {23d88e2a-447e-11e4-87cc-f0def1a76e65} - F:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {3fe04515-d644-11e1-ac8e-f0def1a76e65} - E:\Startme.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {3fe04581-d644-11e1-ac8e-f0def1a76e65} - E:\Startme.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {43d7657b-4fda-11e1-a7cf-f0def1a76e65} - E:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {43d765bf-4fda-11e1-a7cf-f0def1a76e65} - E:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {82f4e8e7-8611-11e1-bcf1-806e6f6e6963} - G:\AutoRun.exe
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\...\MountPoints2: {ab275ee6-4e9f-11e1-ab3c-f0def1a76e65} - G:\Windows\CHECK\DriveNavigator.exe
IFEO\btwuiext.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\effectextractor.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\youcam.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {8C253AA9-4BE6-4BBE-AB53-B530F0B00EA0} => C:\windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {8C253AA9-4BE6-4BBE-AB53-B530F0B00EA0} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52051;https=127.0.0.1:52051
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1212337627-971504644-1430933440-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1212337627-971504644-1430933440-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{78766EAF-1FF5-492F-97B3-AB9B54FB7625}: [NameServer] 134.106.40.3,134.106.49.2
FireFox:
========
FF ProfilePath: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default
FF DefaultSearchEngine: Wikipedia (de)
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: imagessnarkcoil - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\images@snark.co.il [2014-11-25]
FF Extension: Adblock Plus - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-02-05]
FF Extension: Tab Mix Plus - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\uqdgewfi.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-02-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-24]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-03]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (Google Cast) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-05-01]
CHR Extension: (Adblock Plus) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-09-22]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-05-01]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-05-01]
CHR Extension: (AdBlock) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-09-12]
CHR Extension: (Wikipedia Search) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipakennkogpodadpikgipnogamhklmk [2012-09-12]
CHR Extension: (macpddegmcklbbnbdemccckkmhaegdlf) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\macpddegmcklbbnbdemccckkmhaegdlf [2014-11-25]
CHR Extension: (Google Wallet) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (PAYBACK Internet Assistent für Google Chrome) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbfjbhoglggakhkngkbfehgghkaadeba [2014-09-15]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-06-07] (Advanced Micro Devices, Inc.) [File not signed]
S4 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [907040 2010-05-10] (Broadcom Corporation.)
R2 CFRDBService; c:\program files\Xcalibur\system\programs\CFRDBService.exe [335923 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [56648 2014-10-29] (Google Inc.)
R2 FinAutoLogOff; c:\program files\Xcalibur\system\programs\FinAutoLogOff.exe [86068 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 Finnigan Security Server; c:\program files\Xcalibur\system\programs\finSS_Server.exe [65536 2006-06-22] (Thermo Electron Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-04-30] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Printer Control; C:\windows\system32\PrintCtrl.exe [121856 2012-10-21] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-12] (TuneUp Software)
S4 XPrint-Client-Service; C:\Program Files (x86)\Schomaecker\XPrint-Client\XPrint-Client-Service\XPrint-Client-Service.exe [1501184 2008-09-30] (Schomäcker GmbH) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-29] (Disc Soft Ltd)
S3 hcw66xxx; C:\Windows\System32\Drivers\hcw66x64.sys [753408 2009-06-03] (Hauppauge Computer Works, Inc.)
S3 massfilter_hs; C:\windows\system32\drivers\massfilter_hs.sys [18456 2011-08-15] (HandSet Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [129432 2011-08-15] (ZTE Incorporated)
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
U2 DriverService; No ImagePath
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-02 13:03 - 2014-12-02 13:03 - 00000000 ____D () C:\Users\Lena\Downloads\FRST-OlderVersion
2014-12-01 16:32 - 2014-12-01 16:32 - 00085166 _____ () C:\Users\Lena\Downloads\Extras.Txt
2014-12-01 16:31 - 2014-12-01 16:31 - 00109642 _____ () C:\Users\Lena\Downloads\OTL.Txt
2014-12-01 16:26 - 2014-12-01 16:26 - 00080508 _____ () C:\Users\Lena\Desktop\bookmarks_chrome01.12.14.html
2014-12-01 16:12 - 2014-12-01 16:12 - 00602112 _____ (OldTimer Tools) C:\Users\Lena\Downloads\OTL.exe
2014-11-30 12:33 - 2014-11-30 12:34 - 00047199 _____ () C:\Users\Lena\Downloads\Addition.txt
2014-11-30 12:30 - 2014-12-02 13:04 - 00022756 _____ () C:\Users\Lena\Downloads\FRST.txt
2014-11-30 12:23 - 2014-12-02 13:03 - 02117120 _____ (Farbar) C:\Users\Lena\Downloads\FRST64.exe
2014-11-27 15:38 - 2014-11-27 15:38 - 00854414 _____ () C:\Users\Lena\Downloads\SecurityCheck.exe
2014-11-27 10:56 - 2014-11-27 11:01 - 00004230 _____ () C:\Users\Lena\Act2_output.txt
2014-11-27 08:46 - 2014-11-27 08:46 - 02347384 _____ (ESET) C:\Users\Lena\Downloads\esetsmartinstaller_deu.exe
2014-11-25 19:45 - 2014-11-25 19:45 - 00000000 ____D () C:\windows\ERUNT
2014-11-25 19:44 - 2014-11-25 19:44 - 01707532 _____ (Thisisu) C:\Users\Lena\Downloads\JRT.exe
2014-11-25 11:43 - 2014-11-25 19:20 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-25 11:43 - 2014-11-25 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-11-25 11:42 - 2014-11-25 11:43 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-11-25 11:42 - 2014-11-25 11:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-25 11:42 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-25 11:42 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-25 11:42 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-11-25 11:31 - 2014-11-21 13:20 - 00001465 _____ () C:\Users\Lena\Desktop\Internet Explorer (No Add-ons).lnk
2014-11-25 11:26 - 2014-12-01 16:32 - 00000000 ____D () C:\Users\Lena\Desktop\Virus
2014-11-25 10:27 - 2014-11-25 10:27 - 00380416 _____ () C:\Users\Lena\Downloads\Gmer-19357.exe
2014-11-25 10:17 - 2014-12-02 13:04 - 00000000 ____D () C:\FRST
2014-11-25 10:15 - 2014-11-25 10:15 - 00000168 _____ () C:\Users\Lena\defogger_reenable
2014-11-25 10:14 - 2014-11-25 10:14 - 00000000 __SHD () C:\Users\Lena\AppData\Local\EmieBrowserModeList
2014-11-25 10:12 - 2014-11-25 10:12 - 01029608 _____ () C:\Users\Lena\Downloads\Setup v2 1.exe
2014-11-24 13:52 - 2014-11-24 13:52 - 00175910 _____ () C:\Users\Lena\Downloads\unterbrochene_yachse.zip
2014-11-21 13:59 - 2014-11-21 13:59 - 02140160 _____ () C:\Users\Lena\Downloads\adwcleaner_4.101 (1).exe
2014-11-21 13:41 - 2014-11-21 13:43 - 00000557 _____ () C:\Users\Lena\Downloads\zdf_hdflash_none-f.akamaihd.net15754379.f4f
2014-11-21 13:41 - 2014-11-21 13:41 - 01742260 _____ () C:\Users\Lena\Downloads\neomagazin141120.flv
2014-11-21 13:39 - 2014-11-28 13:52 - 00000000 ____D () C:\AdwCleaner
2014-11-21 13:18 - 2014-11-21 13:18 - 00003146 _____ () C:\windows\System32\Tasks\{C588A2D1-8070-4EFA-B632-BE83B414FE31}
2014-11-21 12:31 - 2014-11-21 13:54 - 01740800 _____ () C:\Users\Lena\Downloads\zdf_hdflash_none-f.akamaihd.net11589865.f4f
2014-11-21 12:29 - 2014-11-21 12:29 - 00000000 ____D () C:\Users\Lena\Downloads\streamtransport_1.1.6.2
2014-11-21 12:28 - 2014-11-21 12:29 - 17805707 _____ () C:\Users\Lena\Downloads\streamtransport_1.1.6.2 (1).zip
2014-11-21 12:28 - 2014-11-21 12:28 - 17805707 _____ () C:\Users\Lena\Downloads\streamtransport_1.1.6.2.zip
2014-11-19 15:33 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-19 15:33 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-19 15:33 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-19 15:33 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-16 16:21 - 2014-11-16 16:22 - 1356902800 _____ () C:\Users\Lena\Desktop\Gute_Zeiten_schlechte_Zeiten_14.11.15_10-10_rtl_155_TVOON_DE.mpg.avi
2014-11-14 13:49 - 2014-11-14 13:50 - 03462033 _____ () C:\Users\Lena\Downloads\pci_4filerecovery.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-11-14 12:57 - 2014-11-14 12:11 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-14 12:05 - 2014-11-14 12:06 - 00638888 _____ (Oracle Corporation) C:\Users\Lena\Downloads\chromeinstall-8u25 (1).exe
2014-11-14 12:05 - 2014-11-14 12:05 - 00638888 _____ (Oracle Corporation) C:\Users\Lena\Downloads\chromeinstall-8u25.exe
2014-11-13 08:40 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-13 08:40 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-13 08:40 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-13 08:40 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-13 08:40 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-11-13 08:40 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-13 08:40 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-13 08:40 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-11-13 08:40 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-11-13 08:40 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-13 08:40 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-13 08:40 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-13 08:40 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-13 08:40 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-13 08:40 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-11-13 08:40 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-11-13 08:40 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-13 08:40 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-13 08:40 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-13 08:40 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-13 08:40 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-13 08:40 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-13 08:40 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-11-13 08:40 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-13 08:40 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-11-13 08:40 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 08:40 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-13 08:40 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-13 08:40 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-13 08:40 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-13 08:40 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-13 08:40 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-13 08:40 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-13 08:40 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-11-13 08:40 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-13 08:40 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-13 08:40 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 08:40 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-13 08:40 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-13 08:40 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-11-13 08:40 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-13 08:40 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-13 08:40 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-13 08:40 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-13 08:40 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-13 08:40 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-13 08:40 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-13 08:40 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-13 08:40 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-11-13 08:40 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-13 08:40 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-13 08:40 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-13 08:40 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-13 08:40 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-13 08:40 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-13 08:40 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-11-13 08:40 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-13 08:40 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-13 08:40 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-13 08:40 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-13 08:40 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-13 08:40 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-13 08:40 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-13 08:40 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-13 08:40 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-13 08:40 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-13 08:40 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-13 08:40 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-13 08:39 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-13 08:39 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-13 08:39 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-13 08:39 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-13 08:39 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-13 08:38 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-13 08:38 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-13 08:38 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-13 08:38 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-13 08:38 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-13 08:38 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-13 08:38 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-13 08:38 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-13 08:38 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-13 08:38 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-13 08:38 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-13 08:37 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-13 08:37 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-13 08:32 - 2014-11-13 09:23 - 00000000 ____D () C:\Users\Lena\Desktop\an pascal
2014-11-13 08:27 - 2014-11-28 15:34 - 00000000 ____D () C:\Users\Lena\Desktop\Kram
2014-11-09 01:41 - 2014-11-09 01:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-09 01:41 - 2014-11-09 01:41 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-09 01:15 - 2014-11-16 16:22 - 00000697 _____ () C:\Users\Lena\Desktop\MultidecoderLog.log
2014-11-09 01:15 - 2014-11-09 01:17 - 1319788244 _____ () C:\Users\Lena\Downloads\Gute_Zeiten_schlechte_Zeiten_14.11.08_10-00_rtl_150_TVOON_DE.mpg.avi
2014-11-09 00:14 - 2014-11-09 00:14 - 00000000 ____D () C:\Users\Lena\Downloads\OTRDecoder_2.0.0.22
2014-11-09 00:14 - 2012-08-13 15:54 - 06623232 _____ (© onlinetvrecorder.com) C:\Users\Lena\Desktop\2009Decoder.exe
2014-11-09 00:13 - 2014-11-09 00:13 - 02082889 _____ () C:\Users\Lena\Downloads\OTRDecoder_2.0.0.22.zip
2014-11-09 00:11 - 2014-11-09 01:14 - 1319788766 _____ () C:\Users\Lena\Downloads\Gute_Zeiten_schlechte_Zeiten_14.11.08_10-00_rtl_150_TVOON_DE.mpg.avi.otrkey
2014-11-07 13:43 - 2014-11-07 13:46 - 00000000 ____D () C:\Users\Lena\Downloads\Dateiordner_MM_14_-_Katalyse
2014-11-07 13:42 - 2014-11-07 13:42 - 00062640 _____ () C:\Users\Lena\Downloads\Dateiordner_MM_14_-_Katalyse.zip
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-02 13:06 - 2011-11-24 09:17 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-02 12:59 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-02 12:59 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-02 12:57 - 2012-08-12 17:55 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-02 12:57 - 2011-11-15 23:13 - 22901120 _____ () C:\windows\system32\perfh007.dat
2014-12-02 12:57 - 2011-11-15 23:13 - 07285048 _____ () C:\windows\system32\perfc007.dat
2014-12-02 12:57 - 2009-07-14 06:13 - 00782552 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-02 12:54 - 2011-11-24 08:59 - 01420416 _____ () C:\windows\system32\TPAPSLOG.LOG
2014-12-02 12:53 - 2012-02-03 21:08 - 00000000 ___RD () C:\Users\Lena\Dropbox
2014-12-02 12:52 - 2012-02-03 21:05 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Dropbox
2014-12-02 12:51 - 2011-11-24 09:17 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-02 12:51 - 2011-11-24 09:07 - 00130739 _____ () C:\windows\system32\fastboot.set
2014-12-02 12:51 - 2011-11-24 08:59 - 00904064 _____ () C:\windows\system32\TPHDLOG0.LOG
2014-12-02 12:51 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-02 12:51 - 2009-07-14 05:51 - 00180650 _____ () C:\windows\setupact.log
2014-12-01 17:04 - 2011-11-24 08:19 - 01486510 _____ () C:\windows\WindowsUpdate.log
2014-12-01 16:36 - 2011-11-24 09:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-01 16:04 - 2014-06-02 12:35 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{4B3F3E2B-693F-40FB-8136-4BD97FE2FB88}
2014-11-30 12:28 - 2010-11-21 04:47 - 00399904 _____ () C:\windows\PFRO.log
2014-11-28 13:52 - 2012-02-01 23:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-28 13:31 - 2012-02-01 23:57 - 00000000 ____D () C:\Users\Lena\AppData\Local\Mozilla
2014-11-27 10:56 - 2012-02-01 23:10 - 00000000 ____D () C:\Users\Lena
2014-11-27 10:55 - 2014-07-14 14:00 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\GWB
2014-11-26 15:57 - 2012-08-12 17:55 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 15:57 - 2012-04-26 15:09 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 15:57 - 2012-02-02 22:52 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-21 15:16 - 2012-02-05 13:52 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\vlc
2014-11-21 13:31 - 2011-11-24 08:34 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-11-21 13:20 - 2012-02-01 23:11 - 00001421 _____ () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-16 08:38 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-11-16 07:01 - 2011-11-24 09:17 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 07:01 - 2011-11-24 09:17 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-16 06:47 - 2012-02-03 21:07 - 00000000 ____D () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 12:57 - 2012-07-24 12:46 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-14 12:11 - 2014-03-21 14:31 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-11-14 12:11 - 2014-03-21 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-14 12:10 - 2014-03-21 14:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-13 15:29 - 2009-07-14 05:45 - 00466800 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-13 15:28 - 2014-05-06 15:30 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-13 14:19 - 2012-02-02 23:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 14:15 - 2013-07-17 16:08 - 00000000 ____D () C:\windows\system32\MRT
2014-11-13 14:07 - 2012-02-07 13:41 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-13 09:40 - 2012-02-02 23:43 - 00000000 ____D () C:\Users\Lena\AppData\Local\Microsoft Help
2014-11-13 08:30 - 2012-02-02 22:05 - 00000000 ____D () C:\Users\Lena\Desktop\Uni - aktuell
2014-11-09 11:47 - 2014-01-20 19:53 - 00003694 _____ () C:\windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-11-09 01:41 - 2012-02-03 22:49 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-04 13:40 - 2012-02-02 23:17 - 00002106 _____ () C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk
Some content of TEMP:
====================
C:\Users\Lena\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpujpc5_.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-25 21:26
==================== End Of Log ============================
Geändert von Funchameleon (02.12.2014 um 13:30 Uhr) |
|
03.12.2014, 08:43
| #12 |
| /// the machine /// TB-Ausbilder | Malware und Adware Befall nach Installation von "StreamTransport" Ok, ich muss erstmal was klären mit den Herren Autoren. Ich melde mich wieder.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.12.2014, 10:48
| #13 |
| /// the machine /// TB-Ausbilder | Malware und Adware Befall nach Installation von "StreamTransport" Downloade Dir HitmanPro  auf Deinen Desktop:HitmanPro - 32 Bit HitmanPro - 64 Bit
Poste bitte den Inhalt der HitmanPro_<Datum_Uhrzeit>.txt mit Deiner nächsten Antwort.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.12.2014, 11:07
| #14 |
| | Malware und Adware Befall nach Installation von "StreamTransport"Code:
ATTFilter HitmanPro 3.7.9.232
www.hitmanpro.com
Computer name . . . . : LENA-PC
Windows . . . . . . . : 6.1.1.7601.X64/2
User name . . . . . . : Lena-PC\Lena
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (30 days left)
Scan date . . . . . . : 2014-12-05 10:56:02
Scan mode . . . . . . : Normal
Scan duration . . . . : 7m 14s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 2
Traces . . . . . . . : 6
Objects scanned . . . : 2 542 872
Files scanned . . . . : 169 141
Remnants scanned . . : 1 048 502 files / 1 325 229 keys
Malware _____________________________________________________________________
C:\Users\Lena\Downloads\Setup v2 1.exe -> Deleted
Size . . . . . . . : 1 029 608 bytes
Age . . . . . . . : 10.0 days (2014-11-25 10:12:25)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 5D9455243C3FF6C83904DBE34B7CADC178992DCC571BBB8339376C044E0A888A
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Application.Bundler.SoftPulse.E
> Kaspersky . . . . : Trojan.Win32.Inject.tmvx
Fuzzy . . . . . . : 108.0
C:\Users\Lena\Downloads\SVP12Build765\Sony Vegas Pro 12 Build 765 64-Bit\KeyGen\di-sp230\di-sp23\Keygen.exe -> Quarantined
Size . . . . . . . : 3 747 840 bytes
Age . . . . . . . : 65.7 days (2014-09-30 17:08:21)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 328F712942A93BEAE528597B54FF7E8897F2A58D7BBC1A5956144181AF06A7E9
> G Data . . . . . . : Trojan.Generic.9412602
Fuzzy . . . . . . : 118.0
Suspicious files ____________________________________________________________
C:\Users\Lena\Downloads\FRST-OlderVersion\FRST64.exe
Size . . . . . . . : 2 117 632 bytes
Age . . . . . . . : 4.9 days (2014-11-30 12:23:28)
Entropy . . . . . : 7.5
SHA-256 . . . . . : 0A3AF33164BDB71EDE4BC4EC461207C03FC8E9FFEF291B4538F8BEC99AB804D8
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
C:\Users\Lena\Downloads\FRST64.exe
Size . . . . . . . : 2 117 120 bytes
Age . . . . . . . : 2.9 days (2014-12-02 13:03:43)
Entropy . . . . . : 7.5
SHA-256 . . . . . : 81232B69650A6091BC14D05B98CDD301CE78CF5DA433FB03FCB8C0CF85DB5BE8
Needs elevation . : Yes
Source URL . . . . : hxxp://download.bleepingcomputer.com/dl/ea0fab41dc14f0667ba87b69e94cc953/547daab3/windows/security/security-utilities/f/farbar-recovery-scan-tool/64/FRST64.exe
Fuzzy . . . . . . : 27.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
The file is downloaded from the Internet to this computer.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-48.6s C:\Users\Lena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KBOUPKXP\582237_285238378236334_455049394_n[1].jpg
-45.7s C:\Users\Lena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KBOUPKXP\11020_865141546852751_6869598674098251471_n[1].jpg
-30.1s C:\Users\Lena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QH8YTS5Z\EqsQ4YHnlQL[1].png
-2.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{F0AB364D-2BC9-4BAA-92AE-7E083E9F5611}
-1.2s C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Cookies\PTMUA1H1.txt
-1.1s C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Cookies\VD5PTK4J.txt
-1.1s C:\Users\Lena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W5W9YBM2\82[1].htm
0.0s C:\Users\Lena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\83W67W86\FRST64[1].exe
0.0s C:\Users\Lena\Downloads\FRST64.exe
1.3s C:\Users\Lena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XGNON6XT\1471279_10201258209440814_1905482600_n[1].jpg
1.7s C:\Users\Lena\Downloads\FRST-OlderVersion\
4.3s C:\Windows\Prefetch\FRST64.EXE-91619141.pf
Potential Unwanted Programs _________________________________________________
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}\ (DomalQ) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\ (DomalQ) -> Deleted
|
|
06.12.2014, 09:22
| #15 |
| /// the machine /// TB-Ausbilder | Malware und Adware Befall nach Installation von "StreamTransport" Nochmal Hitman, alle Funde löschen lassen, dann bitte 2 frische FRST logs.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Malware und Adware Befall nach Installation von "StreamTransport" |
| device driver, fehlercode 22, fehlercode 28, fehlercode windows, neue tabs mit werbung, pup.optional.boost.a, pup.optional.bundle, pup.optional.clara.a, pup.optional.crossrider.a, pup.optional.globalupdate.a, pup.optional.livelyrics.a, pup.optional.opencandy, pup.optional.selectngo.a, pup.optional.smartsaver.a, pup.optional.soft32, pup.optional.wajam, riskware.tool.ck, spotify web helper, tabs mit werbung, this device is disabled. (code 22), trojan.onlinegames |
Linear-Darstellung
