| |
| |||||||
Log-Analyse und Auswertung: Windows Vista - InstallMonetizer.AQ MSIL/BrowseFox.J Toolbar.Widgi.N Systweak.AWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.05.2015, 21:45
| #1 |
| |  Windows Vista - InstallMonetizer.AQ MSIL/BrowseFox.J Toolbar.Widgi.N Systweak.A Aus irgendwelchen Gründen stürtzt Firefox ständig ab. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-05-2015
Ran by Lexy (administrator) on LEXY-PC on 20-05-2015 19:12:25
Running from C:\Users\Lexy\Desktop
Loaded Profiles: Lexy (Available profiles: Lexy)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sony Corporation) C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
(NCP engineering GmbH) C:\Program Files\LANCOM\Advanced VPN Client\NcpBudgetGui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(NCP engineering GmbH) C:\Program Files\LANCOM\Advanced VPN Client\ncpclcfg.exe
(NCP Engineering GmbH) C:\Program Files\LANCOM\Advanced VPN Client\ncprwsnt.exe
() C:\Program Files\LANCOM\Advanced VPN Client\NCPSEC.EXE
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(SigmaTel, Inc.) C:\Windows\System32\stacsv.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Expert System S.p.A.) C:\Program Files\Duden\Duden Korrektor\DKCore.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
() C:\Program Files\Opera\29.0.1795.47\opera_autoupdate.exe
(Opera Software ASA) C:\Windows\Temp\Opera Autoupdate\cprogram filesopera\2780_27278\Opera_Stable_29.0.1795.60-29.0.1795.47_Patch.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ESET) C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
() C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [NcpBudgetGui] => C:\Program Files\LANCOM\Advanced VPN Client\NcpBudgetGui.exe [999424 2013-11-13] (NCP engineering GmbH)
HKLM\...\Run: [NcpPopup] => C:\Program Files\LANCOM\Advanced VPN Client\ncppopup.exe [1011280 2012-03-20] (NCP engineering GmbH)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-04-02] (RealNetworks, Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
Winlogon\Notify\VESWinlogon: C:\Windows\SYSTEM32\VESWinlogon.dll [2007-07-25] (Sony Corporation)
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {11b66750-b5e2-11de-9df8-001bfb57dcd1} - explorer .\Start.htm
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {39296a35-1998-11e1-b200-001e101f1838} - F:\AutoRun.exe
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {858936fd-2a7a-11e1-9f04-001a804a3ef4} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {8bdb5a25-1eb6-11dd-a0f9-001bfb57dcd1} - G:\InstallTomTomHOME.exe
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {90147ad3-cb2b-11e0-a807-001a804a3ef4} - F:\AutoRun.exe
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {90147b0c-cb2b-11e0-a807-001e101f82a0} - F:\AutoRun.exe
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {f83f8188-d23d-11e0-9eab-001e101f4da1} - F:\AutoRun.exe
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> none
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => "C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-03-23]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search.yahoo.com?type=668083&fr=spigot-yhp-ie
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2
URLSearchHook: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 - IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\7.3\iobitToolbarIE.dll No File
URLSearchHook: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.3\iobitappsToolbarIE.dll No File
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM -> {539F31C0-3B74-40B9-A47D-9655DDEBB7EC} URL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=sny_ie7
SearchScopes: HKU\.DEFAULT -> DefaultScope {3AD58498-B64A-4094-913D-BCA865C6027E} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=668083&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {3AD58498-B64A-4094-913D-BCA865C6027E} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=668083&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {539F31C0-3B74-40B9-A47D-9655DDEBB7EC} URL =
SearchScopes: HKU\.DEFAULT -> {76D942BC-59C4-4034-B456-48CE494193B8} URL =
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> DefaultScope {76D942BC-59C4-4034-B456-48CE494193B8} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {0E8310AC-7BDC-4C45-8159-319CC44B4E9A} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B8A10200B48583FC&affID=119357&tt=240913_246&tsp=5016
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {539F31C0-3B74-40B9-A47D-9655DDEBB7EC} URL =
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {559EBC72-CCE9-42AE-8E31-119F867AC22D} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {5AFA46B7-57B8-4318-BC64-44C5A7F12DDE} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=068d8e74-f9ba-11e0-8b53-001a804a3ef4&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {76D942BC-59C4-4034-B456-48CE494193B8} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {CF739809-1C6C-47C0-85B9-569DBB141420} URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=DVS
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2014-03-20] (IObit)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No File
Toolbar: HKU\.DEFAULT -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://navigram.com/engine/v1140/Navigram.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-07-12] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-02-18] (DivX, LLC)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-02-18] (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @innoplus.de/ino3DViewer -> C:\Program Files\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll [2008-11-26] (INNOVA-engineering GmbH Dresden)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files\Virtual Earth 3D\ [2010-04-26] ()
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-09-27] (Google)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-04-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2009-04-15] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-04-02] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3626444559-52657498-4274862289-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Lexy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-11-13] (Citrix Online)
FF user.js: detected! => C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\user.js [2013-09-25]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2008-06-02] (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-04-02] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-04-02] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2011-10-03] (vShare.tv )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012-06-20] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\searchplugins\babylon.xml [2013-05-27]
FF SearchPlugin: C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\searchplugins\delta.xml [2013-05-27]
FF Extension: Yontoo - C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\plugin@yontoo.com [2013-04-09]
FF Extension: Bitdefender QuickScan - C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2015-05-20]
FF Extension: FreeHDSport TV - C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\fhdp@fhdp.tv.xpi [2013-04-09]
FF Extension: Ghostery - C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\firefox@ghostery.com.xpi [2015-05-15]
FF Extension: NoScript - C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-12-15]
FF Extension: Adblock Plus - C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-22]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-16]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-16]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord [2009-04-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-25]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-02]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2012-09-08]
Chrome:
=======
CHR Profile: C:\Users\Lexy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Tube Karaoke) - C:\Users\Lexy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgnhgbflngpggpmpfdkhmhmfdophhepe [2013-05-27]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Lexy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-04-14]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Lexy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-05-27]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.0.crx [2012-11-22]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx [2013-07-05]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [kkfggacklibaabdomphfdpcodjgihgon] - C:\Program Files\ATDheNetTVApp.com\stv10.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files\vShare.tv plugin\vshareplg.crx [2011-08-31]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx [2013-04-26]
CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files\Yontoo\YontooLayers.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2011-12-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2011-12-15] (Avira Operations GmbH & Co. KG)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2009-07-20] (Logitech, Inc.)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-03-20] (IObit)
S4 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 ncpclcfg; C:\Program Files\LANCOM\Advanced VPN Client\ncpclcfg.exe [150800 2013-10-28] (NCP engineering GmbH)
R2 ncprwsnt; C:\Program Files\LANCOM\Advanced VPN Client\ncprwsnt.exe [1400584 2014-02-28] (NCP Engineering GmbH)
R2 NcpSec; C:\Program Files\LANCOM\Advanced VPN Client\NCPSEC.EXE [119808 2011-04-21] () [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S4 serviceIEConfig; C:\Windows\System32\ieconfig_1und1_svc.exe [662416 2009-04-15] (mquadr.at softwareengineering und consulting gmbh)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S4 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [File not signed]
R2 STacSV; C:\Windows\system32\stacsv.exe [94208 2007-06-12] (SigmaTel, Inc.)
S4 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [104960 2007-11-09] (ArcSoft, Inc.)
S4 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2007-06-28] (Sony Corporation) [File not signed]
S4 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182392 2007-07-25] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2523136 2007-06-21] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-IntegratedServer-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-06-21] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-06-21] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-Mobile-Gateway; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [499712 2007-06-21] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-11] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-UCLS-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-06-21] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-06-21] (Sony Corporation) [File not signed]
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [333088 2008-03-03] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2007-06-28] (Sony Corporation) [File not signed]
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1228336 2014-02-27] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [188416 2007-06-28] (Sony Corporation) [File not signed]
R2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [184320 2007-06-28] (Sony Corporation) [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2009-11-13] (WDC) [File not signed]
R2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S4 Application Updater; "C:\Program Files\Application Updater\ApplicationUpdater.exe" [X]
S2 Yontoo Desktop Updater; "C:\Program Files\Yontoo\Y2Desktop.Updater.exe" "C:\Users\Lexy\AppData\Roaming\Yontoo\YontooDesktop.exe"
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [74640 2011-12-15] (Avira GmbH)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137416 2012-02-15] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-12-15] (Avira GmbH)
R1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [9072 2008-07-04] (Sonic Solutions)
R1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [9200 2008-07-04] (Sonic Solutions)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
S3 GigasetGenericUSB; C:\Windows\System32\DRIVERS\GigasetGenericUSB.sys [44032 2012-10-08] (Siemens Home and Office Communication Devices GmbH & Co. KG)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 ncpfilt; C:\Windows\System32\DRIVERS\ncplelhp.sys [87888 2014-02-28] (NCP Engineering GmbH)
R3 ncplelhp; C:\Windows\System32\DRIVERS\ncplelhp.sys [87888 2014-02-28] (NCP Engineering GmbH)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
S3 SonyImgF; C:\Windows\System32\DRIVERS\SonyImgF.sys [31104 2007-04-05] (Sony Corporation) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2010-02-25] () [File not signed]
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-06-12] (SigmaTel, Inc.)
R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2007-06-05] (Texas Instruments)
S3 w800bus; C:\Windows\System32\DRIVERS\w800bus.sys [60768 2005-06-13] (MCCI)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 ivusb; system32\DRIVERS\ivusb.sys [X]
S3 nmwcdnsu; system32\drivers\nmwcdnsu.sys [X]
S3 nmwcdnsuc; system32\drivers\nmwcdnsuc.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
U5 usbser; C:\Windows\System32\Drivers\usbser.sys [27648 2009-04-11] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-20 19:12 - 2015-05-20 19:15 - 00034646 _____ () C:\Users\Lexy\Desktop\FRST.txt
2015-05-20 19:11 - 2015-05-20 19:12 - 00000000 ____D () C:\FRST
2015-05-20 19:07 - 2015-05-20 19:08 - 00000470 _____ () C:\Users\Lexy\Desktop\defogger_disable.log
2015-05-20 19:07 - 2015-05-20 19:07 - 00000000 _____ () C:\Users\Lexy\defogger_reenable
2015-05-20 19:04 - 2015-05-20 19:04 - 00050477 _____ () C:\Users\Lexy\Desktop\Defogger.exe
2015-05-20 18:59 - 2015-05-20 18:59 - 01146880 _____ (Farbar) C:\Users\Lexy\Desktop\FRST.exe
2015-05-20 15:53 - 2015-05-20 15:53 - 00000000 ____D () C:\Program Files\ESET
2015-05-20 15:51 - 2015-05-20 15:51 - 02347384 _____ (ESET) C:\Users\Lexy\Downloads\esetsmartinstaller_enu.exe
2015-05-20 12:44 - 2015-05-20 12:44 - 00001842 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-20 12:43 - 2015-05-20 12:44 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-18 20:43 - 2015-05-18 20:43 - 01046430 _____ () C:\Users\Lexy\Downloads\STANDING.pdf.part
2015-05-18 00:21 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-05-18 00:21 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-05-18 00:21 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-05-18 00:21 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-05-18 00:21 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-18 00:21 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-05-18 00:21 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-18 00:21 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-18 00:21 - 2015-04-19 22:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-18 00:21 - 2015-04-19 06:59 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-17 23:27 - 2015-05-17 23:27 - 00000852 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-17 23:24 - 2015-05-17 23:25 - 00243656 _____ () C:\Users\Lexy\Downloads\Firefox Setup Stub 38.0.1(1).exe
2015-05-17 23:24 - 2015-05-17 23:24 - 00243656 _____ () C:\Users\Lexy\Downloads\Firefox Setup Stub 38.0.1.exe
2015-05-17 19:52 - 2015-04-10 17:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-17 19:52 - 2015-04-10 17:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-17 19:52 - 2015-04-10 17:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-17 19:52 - 2015-04-10 17:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-17 19:52 - 2015-04-10 17:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-17 19:52 - 2015-04-10 17:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-17 19:52 - 2015-04-10 17:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-17 19:52 - 2015-04-10 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-17 19:52 - 2015-04-10 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-17 19:52 - 2015-04-10 17:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-17 19:52 - 2015-04-10 17:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-17 19:52 - 2015-04-10 17:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-17 19:52 - 2015-04-10 17:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-17 19:52 - 2015-04-10 17:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-17 19:51 - 2015-04-10 17:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-17 19:07 - 2015-01-29 03:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-05-17 19:06 - 2015-01-29 03:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-05-17 19:04 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-05-17 19:04 - 2014-08-27 02:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-05-17 19:02 - 2014-06-16 00:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-05-17 19:02 - 2014-06-13 20:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-05-17 19:02 - 2014-06-13 20:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-05-17 19:00 - 2014-12-19 02:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-05-17 19:00 - 2014-10-10 03:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-05-17 19:00 - 2014-10-10 03:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-17 19:00 - 2014-10-10 01:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-17 18:58 - 2014-11-04 02:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-05-17 18:56 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-17 18:56 - 2015-03-05 04:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-17 18:56 - 2015-01-15 06:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-17 18:56 - 2014-10-10 03:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-17 18:47 - 2014-10-24 03:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-17 18:46 - 2015-03-05 04:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-05-17 18:46 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-17 18:45 - 2015-03-14 04:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-17 18:45 - 2015-03-13 03:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-05-17 18:45 - 2015-03-13 03:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-17 18:45 - 2015-01-09 04:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-17 18:45 - 2015-01-09 02:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-17 18:45 - 2014-10-24 03:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-05-17 18:31 - 2014-11-26 04:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-05-17 18:30 - 2015-02-20 04:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-05-17 18:30 - 2015-02-20 02:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-05-17 18:26 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-17 18:19 - 2015-05-17 18:21 - 00000000 ____D () C:\Users\Lexy\AppData\Local\PDFCreator
2015-05-17 18:18 - 2015-01-21 04:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-05-17 18:17 - 2014-08-12 04:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-05-17 18:11 - 2015-05-17 18:11 - 00000832 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2015-05-17 18:11 - 2015-05-17 18:11 - 00000000 ____D () C:\Users\Lexy\AppData\Roaming\pdfforge
2015-05-17 18:11 - 2015-05-17 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-05-17 18:10 - 2014-10-13 03:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-05-17 18:06 - 2015-05-17 18:08 - 27837984 _____ (pdfforge ) C:\Users\Lexy\Downloads\PDFCreator-2_1_1-setup.exe
2015-05-17 18:06 - 2015-05-17 18:08 - 27837984 _____ (pdfforge ) C:\Users\Lexy\Downloads\PDFCreator-2_1_1-setup(1).exe
2015-05-16 10:28 - 2014-12-06 05:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-05-16 10:28 - 2014-10-03 03:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-05-16 10:28 - 2014-10-03 03:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-05-16 10:28 - 2014-10-03 03:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-05-16 10:28 - 2014-10-03 03:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-05-16 10:27 - 2015-02-18 04:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-05-16 10:27 - 2014-12-06 05:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-05-16 10:27 - 2014-12-06 05:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-05-16 10:24 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-16 10:19 - 2014-09-05 01:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2015-05-16 10:15 - 2014-12-08 03:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-05-16 10:14 - 2014-12-06 05:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-05-15 18:05 - 2015-05-15 18:07 - 00000000 ____D () C:\Users\Lexy\Desktop\STICK
2015-05-14 07:29 - 2015-05-14 07:29 - 00000000 ____D () C:\Users\Lexy\AppData\Local\Avg
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-20 19:15 - 2007-12-04 00:42 - 00000000 ____D () C:\Users\Lexy\AppData\Roaming\Skype
2015-05-20 19:07 - 2007-11-24 16:31 - 00000000 ____D () C:\Users\Lexy
2015-05-20 18:57 - 2014-01-11 23:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-20 17:51 - 2014-04-09 23:33 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-20 17:44 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-20 17:44 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-20 16:26 - 2012-03-02 22:04 - 01719885 _____ () C:\Windows\WindowsUpdate.log
2015-05-20 15:45 - 2014-01-27 23:15 - 00000000 ____D () C:\Users\Lexy\AppData\Roaming\QuickScan
2015-05-20 14:05 - 2013-12-15 11:33 - 00000820 _____ () C:\Windows\Tasks\Google Software Updater.job
2015-05-20 12:46 - 2011-01-26 23:43 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-05-20 11:46 - 2012-01-26 23:16 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-05-20 11:44 - 2014-02-22 18:47 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-20 11:44 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-20 00:00 - 2007-08-02 04:03 - 00003204 _____ () C:\Windows\bthservsdp.dat
2015-05-20 00:00 - 2006-11-02 15:01 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-19 23:02 - 2012-07-17 20:24 - 00001752 ____H () C:\Users\Lexy\Documents\Default.rdp
2015-05-19 13:38 - 2014-04-07 21:35 - 00000000 ____D () C:\Program Files\Opera
2015-05-18 21:32 - 2014-02-22 18:47 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-18 21:18 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-18 20:10 - 2013-07-16 10:40 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-18 16:25 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2015-05-18 16:14 - 2006-11-02 12:33 - 00006798 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-18 16:06 - 2006-11-02 14:47 - 00442120 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-18 16:03 - 2014-02-16 21:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-18 16:03 - 2013-12-29 11:59 - 00476448 _____ () C:\Windows\PFRO.log
2015-05-18 16:03 - 2013-03-21 23:53 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-18 00:23 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2015-05-18 00:23 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-17 23:27 - 2011-03-26 17:44 - 00000864 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-17 19:06 - 2007-10-10 05:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-17 18:12 - 2012-10-14 20:20 - 00000000 ____D () C:\Program Files\PDFCreator
2015-05-17 17:57 - 2011-06-16 19:53 - 00002455 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-16 10:21 - 2010-06-07 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-16 10:20 - 2008-06-01 14:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-16 10:09 - 2014-05-20 21:35 - 00000978 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2015-05-15 18:57 - 2012-05-17 08:07 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-15 18:57 - 2011-08-02 18:24 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-14 07:45 - 2007-12-04 00:38 - 00000000 ____D () C:\ProgramData\Skype
2015-05-14 07:32 - 2014-04-09 23:39 - 00000858 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2015-05-14 07:20 - 2014-03-20 21:18 - 00000000 ____D () C:\ProgramData\ProductData
2015-04-30 10:07 - 2006-11-02 12:24 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
==================== Files in the root of some directories =======
2007-03-12 18:59 - 2007-03-12 18:59 - 0299008 _____ () C:\Program Files\navigram_register.exe
2011-08-02 18:27 - 2011-07-14 10:31 - 1456640 _____ () C:\Program Files\Common Files\Falk Navi-Manager.msi
2008-05-10 21:31 - 2009-03-21 15:27 - 0000000 _____ () C:\Users\Lexy\AppData\Roaming\AVSDVDPlayer.m3u
2012-07-11 22:12 - 2012-07-11 22:15 - 0002415 _____ () C:\Users\Lexy\AppData\Roaming\hamster_installer_log.txt
2008-10-04 13:13 - 2011-06-12 21:19 - 0027657 _____ () C:\Users\Lexy\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2008-12-29 20:38 - 2011-04-11 22:20 - 0009521 _____ () C:\Users\Lexy\AppData\Roaming\mdbu.bin
2009-10-04 12:02 - 2009-10-04 12:02 - 0000760 _____ () C:\Users\Lexy\AppData\Roaming\setup_ldm.iss
2014-06-19 08:11 - 2014-06-19 08:11 - 0000024 _____ () C:\Users\Lexy\AppData\Roaming\temp.ini
2012-01-26 23:34 - 2012-01-26 23:34 - 0020289 _____ () C:\Users\Lexy\AppData\Roaming\UserTile.png
2007-11-25 02:26 - 2007-12-05 21:36 - 0000572 _____ () C:\Users\Lexy\AppData\Roaming\wklnhst.dat
2010-11-20 22:11 - 2012-06-11 01:14 - 0001188 _____ () C:\Users\Lexy\AppData\Local\crc32list11.txt
2007-12-04 00:39 - 2007-12-04 00:39 - 0000552 _____ () C:\Users\Lexy\AppData\Local\d3d8caps.dat
2008-02-22 20:02 - 2012-03-02 23:32 - 0001356 _____ () C:\Users\Lexy\AppData\Local\d3d9caps.dat
2007-11-24 16:39 - 2014-02-08 11:33 - 0154624 _____ () C:\Users\Lexy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-11 22:15 - 2012-07-11 22:15 - 0000393 _____ () C:\Users\Lexy\AppData\Local\HamsterVideoConverterSettings.cfg
2009-03-10 22:38 - 2009-04-15 09:29 - 0000089 _____ () C:\Users\Lexy\AppData\Local\qeymg.bat
2009-04-07 17:08 - 2009-04-10 08:44 - 0313413 _____ () C:\Users\Lexy\AppData\Local\ywwamqw_nav.dat
2014-01-27 23:49 - 2014-01-27 23:49 - 0764668 _____ () C:\ProgramData\1390858327.bdinstall.bin
2014-03-22 21:47 - 2014-03-22 21:47 - 0092109 _____ () C:\ProgramData\1395517664.bdinstall.bin
2014-03-22 21:50 - 2014-03-22 21:50 - 0250923 _____ () C:\ProgramData\1395517667.bdinstall.bin
2007-12-05 21:11 - 2007-12-05 21:11 - 0000032 _____ () C:\ProgramData\ezsid.dat
2008-06-01 14:36 - 2008-06-01 14:36 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-11-01 14:35 - 2011-05-20 18:00 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt
2007-10-10 05:18 - 2007-10-10 05:19 - 1132112 _____ () C:\ProgramData\pswi_preloaded.exe
Files to move or delete:
====================
C:\ProgramData\ezsid.dat
C:\ProgramData\pswi_preloaded.exe
Some content of TEMP:
====================
C:\Users\Lexy\AppData\Local\Temp\DivXSetup.exe
C:\Users\Lexy\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Lexy\AppData\Local\Temp\GLF20FD.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF3105.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF3A3F.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF4AE.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF5263.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF5EED.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF6219.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF6756.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF6802.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF6FA0.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF7A24.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF878C.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF936A.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF9BC8.EXE
C:\Users\Lexy\AppData\Local\Temp\GLFD436.EXE
C:\Users\Lexy\AppData\Local\Temp\GLFE24B.EXE
C:\Users\Lexy\AppData\Local\Temp\GLFE8BE.EXE
C:\Users\Lexy\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Lexy\AppData\Local\Temp\lowproc.exe
C:\Users\Lexy\AppData\Local\Temp\promote-upx.exe
C:\Users\Lexy\AppData\Local\Temp\SHSetup.exe
C:\Users\Lexy\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Lexy\AppData\Local\Temp\stubhelper.dll
C:\Users\Lexy\AppData\Local\Temp\updatepackasc.exe
C:\Users\Lexy\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Lexy\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Lexy\AppData\Local\Temp\_is6F6D.exe
C:\Users\Lexy\AppData\Local\Temp\_is98DD.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-20 12:04
==================== End Of Log ============================
Code:
ATTFilter C:\Program Files\IObit Apps Toolbar\WidgiHelper.exe a variant of Win32/Toolbar.Widgi.N potentially unwanted application deleted - quarantined
C:\Program Files\IObit Toolbar\WidgiHelper.exe a variant of Win32/Toolbar.Widgi.N potentially unwanted application deleted - quarantined
C:\Users\Lexy\AppData\Roaming\Yontoo\dat\DIBS.dat a variant of MSIL/BrowseFox.J potentially unwanted application deleted - quarantined
C:\Users\Lexy\Downloads\PDFCreator-2_1_1-setup(1).exe Win32/InstallMonetizer.AQ potentially unwanted application deleted - quarantined
C:\Users\Lexy\Downloads\PDFCreator-2_1_1-setup.exe Win32/InstallMonetizer.AQ potentially unwanted application deleted - quarantined
C:\Windows\System32\roboot.exe a variant of Win32/Systweak.A potentially unwanted application deleted - quarantined
|
|
20.05.2015, 21:47
| #2 |
| | Windows Vista - InstallMonetizer.AQ MSIL/BrowseFox.J Toolbar.Widgi.N Systweak.A Addition
__________________Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-05-2015
Ran by Lexy at 2015-05-20 19:16:52
Running from C:\Users\Lexy\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3626444559-52657498-4274862289-500 - Administrator - Disabled)
Guest (S-1-5-21-3626444559-52657498-4274862289-501 - Limited - Disabled)
Lexy (S-1-5-21-3626444559-52657498-4274862289-1002 - Administrator - Enabled) => C:\Users\Lexy
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3D-Viewer-innoPlus (HKLM\...\{B96DB037-DBEA-4186-9081-9CBD537F82E8}) (Version: 10.00.0119 - INNOVA-engineering GmbH)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Adobe SVG Viewer (HKLM\...\Adobe SVG Viewer) (Version: 1.0 - Adobe Systems, Inc.)
AFPL Ghostscript 8.54 (HKLM\...\AFPL Ghostscript 8.54) (Version: - )
AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version: - )
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-i Visual Effects Installer (HKLM\...\{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}) (Version: - ArcSoft)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4311 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
AVS DVD Player version 2.4 (HKLM\...\AVS DVD Player_is1) (Version: - Online Media Technologies Ltd.)
Bing Maps 3D (HKLM\...\{2D87E961-577B-492B-AD54-1368680FB9A7}) (Version: 4.0.903.16005 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CadStd (HKLM\...\CadStd) (Version: 3.7.4 - Apperson & Daughters)
CanoScan Toolbox Ver4.1 (HKLM\...\{BCE46757-7674-4416-BEDB-68205A60409E}) (Version: - )
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Citrix Online Launcher (HKLM\...\{307ECD26-43D7-4AD4-82CF-794B63EDF096}) (Version: 1.0.141 - Citrix)
Click to DVD 2.0.05 Menu Data (HKLM\...\{9E407618-D9CD-4F39-9490-9ED45294073D}) (Version: 2.0.05 - Sony Corporation)
Click to DVD 2.6.00 (HKLM\...\{E809063C-51A3-4269-8984-D1EB742F2151}) (Version: 2.6.00 - Sony Corporation)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
DSD Direct (HKLM\...\{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}) (Version: 2.0.01 - Sony Corporation)
DSD Playback Plug-in (HKLM\...\{009E7FB7-1775-4D89-8956-F5C9A1C019FC}) (Version: 1.1 - Sony Corporation)
DSL Connection Manager (Version: 2.0.0.17 - Telefónica o2 Germany GmbH & Co. OHG) Hidden
Duden Korrektor PLUS (HKLM\...\InstallShield_{541E5E15-7186-4395-9593-16D02765FF27}) (Version: 5.00.1507.00 - Duden)
Duden Korrektor PLUS (Version: 5.00.1507.00 - Duden) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Falk Navi-Manager (Version: 2.1.0.0 - Falk Marcopolo Interactive GmbH) Hidden
Falk Navi-Manager (Version: 2.7.0 - Falk Navigation GmbH) Hidden
Favorit (HKLM\...\qeymg) (Version: - )
GearDrvs (Version: 1 - Symantec Corporation) Hidden
Gigaset QuickSync (HKLM\...\{627673ff-f4ea-43fd-893d-28fc6176fb2d}) (Version: 8.0.0856.1 - Gigaset Communications GmbH)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GoToMeeting 5.9.0.1207 (HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)
GPL Ghostscript 9.00 (HKLM\...\GPL Ghostscript 9.00) (Version: - )
GuG - Grundstücksmarkt und Grundstückswert (HKLM\...\{B4ACF448-765F-45B0-9C2A-05E426600A4C}) (Version: 1.0 - Wolters Kluwer Deutschland Information Services GmbH)
HDAUDIO SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200) (Version: - )
Instant Mode (HKLM\...\{E6707034-D7A4-49B1-94D0-F5AACE46F06C}) (Version: 1.0.2 - InterVideo)
IObit Apps Toolbar v7.3 (HKLM\...\{BB398653-2180-436A-ACA8-33B6F98135F5}) (Version: 7.3 - Spigot, Inc.) <==== ATTENTION
IObit Toolbar Removal Tool (HKLM\...\IObit Toolbar Removal Tool_is1) (Version: build_1.0.0.142_rev_3343_date_12:50:45 28-02-14 - Security Stronghold) <==== ATTENTION
IObit Toolbar v7.3 (HKLM\...\{5ACE806A-910C-4D00-8347-A5426875BAF7}) (Version: 7.3 - Spigot, Inc.) <==== ATTENTION
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 3.2.9.10 - IObit)
iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JiveX DICOM Viewer Light 4.4.2 (HKLM\...\JiveX DICOM Viewer Light 4.4.2) (Version: - VISUS Technology Transfer GmbH)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
LANCOM Advanced VPN Client (HKLM\...\NCP RWS/GA) (Version: 2.32 Build 218 - LANCOM Systems GmbH)
LocationFree Player (HKLM\...\{D937DD80-3928-4617-876F-538A25AECB17}) (Version: 3.02.0000 - Sony Corporation)
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 16.002.03.02.511 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 38.0.1 (x86 de) (HKLM\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.3.01.13160 - Sony Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.2 - F.J. Wechselberger)
NAVIGON Fresh 3.4.1 (HKLM\...\NAVIGON Fresh) (Version: 3.4.1 - NAVIGON)
Norton 360 (Version: 1.2.0.10 - Symantec Corporation) Hidden
Office-Bibliothek (HKLM\...\{5C81B189-5456-40C4-9313-7FE6FA6DD64C}) (Version: 5.00.3 - Bibliographisches Institut & F.A. Brockhaus AG)
Online Foto Print System ( OFPS Printax Foto+Medienlabor ) (HKLM\...\Online Foto Print System (printax)) (Version: - )
OpenMG Limited Patch 4.7-07-15-19-01 (HKLM\...\OpenMG HotFix4.7-07-13-22-01) (Version: - )
OpenMG Secure Module 4.7.00 (HKLM\...\InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation)
OpenMG Secure Module 4.7.00 (Version: 4.7.00.12140 - Sony Corporation) Hidden
Opera Stable 29.0.1795.47 (HKLM\...\Opera 29.0.1795.47) (Version: 29.0.1795.47 - Opera Software ASA)
PDF Blender (HKLM\...\PDF Blender) (Version: - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.1 - pdfforge)
Primo (Version: 1.00.0000 - Your Company Name) Hidden
QuickBooks Product Listing Service (HKLM\...\{91208A47-5D08-4C79-986F-1931940F51BB}) (Version: 2.0.148 - Intuit)
RamBooster (HKLM\...\{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}) (Version: 2.0 - RamBooster) <==== ATTENTION
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version: - )
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealPlayer (HKLM\...\RealPlayer 6.0) (Version: - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Regel 7.0 Standard Demo (HKLM\...\Regel 7.0 Standard Demo) (Version: 7.01 - HPW-Software)
Runtime (Version: 1.00.0000 - Your Company Name) Hidden
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Samsung New PC Studio USB Driver Installer (HKLM\...\InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio USB Driver Installer (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Samsung PC Studio 3 USB Driver Installer (HKLM\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Samsung Samples Installer (HKLM\...\{7AC15160-A49B-4A89-B181-D4619C025FFF}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
SAMSUNG SYMBIAN USB Download Driver (HKLM\...\{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}) (Version: 1.1.808.7165 - SAMSUNG Electronics CO,.LTD)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.103.0 - SAMSUNG Electronics Co., Ltd.)
SamsungConnectivityCableDriver (HKLM\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung)
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Setting Utility Series (HKLM\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 3.0.00.07240 - Sony Corporation)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.13 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
SlimDX Redistributable (June 2010) (HKLM\...\{354D00E0-C7C9-4BC1-BC12-08C4977AA827}) (Version: 2.0.10.43 - SlimDX Group)
SonicStage Mastering Studio Audio Filter (HKLM\...\{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}) (Version: 2.3.01 - Sony Corporation)
SonicStage Mastering Studio Audio Filter Custom Preset (HKLM\...\{EC37A846-53AC-4DA7-98FA-76A4E74AA900}) (Version: 2.3 - Sony Corporation)
SonicStage Mastering Studio Plugins (HKLM\...\{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}) (Version: 2.4 - Sony Corporation)
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 4.2.11.14260 - Sony Corporation)
Sony Video Shared Library (HKLM\...\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}) (Version: 3.2.00 - Sony Corporation)
Sublight (HKLM\...\Sublight_is1) (Version: 4.0.0 - Sublight Labs)
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Sweet Home 3D version 3.5 (HKLM\...\Sweet Home 3D_is1) (Version: - eTeks)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
t@x 2014 (HKLM\...\{2547CF96-DBB7-4EDD-9327-0EFDD0D1FA8A}) (Version: 21.00.8480 - Buhl Data Service GmbH)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.16642 - TeamViewer)
TVUPlayer 2.5.2.2 (HKLM\...\TVUPlayer) (Version: 2.5.2.2 - TVU networks)
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
UUSEE(ÓÆÊÓÍøÂçµçÊÓ) 4.3.6.5 (HKLM\...\UUSEE(ÓÆÊÓÍøÂçµçÊÓ)) (Version: 4.3.6.5 - UUSee company, Inc.)
VAIO Azure Float Wallpaper (HKLM\...\{0312BD0D-A1FE-4E1A-9208-D436F566D867}) (Version: 1.0.00.10100 - Sony Corporation)
VAIO Camera Capture Utility (HKLM\...\{6D2576EC-A0E9-418A-A09A-409933A3B6F4}) (Version: 2.7.01.08030 - Sony Corporation)
VAIO Center Access Bar (HKLM\...\{C299F969-AE3D-4679-ADF5-682A186CE62E}) (Version: 1.00.0622 - Sony)
VAIO Content Folder Setting (HKLM\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 1.0.00.07170 - Sony Corporation)
VAIO Content Importer VAIO Content Exporter (Version: 1.4.73.04270 - Sony Corporation) Hidden
VAIO Content Importer / VAIO Content Exporter (HKLM\...\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}) (Version: 1.4.73.04270 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (HKLM\...\{DEBA60A3-7CDE-48D7-993D-7C68663AEE68}) (Version: 3.0.01.03032 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (Version: 3.0.01.03032 - Sony Corporation) Hidden
VAIO Content Metadata Manager Settings (HKLM\...\{12D0BE8D-538C-4AB1-86DE-C540308F50DA}) (Version: 3.6.0.09240 - Sony Corporation)
VAIO Content Metadata Manager Settings (Version: 3.6.0.09240 - Sony Corporation) Hidden
VAIO Content Metadata XML Interface Library (HKLM\...\{AEBB1D78-EB8C-4F8B-B57E-459958979C3B}) (Version: 3.1.00.03103 - Sony Corporation)
VAIO Content Metadata XML Interface Library (Version: 3.1.00.03103 - Sony Corporation) Hidden
VAIO Control Center (HKLM\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 2.1.00.07110 - Sony Corporation)
VAIO Entertainment Center (HKLM\...\{E74F7423-77CB-4F6A-A44D-604E1010FE50}) (Version: 2.00.0711 - Sony)
VAIO Entertainment Platform (HKLM\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.0.00.06280 - Sony Corporation)
VAIO Event Service (HKLM\...\{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}) (Version: 3.2.00.07240 - Sony Corporation)
VAIO Floral Dusk Wallpaper (HKLM\...\{B59B3DA8-06F8-4B4C-AE94-5180753EF108}) (Version: 1.0.00.10100 - Sony Corporation)
VAIO Help And Support (HKLM\...\{7D716354-2C08-48DC-9AC5-957348048817}) (Version: 3.10.0724.FZVP - Sony Corporation)
VAIO Launcher (HKLM\...\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}) (Version: 1.0.00.07090 - Sony Corporation)
VAIO Media (Version: 6.0.10 - Sony Corporation) Hidden
VAIO Media 6.0 (HKLM\...\{560F6B2E-F0DF-44E5-8190-A4A161F0E205}) (Version: 6.0.10 - Sony Corporation)
VAIO Media AC3 Decoder 1.0 (HKLM\...\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}) (Version: - )
VAIO Media Content Collection 6.0 (HKLM\...\{500162A0-4DD5-460A-BAFD-895AAE48C532}) (Version: - Sony Corporation)
VAIO Media Integrated Server 6.1 (HKLM\...\{785EB1D4-ECEC-4195-99B4-73C47E187721}) (Version: - Sony Corporation)
VAIO Media Redistribution 6.0 (HKLM\...\{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}) (Version: 6.0.10 - Sony Corporation)
VAIO Media Registration Tool (Version: 6.0.10 - Sony Corporation) Hidden
VAIO Media Registration Tool 6.0 (HKLM\...\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}) (Version: 6.0.10 - Sony Corporation)
VAIO Movie Story (HKLM\...\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 1.3.02.09240 - Sony Corporation)
VAIO Movie Story (Version: 1.0.00.18280 - Sony Corporation) Hidden
VAIO Movie Story 1.3 Upgrade (Version: 1.3.02.09240 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM\...\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 1.3.00.06120 - Sony Corporation)
VAIO MusicBox (HKLM\...\{4EA55D20-27FB-45D7-8726-147E8A5F6C62}) (Version: 1.0.00.07090 - Sony Corporation)
VAIO MusicBox Sample Music (HKLM\...\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}) (Version: 1.0.00.07030 - Sony Corporation)
VAIO OOBE (HKLM\...\{1B500D37-E7CF-480B-8054-8A563594EC4E}) (Version: 3.00.0710 - Sony Corporation)
VAIO Original Function Settings (Version: 2.0.2.02240 - Sony Corporation) Hidden
VAIO Original Funktion Einstellungen (HKLM\...\{7C404084-C5A6-42FF-B731-0BAC79A6E134}) (Version: 2.0.2.02240 - Sony Corporation)
VAIO PC Wireless LAN Wizard (HKLM\...\{BCED773C-99EE-48DD-8915-25733F69F0A8}) (Version: 1.00.0716 - Sony)
VAIO Power Management (HKLM\...\{802889F8-6AF5-45A5-9764-CA5B999E50FC}) (Version: 2.2.00.06130 - Sony Corporation)
VAIO Productivity Center (HKLM\...\{BABC878D-BB64-4688-9A88-1D9E88F339A9}) (Version: 2.00.0702 - Sony)
VAIO Security Center (HKLM\...\{CFED0AE3-6D93-4745-B8A0-F3410B493CC4}) (Version: 5.00.0716 - Sony Corporation)
VAIO Service Utility (HKLM\...\VAIO Service Utility) (Version: 1.1.1.3 - Sony)
VAIO Survey (HKLM\...\{34B37A74-125E-4406-87BA-E4BD3D097AE5}) (Version: 5.00.7207 - Sony)
VAIO Teal Whisper Wallpaper (HKLM\...\{235915A8-1C0D-4920-95EA-FE8B773E5F57}) (Version: 1.0.00.10100 - Sony Corporation)
VAIO Update (HKLM\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.0.14270 - Sony Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
vShare.tv plugin 1.3 (HKLM\...\vShare.tv plugin) (Version: 1.3 - vShare.tv, Inc.) <==== ATTENTION
VU5x86 (Version: 1.1.0 - Sony Corporation ) Hidden
WD SmartWare (HKLM\...\{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}) (Version: 1.2.0.8 - Western Digital)
WIDCOMM Bluetooth Software 6.1.0.1203 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.1.0.1203 - Broadcom Corporation)
Winamp (HKLM\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live OneCare safety scanner (HKLM\...\Windows Live OneCare safety scanner) (Version: - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinDVD for VAIO (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B8.384 - InterVideo Inc.)
WinDVD for VAIO (Version: 8.0-B8.384 - InterVideo Inc.) Hidden
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Wireless Switch Setting Utility (HKLM\...\{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}) (Version: 3.6.00.18210 - Sony Corporation)
WISO Mein Geld 2012 Professional (HKLM\...\WISO Mein Geld 2012 Professional) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2012 Professional (Version: 14.0.1.18 - Buhl Data Service GmbH) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3626444559-52657498-4274862289-1002_Classes\CLSID\{16569F81-76A4-4339-8745-BE295A404D9B}\InprocServer32 -> C:\Users\Lexy\appdata\local\microsoft\Windows Sidebar\Gadgets\Video.Gadget\dll\AOLVideoGadgetHelper.dll (AOL)
CustomCLSID: HKU\S-1-5-21-3626444559-52657498-4274862289-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1207\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
==================== Restore Points =========================
18-05-2015 22:39:19 Windows Update
19-05-2015 13:38:35 Scheduled Checkpoint
19-05-2015 13:42:57 Windows Update
19-05-2015 13:55:31 Windows Update
19-05-2015 14:00:08 Windows Update
19-05-2015 16:41:48 Windows Update
19-05-2015 23:58:33 Windows Update
20-05-2015 12:27:00 Windows Update
20-05-2015 12:33:54 Windows Update
20-05-2015 12:38:32 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {00BB28EE-F330-4C8F-8DD9-51380D2DE6A6} - System32\Tasks\{DB02960D-3E88-4F50-80B9-90C6A3F5CF76} => Firefox.exe hxxp://www.skype.com/go/downloading?source=installer&ver=7.4.85.102&LastError=-9
Task: {1083DBE9-230A-41C1-88A2-D7AE163A2B86} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-02-28] (Sony Corporation)
Task: {13184BE2-ECFA-4607-B38F-4A677FEC7DCE} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3626444559-52657498-4274862289-1002 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {1E423AF4-5D61-47F1-9659-80E740800CC8} - System32\Tasks\{C926E061-3CD6-4605-AD6D-51FB41686C06} => pcalua.exe -a C:\Users\Lexy\AppData\Local\Temp\GLF6E1C\EP0000187620.exe -d C:\Users\Lexy\AppData\Local\Temp\GLF6E1C
Task: {1EF63912-26B9-45AB-9E78-51CE88ECAEDC} - System32\Tasks\{31D8B88E-6B28-4D94-B239-069674C107F0} => pcalua.exe -a "C:\Users\Lexy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7I81YI66\q816506.exe" -d C:\Users\Lexy\Desktop
Task: {2A3057D6-24E3-40C7-AC78-E518760A94BF} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2014-01-27] (Sony Corporation)
Task: {3AFDB2BD-46B7-46E8-8DEC-7DE5A066D708} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-15] (Adobe Systems Incorporated)
Task: {41867401-B848-4F45-BEB8-4C04E3BA9BDA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-08] (Google Inc.)
Task: {4EFE2AA6-63D6-432A-A4DB-5E3D0DD282A1} - System32\Tasks\SONY\WSSU\WSSU => C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe [2007-06-15] (Sony Corporation)
Task: {750513BF-A40A-4FBC-837A-DA8D3395CF32} - System32\Tasks\{FEA3844A-A767-403F-A228-E4BC401617BC} => pcalua.exe -a "C:\Program Files\LANCOM\Advanced VPN Client\UNINST.EXE" -d "C:\Program Files\LANCOM\Advanced VPN Client"
Task: {804E3411-009B-4043-9FEF-A6CFECB329B7} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-27] (Sony Corporation)
Task: {9D072985-EF80-4BCB-830F-889986F4C856} - System32\Tasks\{811984AA-D715-4EB8-B0D9-CCB0832052AF} => c:\program files\opera\launcher.exe [2015-04-17] (Opera Software)
Task: {A857E555-7A14-4F9C-8D7D-CC11FF1540D2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3626444559-52657498-4274862289-1002 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {AA3CEAC4-2784-470F-B81F-25A33017ACE8} - System32\Tasks\{6340DE61-6134-4A47-9B42-62C393E49845} => pcalua.exe -a C:\Users\Lexy\AppData\Local\Temp\GLF9F10\EP0000187620.exe -d C:\Users\Lexy\AppData\Local\Temp\GLF9F10
Task: {B3063F29-D8EF-4B30-BEF9-D771E53362A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-08] (Google Inc.)
Task: {C0173B12-1F46-480A-828D-AFF2AEECCE6E} - System32\Tasks\Opera scheduled Autoupdate 1398549131 => c:\program files\opera\launcher.exe [2015-04-17] (Opera Software)
Task: {C1382615-5CDB-4C44-812A-17A130B67A59} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DF1FEADD-BCF2-4E09-8EC2-27A855424BF5} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-03-20] (IObit)
Task: {F3D0EA79-FE36-48D0-8D34-84BBDCBD6099} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-27] (Google)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2007-08-02 04:51 - 2007-06-29 14:56 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-21 22:02 - 2014-02-28 13:02 - 00108032 _____ () C:\Program Files\LANCOM\Advanced VPN Client\ncpmif32.dll
2012-07-17 14:55 - 2002-06-28 10:16 - 00151552 _____ () C:\Program Files\LANCOM\Advanced VPN Client\ncpcfg.dll
2012-07-17 14:55 - 2013-11-11 15:02 - 00199168 _____ () C:\Program Files\LANCOM\Advanced VPN Client\ncpdlg.dll
2012-07-17 14:55 - 2002-09-04 15:27 - 00102400 _____ () C:\Program Files\LANCOM\Advanced VPN Client\ncpcry.dll
2012-07-17 14:55 - 2011-10-12 15:43 - 00148992 _____ () C:\Program Files\LANCOM\Advanced VPN Client\ncpbudget2008.dll
2014-04-21 22:02 - 2011-04-21 07:11 - 00119808 _____ () C:\Program Files\LANCOM\Advanced VPN Client\NCPSEC.EXE
2014-04-21 22:02 - 2014-02-18 12:51 - 01817088 _____ () C:\Program Files\LANCOM\Advanced VPN Client\ncpgacc.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2007-04-15 21:44 - 2007-04-15 21:44 - 00898560 _____ () C:\Program Files\Duden\Duden Korrektor\libxml2.dll
2007-04-15 21:44 - 2007-04-15 21:44 - 00073728 _____ () C:\Program Files\Duden\Duden Korrektor\zlib1.dll
2015-05-14 07:48 - 2015-04-17 10:01 - 01958008 _____ () c:\program files\opera\29.0.1795.47\opera_autoupdate.exe
2015-04-30 00:15 - 2015-04-30 00:15 - 00057856 _____ () C:\Program Files\Adobe\Reader 10.0\Reader\Locale\de_de\brdlang32.DEU
2011-02-14 23:57 - 2015-05-17 18:21 - 09498624 _____ () C:\Users\Lexy\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu
2011-02-14 23:59 - 2015-05-17 18:24 - 01180160 _____ () C:\Users\Lexy\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_PPKLite.DEU
2011-02-14 23:59 - 2015-05-17 18:24 - 01319424 _____ () C:\Users\Lexy\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_AcroForm.DEU
2011-02-14 23:59 - 2015-05-17 18:24 - 00100352 _____ () C:\Users\Lexy\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_EScript.DEU
2011-02-14 23:59 - 2015-05-17 18:22 - 03066880 _____ () C:\Users\Lexy\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Annots.DEU
2011-02-14 23:59 - 2015-05-17 18:24 - 00316416 _____ () C:\Users\Lexy\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_DigSig.DEU
2011-02-18 23:15 - 2015-05-17 20:54 - 00045568 _____ () C:\Users\Lexy\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_weblink.DEU
2012-07-27 22:51 - 2012-07-27 22:51 - 06549432 _____ () C:\Program Files\Adobe\Reader 10.0\Reader\authplay.dll
2015-04-30 00:15 - 2015-04-30 00:15 - 00305544 _____ () C:\Program Files\Adobe\Reader 10.0\Reader\sqlite.dll
2011-02-14 23:59 - 2015-05-17 18:25 - 00014336 _____ () C:\Users\Lexy\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Updater.DEU
2008-03-03 22:39 - 2007-09-20 19:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2015-05-20 15:53 - 2014-06-26 07:44 - 00358144 _____ () C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\100sexlinks.com -> 100sexlinks.com
There are 4791 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\img24.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Application Updater => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DfSdkS => 3
MSCONFIG\Services: FsUsbExService => 2
MSCONFIG\Services: gusvc => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: IMFservice => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: IviRegMgr => 2
MSCONFIG\Services: MSCSPTISRV => 3
MSCONFIG\Services: PDF Architect Helper Service => 2
MSCONFIG\Services: PDF Architect Service => 2
MSCONFIG\Services: SamsungAllShareV2.0 => 2
MSCONFIG\Services: serviceIEConfig => 2
MSCONFIG\Services: SimpleSlideShowServer => 3
MSCONFIG\Services: SPTISRV => 3
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: uCamMonitor => 2
MSCONFIG\Services: vToolbarUpdater15.3.0 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^t@x aktuell.lnk => C:\Windows\pss\t@x aktuell.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Advanced SystemCare 6 =>
MSCONFIG\startupreg: AllShareAgent =>
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service =>
MSCONFIG\startupreg: AutoStartNPSAgent => c:\program files\samsung\samsung new pc studio\npsagent.exe
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: Google Updater => "c:\program files\google\google updater\googleupdater.exe" -check_deprecation
MSCONFIG\startupreg: iTunesHelper => c:\program files\itunes\ituneshelper.exe
MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => khalmnpr.exe
MSCONFIG\startupreg: LifeCam => "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: NcpBudgetGui => "c:\program files\lancom\advanced vpn client\ncpbudgetgui.exe" -start
MSCONFIG\startupreg: NcpPopup => "C:\Program Files\LANCOM\Advanced VPN Client\ncppopup.exe" noerrmsg
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SearchSettings => "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: Skype => "c:\program files\skype\phone\skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TomTomHOME.exe =>
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: Windows Mobile-based device management => %windir%\WindowsMobile\wmdSync.exe
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\Lexy\AppData\Roaming\Yontoo\YontooDesktop.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{78E22DB7-B77B-4EC8-A7CD-2F34595FF90D}] => (Allow) C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe
FirewallRules: [{1B8CD137-BEAB-461F-9DF7-D29C96EFBBA4}] => (Allow) C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe
FirewallRules: [{49679896-5EA7-448F-A3CB-1CF1C5D5937A}] => (Allow) C:\Program Files\Sony\VAIO Media 6.0\Vc.exe
FirewallRules: [{FD6549A7-3B54-45E7-8485-87538CC01817}] => (Allow) C:\Program Files\Sony\VAIO Media 6.0\Vc.exe
FirewallRules: [{C598880B-323C-4582-A0D5-37BF730714F9}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{75339F18-4CF7-4E48-A9C9-E243273EB18C}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{0C75F875-80F6-47FD-B73D-E8F101853FC5}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{D8420B1C-4C69-476F-808D-41BF87E497CD}C:\program files\sopcast\sopcast.exe] => (Block) C:\program files\sopcast\sopcast.exe
FirewallRules: [UDP Query User{B58D82AB-5689-4D8B-B86A-4DCD8F237CD1}C:\program files\sopcast\sopcast.exe] => (Block) C:\program files\sopcast\sopcast.exe
FirewallRules: [TCP Query User{8ED12532-C267-416A-98F4-161B28A004E9}C:\program files\sopcast\adv\sopadver.exe] => (Block) C:\program files\sopcast\adv\sopadver.exe
FirewallRules: [UDP Query User{E0666EA3-E127-4089-A4B6-F3F67CB27086}C:\program files\sopcast\adv\sopadver.exe] => (Block) C:\program files\sopcast\adv\sopadver.exe
FirewallRules: [TCP Query User{17BBCC43-953A-40BB-AB6E-AAC2666E6877}C:\program files\sopcast\adv\sopadver.exe] => (Allow) C:\program files\sopcast\adv\sopadver.exe
FirewallRules: [UDP Query User{E44440C6-02FE-4003-B98F-66CE88E402EE}C:\program files\sopcast\adv\sopadver.exe] => (Allow) C:\program files\sopcast\adv\sopadver.exe
FirewallRules: [TCP Query User{4A2C1C82-6AC7-4090-B226-19E775DB8331}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
FirewallRules: [UDP Query User{FFCBC131-396A-4A12-8110-C2DB6DD8BFD4}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
FirewallRules: [{316B6993-98A7-49DC-A7A5-7511274368D6}] => (Allow) C:\Program Files\PPLive\PPLive.exe
FirewallRules: [{15D08214-15C6-411C-81CF-2E18E8DA7F47}] => (Allow) C:\Program Files\PPLive\PPLive.exe
FirewallRules: [TCP Query User{4527B42F-E487-4AA0-A7AE-117CBB0C272D}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{EFEA7E9B-4F87-401B-9AF1-8C6CD0ABC163}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{6513C40B-9BB1-4069-8246-A7B1B80DBF7B}C:\program files\surfmusik 3.1\surfmusik.exe] => (Allow) C:\program files\surfmusik 3.1\surfmusik.exe
FirewallRules: [UDP Query User{4672F9F9-1FA3-4C17-9CC6-F0977DD086D7}C:\program files\surfmusik 3.1\surfmusik.exe] => (Allow) C:\program files\surfmusik 3.1\surfmusik.exe
FirewallRules: [TCP Query User{FE4296B5-1FBF-4EAF-9400-6F50D267F1E9}C:\program files\zattoo\zattood.exe] => (Allow) C:\program files\zattoo\zattood.exe
FirewallRules: [UDP Query User{707F14F2-05AC-4F1D-9596-8DBA3F59A11C}C:\program files\zattoo\zattood.exe] => (Allow) C:\program files\zattoo\zattood.exe
FirewallRules: [TCP Query User{75A2F8B7-206C-40AA-971E-6CB10D2898DB}C:\program files\zattoo\zattoo.exe] => (Allow) C:\program files\zattoo\zattoo.exe
FirewallRules: [UDP Query User{C1264FB3-5303-4F90-AB1D-75BB37B47FBA}C:\program files\zattoo\zattoo.exe] => (Allow) C:\program files\zattoo\zattoo.exe
FirewallRules: [TCP Query User{052C97EE-670F-4899-81BA-9BFFD2FBB866}C:\program files\tvuplayer\tvuplayer.exe] => (Allow) C:\program files\tvuplayer\tvuplayer.exe
FirewallRules: [UDP Query User{CF0B7CE9-B954-42C8-B834-A2BA3CF406C7}C:\program files\tvuplayer\tvuplayer.exe] => (Allow) C:\program files\tvuplayer\tvuplayer.exe
FirewallRules: [TCP Query User{4F6E18A8-F82A-4534-9A53-58F6494017B6}C:\program files\real\realplayer\realplay.exe] => (Block) C:\program files\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{9CFF79C9-DF75-4936-B437-359127255740}C:\program files\real\realplayer\realplay.exe] => (Block) C:\program files\real\realplayer\realplay.exe
FirewallRules: [TCP Query User{5E8FBB86-6DC7-492F-A04A-844CB89365C0}C:\program files\nokia\nokia software updater\nsu_ui_client.exe] => (Allow) C:\program files\nokia\nokia software updater\nsu_ui_client.exe
FirewallRules: [UDP Query User{06CA3D3C-517B-418C-9E30-972AE849406E}C:\program files\nokia\nokia software updater\nsu_ui_client.exe] => (Allow) C:\program files\nokia\nokia software updater\nsu_ui_client.exe
FirewallRules: [TCP Query User{29FB5CDB-6B4D-4952-AF56-E9576C4B4738}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe] => (Allow) C:\program files\common files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [UDP Query User{BA3E48D0-F422-467C-9516-C95D0B81B38A}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe] => (Allow) C:\program files\common files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [TCP Query User{947ACEFE-56DC-4AB4-AB88-C738AEA2FBB1}C:\program files\simplecenter\home media server.exe] => (Allow) C:\program files\simplecenter\home media server.exe
FirewallRules: [UDP Query User{99EC694A-E76E-40DB-98CF-BEACE3F090EA}C:\program files\simplecenter\home media server.exe] => (Allow) C:\program files\simplecenter\home media server.exe
FirewallRules: [TCP Query User{BD13C577-8FBB-42B3-92ED-C83C200A03C5}C:\program files\uusee\uuseeplayer.exe] => (Allow) C:\program files\uusee\uuseeplayer.exe
FirewallRules: [UDP Query User{6368CC49-B230-4C5A-8F82-B812F4D33003}C:\program files\uusee\uuseeplayer.exe] => (Allow) C:\program files\uusee\uuseeplayer.exe
FirewallRules: [TCP Query User{0EF2971B-D528-4F9D-8F16-496B90C4CC5B}C:\program files\tvuplayer\tvuplayer.exe] => (Block) C:\program files\tvuplayer\tvuplayer.exe
FirewallRules: [UDP Query User{03C2BF4A-261D-46E4-94F4-D9B7873E0011}C:\program files\tvuplayer\tvuplayer.exe] => (Block) C:\program files\tvuplayer\tvuplayer.exe
FirewallRules: [TCP Query User{78564D83-5790-4DBB-9D01-8A07C532AB75}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{1D8F1BC8-FD3A-4592-A92D-94AD56B2FCE9}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{9CFB5ABB-FBC4-42BE-8239-038D8EECB1C5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{8B3B33CE-B8BC-41D7-AF1B-DFA60AD3B971}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{24CABB4B-93D0-4C44-A463-8900EBE5EDD1}C:\program files\surfmusik 3.1\surfmusik.exe] => (Allow) C:\program files\surfmusik 3.1\surfmusik.exe
FirewallRules: [UDP Query User{F4ED6E71-8A33-4359-9C8F-0C9B87ADEF6B}C:\program files\surfmusik 3.1\surfmusik.exe] => (Allow) C:\program files\surfmusik 3.1\surfmusik.exe
FirewallRules: [TCP Query User{088DAB27-BC1D-41D3-9D3A-E18FAE52F782}C:\program files\pplive\pplive.exe] => (Allow) C:\program files\pplive\pplive.exe
FirewallRules: [UDP Query User{8CB6BE55-97C9-4934-9E9F-5F6BE7CFF2E6}C:\program files\pplive\pplive.exe] => (Allow) C:\program files\pplive\pplive.exe
FirewallRules: [{A5A3AB99-EDA7-4674-8366-748883443D34}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{780BE9A6-F38D-4B7C-BAF1-F4D0EFC8FCEA}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{5A9F5D9B-3B12-4786-A7B2-27F6D9DD29D2}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{308AD548-AA6C-4DF5-A90C-436B6E60FAF8}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [TCP Query User{3C6FB0BA-87CE-433E-87BF-027D1741C07B}C:\program files\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{1A18033D-874F-4D7D-825E-465E148B754E}C:\program files\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files\google\google earth\plugin\geplugin.exe
FirewallRules: [{E753399B-0EB6-4E25-BB97-438C1E372876}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{A2668EDD-3310-46A2-95F7-6C94838F2AB5}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{FB2AF1DE-3FE1-400D-B6B7-DC0E919545E7}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{51F0B638-3A0F-4808-B3A2-25793FC9B270}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{F3CFC278-8F5F-4890-A32F-2495364EACD6}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{7A4696BC-0C66-4C61-A67F-B6129CF476AF}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{56D1FA41-4BCB-4B01-AF88-BCB4D4C809F1}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{D65F81F8-CA42-4061-B0E5-625DD0F5BBED}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{9F4645F3-5E13-4006-845C-1A87FA149E83}] => (Allow) LPort=80
FirewallRules: [{BC32EABE-D1BE-43EA-923B-60A0B398D914}] => (Allow) LPort=80
FirewallRules: [{5CB28410-B94A-469D-974D-6F05D2FFC43B}] => (Allow) LPort=80
FirewallRules: [TCP Query User{C1451A6F-7E74-40BD-A324-BA95533198C5}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{BC333930-A9AF-49D0-A83E-2C2742ECFF0D}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [{9F4BACB4-31F5-4BDD-AB40-E061783A63F3}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{023467E8-0BE5-493D-951F-0A16E7051871}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{BEAC78F8-C134-4503-9252-B01C97131481}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{BFFEF07C-CCC5-428D-AD79-11D65B0705DF}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{BF833142-F10C-4382-8F9F-6468D3CB1EC9}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{209F9465-39F1-4052-B15A-2759127B2FF7}C:\program files\jivexdvlight\jre\bin\javaw.exe] => (Allow) C:\program files\jivexdvlight\jre\bin\javaw.exe
FirewallRules: [UDP Query User{C11AB735-3BE2-4B32-80F8-D1573EAD4BEE}C:\program files\jivexdvlight\jre\bin\javaw.exe] => (Allow) C:\program files\jivexdvlight\jre\bin\javaw.exe
FirewallRules: [TCP Query User{8B6AB8B4-2DD2-4A23-812E-90075C822B0B}C:\program files\lancom\advanced vpn client\ncpmon.exe] => (Allow) C:\program files\lancom\advanced vpn client\ncpmon.exe
FirewallRules: [UDP Query User{E783ECEB-C97F-4E59-9224-4325520ACC87}C:\program files\lancom\advanced vpn client\ncpmon.exe] => (Allow) C:\program files\lancom\advanced vpn client\ncpmon.exe
FirewallRules: [TCP Query User{EE642530-844E-4700-AFD2-5F9CD6138942}C:\program files\lancom\advanced vpn client\ncpmon.exe] => (Allow) C:\program files\lancom\advanced vpn client\ncpmon.exe
FirewallRules: [UDP Query User{84443EAE-9CFF-4187-8ED0-28F3C4932916}C:\program files\lancom\advanced vpn client\ncpmon.exe] => (Allow) C:\program files\lancom\advanced vpn client\ncpmon.exe
FirewallRules: [{8DF8D55D-6B19-4635-925B-20BD592ED8AB}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{D497B358-AEA8-4F9D-A1F1-43E755633DC6}C:\program files\itunes\itunes.exe] => (Block) C:\program files\itunes\itunes.exe
FirewallRules: [{A35272B5-48D0-41DC-9894-B7FFC62AC937}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{1526B63F-04F3-4844-A008-2D5906E181C0}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{23BEB9F9-B2C2-42D5-88B2-ADF1AE7EA835}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{C27D7843-EE0C-415F-A5C9-F74870BFC3AA}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{958DE50F-8FB0-4C3E-A1E1-98C027654282}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2389A4C2-7698-4DDE-AA40-E60D568740F1}] => (Allow) LPort=2869
FirewallRules: [{93E9F9FE-1463-4036-833F-B0CC95280471}] => (Allow) LPort=1900
FirewallRules: [{15279C77-74B9-4698-988B-DB0505D25755}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5106BB96-8F63-4A42-812A-DA53647C1540}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{DD9B30AD-D54A-4052-B884-831923B6B53D}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{7A81F545-EF43-4F8F-9509-CA2DAF1C51A2}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{BA80BEE1-CBFF-4AC8-88EA-DAFC800C6746}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{25A500DF-23D8-4850-9BDD-196B3F63225F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8B9E5812-CD6E-49C3-BF05-077CBA30F93C}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{9A25D5D8-E2BB-48E4-8935-000D41146CE3}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [TCP Query User{F5F3C801-FC7B-4422-A690-1000E33BEC35}C:\program files\wolterskluwer\gug\server\apache\bin\lexpro_uan_nv_1802.exe] => (Allow) C:\program files\wolterskluwer\gug\server\apache\bin\lexpro_uan_nv_1802.exe
FirewallRules: [UDP Query User{3B8D5BDD-2261-4379-A719-E659959D1625}C:\program files\wolterskluwer\gug\server\apache\bin\lexpro_uan_nv_1802.exe] => (Allow) C:\program files\wolterskluwer\gug\server\apache\bin\lexpro_uan_nv_1802.exe
FirewallRules: [{F5B755D7-55CD-41F7-90A6-96EF6B5F5E9B}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe
FirewallRules: [{4238D6AA-03AB-43CB-8456-8CEE60CA706E}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe
FirewallRules: [{A3C6D047-0852-4BDF-82AA-FF0699459619}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{9EB85B0C-96E1-4E8E-B03B-CBE7356E9E05}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{F902673F-689A-4576-9ECB-885FADA7EC37}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe
FirewallRules: [{554E9F2F-A3ED-41A9-8E74-55DC7D9E827A}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe
FirewallRules: [{AAA61FCC-BEFB-47E5-BD15-343E68EFA096}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{42485109-5CF5-4DD0-8321-080B68CE2948}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\uusee\UUSeePlayer.exe] => Enabled:UUPlayer
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/20/2015 04:26:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
Error: (05/20/2015 04:26:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
Error: (05/20/2015 04:26:29 PM) (Source: ESENT) (EventID: 474) (User: )
Description: wuaueng.dll (1320) SUS20ClientDataStore: The database page read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 35278848 (0x00000000021a5000) (database page wuaueng.dll0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The expected checksum was 344660851405807555 (0x04c87b37e006dfc3) and the actual checksum was 349727323683544980 (0x04da7b25e067df94). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (05/20/2015 04:25:53 PM) (Source: ESENT) (EventID: 474) (User: )
Description: wuaueng.dll (1320) SUS20ClientDataStore: The database page read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 35278848 (0x00000000021a5000) (database page wuaueng.dll0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The expected checksum was 344660851405807555 (0x04c87b37e006dfc3) and the actual checksum was 349727323683544980 (0x04da7b25e067df94). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (05/20/2015 04:25:47 PM) (Source: ESENT) (EventID: 474) (User: )
Description: wuaueng.dll (1320) SUS20ClientDataStore: The database page read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 35278848 (0x00000000021a5000) (database page wuaueng.dll0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The expected checksum was 344660851405807555 (0x04c87b37e006dfc3) and the actual checksum was 349727323683544980 (0x04da7b25e067df94). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (05/20/2015 04:23:10 PM) (Source: ESENT) (EventID: 474) (User: )
Description: wuaueng.dll (1320) SUS20ClientDataStore: The database page read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 35278848 (0x00000000021a5000) (database page wuaueng.dll0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The expected checksum was 344660851405807555 (0x04c87b37e006dfc3) and the actual checksum was 349727323683544980 (0x04da7b25e067df94). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (05/20/2015 04:22:31 PM) (Source: ESENT) (EventID: 474) (User: )
Description: wuaueng.dll (1320) SUS20ClientDataStore: The database page read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 35278848 (0x00000000021a5000) (database page wuaueng.dll0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The expected checksum was 344660851405807555 (0x04c87b37e006dfc3) and the actual checksum was 349727323683544980 (0x04da7b25e067df94). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (05/20/2015 04:22:26 PM) (Source: ESENT) (EventID: 474) (User: )
Description: wuaueng.dll (1320) SUS20ClientDataStore: The database page read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 35278848 (0x00000000021a5000) (database page wuaueng.dll0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The expected checksum was 344660851405807555 (0x04c87b37e006dfc3) and the actual checksum was 349727323683544980 (0x04da7b25e067df94). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (05/20/2015 04:19:36 PM) (Source: ESENT) (EventID: 474) (User: )
Description: wuaueng.dll (1320) SUS20ClientDataStore: The database page read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 35278848 (0x00000000021a5000) (database page wuaueng.dll0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The expected checksum was 344660851405807555 (0x04c87b37e006dfc3) and the actual checksum was 349727323683544980 (0x04da7b25e067df94). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (05/20/2015 04:19:08 PM) (Source: ESENT) (EventID: 474) (User: )
Description: wuaueng.dll (1320) SUS20ClientDataStore: The database page read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 35278848 (0x00000000021a5000) (database page wuaueng.dll0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The expected checksum was 344660851405807555 (0x04c87b37e006dfc3) and the actual checksum was 349727323683544980 (0x04da7b25e067df94). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
System errors:
=============
Error: (05/20/2015 01:06:18 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: %NT AUTHORITY59
Update Stage: 4.4.0304.00
Source Path: 4.4.0304.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (05/20/2015 01:06:18 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: %NT AUTHORITY59
Update Stage: 4.4.0304.00
Source Path: 4.4.0304.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (05/20/2015 00:55:04 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: %NT AUTHORITY51
Update Stage: 4.4.0304.00
Source Path: 4.4.0304.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (05/20/2015 00:55:04 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: %NT AUTHORITY51
Update Stage: 4.4.0304.00
Source Path: 4.4.0304.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (05/20/2015 00:54:58 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: %NT AUTHORITY51
Update Stage: 4.4.0304.00
Source Path: 4.4.0304.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (05/20/2015 00:54:58 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: %NT AUTHORITY51
Update Stage: 4.4.0304.00
Source Path: 4.4.0304.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (05/20/2015 00:54:58 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: %NT AUTHORITY51
Update Stage: 4.4.0304.00
Source Path: 4.4.0304.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (05/20/2015 00:49:45 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: %NT AUTHORITY59
Update Stage: 4.4.0304.00
Source Path: 4.4.0304.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (05/20/2015 00:49:45 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: %NT AUTHORITY59
Update Stage: 4.4.0304.00
Source Path: 4.4.0304.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (05/20/2015 00:46:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Microsoft Security Essentials - 4.8.204.0 (KB3063822){1FA705FA-4023-4445-B2CA-A9B19F8A4C22}200
Microsoft Office Sessions:
=========================
Error: (01/05/2013 10:34:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 28971 seconds with 120 seconds of active time. This session ended with a crash.
Error: (08/15/2012 06:18:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 48 seconds with 0 seconds of active time. This session ended with a crash.
Error: (06/02/2008 10:07:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 114 seconds with 0 seconds of active time. This session ended with a crash.
Error: (12/15/2007 08:42:20 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 22 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2015-05-20 19:14:56.194
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-05-20 19:14:55.436
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-05-20 19:14:54.663
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-05-20 19:14:53.852
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-05-20 19:14:52.918
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-05-20 19:14:52.074
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-05-20 19:14:51.283
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-05-20 19:14:50.480
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-05-14 07:31:20.309
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG2014\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-05-14 07:31:19.553
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG2014\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz
Percentage of memory in use: 76%
Total physical RAM: 2549.69 MB
Available physical RAM: 590.39 MB
Total Pagefile: 5320.18 MB
Available Pagefile: 2516.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.49 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:141.61 GB) (Free:25.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 3DE4A73D)
Partition 1: (Not Active) - (Size=7.4 GB) - (Type=27)
Partition 2: (Active) - (Size=141.6 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-20 21:35:13
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.DL03 149,05GB
Running: Gmer-19357.exe; Driver: C:\Users\Lexy\AppData\Local\Temp\kxldapob.sys
---- System - GMER 2.1 ----
SSDT 90D4754E ZwCreateSection
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x927E46E0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x927E4800]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x927E4010]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0x927E44D0]
SSDT 90D47558 ZwRequestWaitReplyPort
SSDT 90D47553 ZwSetContextThread
SSDT 90D4755D ZwSetSecurityObject
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x927E4300]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x927E43E0]
SSDT 90D47562 ZwSystemDebugControl
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x927E4120]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x927E4210]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x927E45E0]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 215 836C67D8 4 Bytes [4E, 75, D4, 90] {DEC ESI; JNZ 0xffffffd7; NOP }
.text ntkrnlpa.exe!KeSetEvent + 3BD 836C6980 8 Bytes [E0, 46, 7E, 92, 00, 48, 7E, ...] {LOOPNZ 0x48; JLE 0xffffff96; ADD [EAX+0x7e], CL; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 3F1 836C69B4 4 Bytes [10, 40, 7E, 92] {ADC [EAX+0x7e], AL; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 40D 836C69D0 4 Bytes [D0, 44, 7E, 92] {ROL BYTE [ESI+EDI*2-0x6e], 0x1}
.text ntkrnlpa.exe!KeSetEvent + 539 836C6AFC 4 Bytes [58, 75, D4, 90] {POP EAX; JNZ 0xffffffd7; NOP }
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[2716] kernel32.dll!SetUnhandledExceptionFilter 7534A9BD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[6300] kernel32.dll!SetUnhandledExceptionFilter 7534A9BD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys
---- EOF - GMER 2.1 ----
|
|
20.05.2015, 22:01
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows Vista - InstallMonetizer.AQ MSIL/BrowseFox.J Toolbar.Widgi.N Systweak.A Hi und
__________________ Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Gib mir bitte Bescheid wenn das erledigt ist oder Probleme aufreten sollten.
__________________ |
|
20.05.2015, 22:47
| #4 |
| | Windows Vista - InstallMonetizer.AQ MSIL/BrowseFox.J Toolbar.Widgi.N Systweak.A Hallo Cosinus habe jetzt alle genannten Programme gelöscht. Ich hoffe, dass jetzt erst einmal alle Probleme weg sind. Brauchst du noch etwas von mir? Welches kostenlosen Schutzprogamm würdest du denn empfehlen? Vielen Dank und Viele Grüße Alexbk |
|
21.05.2015, 10:43
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Vista - InstallMonetizer.AQ MSIL/BrowseFox.J Toolbar.Widgi.N Systweak.A Adware/Junkware/Toolbars entfernen 1. Schritt: Malwarebytes Downloade Dir bitte  Malwarebytes Anti-Malware
(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!) 2. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
3. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
4. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.05.2015, 23:50
| #6 |
| | Windows Vista - InstallMonetizer.AQ MSIL/BrowseFox.J Toolbar.Widgi.N Systweak.A Hallo cosinus, wie empfohlen habe ich deine Ratschläge umgesetzt. Hier wie gewünscht die logs. Wie soll ich weiter vorgehe??? Code:
ATTFilter # AdwCleaner v4.205 - Logfile created 22/05/2015 at 00:09:16
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Local]
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Username : Lexy - LEXY-PC
# Running from : C:\Users\Lexy\Downloads\AdwCleaner_4.205.exe
# Option : Cleaning
***** [ Services ] *****
[#] Service Deleted : Application Updater
[#] Service Deleted : Yontoo Desktop Updater
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Uniblue
Folder Deleted : C:\Program Files\ATDheNetTVApp.com
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Uniblue
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\Program Files\Common Files\Spigot
Folder Deleted : C:\Users\Lexy\AppData\Local\iLivid
Folder Deleted : C:\Users\Lexy\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Lexy\AppData\Local\PackageAware
Folder Deleted : C:\Users\Lexy\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Lexy\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Lexy\AppData\Roaming\DSite
Folder Deleted : C:\Users\Lexy\AppData\Roaming\Funmoods
Folder Deleted : C:\Users\Lexy\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Lexy\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Lexy\AppData\Roaming\Uniblue
Folder Deleted : C:\Users\Lexy\AppData\Roaming\Yontoo
Folder Deleted : C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\plugin@yontoo.com
Folder Deleted : C:\Users\Lexy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgnhgbflngpggpmpfdkhmhmfdophhepe
Folder Deleted : C:\Users\Lexy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd
File Deleted : C:\END
File Deleted : C:\Users\Lexy\AppData\Roaming\AVSDVDPlayer.m3u
File Deleted : C:\Program Files\Mozilla Firefox\components\AskSearch.js
File Deleted : C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\invalidprefs.js
File Deleted : C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\user.js
File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js
File Deleted : C:\Users\Lexy\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.softonic.de_0.localstorage
File Deleted : C:\Users\Lexy\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.softonic.de_0.localstorage-journal
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
Key Deleted : HKCU\Software\9e8fd8bd38ed13
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{539F31C0-3B74-40B9-A47D-9655DDEBB7EC}
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\qtrax
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\vShare.tv
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\IObit Apps
Key Deleted : HKCU\Software\AppDataLow\Software\YTKaraoke
Key Deleted : HKCU\Software\AppDataLow\Software\IObit Apps
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : HKLM\SOFTWARE\eRightSoft\OpenCandy
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\IObit Apps
Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
Key Deleted : HKU\.DEFAULT\Software\vShare.tv
Key Deleted : HKU\.DEFAULT\Software\IObit Apps
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\loadtbs-3.0
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vShare.tv plugin
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchgol.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*.local
***** [ Web browsers ] *****
-\\ Internet Explorer v9.0.8112.16644
-\\ Mozilla Firefox v38.0.1 (x86 de)
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.aflt", "nv2");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.appId", "{EA28B360-05E0-4F93-8150-02891F1D8D3C}");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.cntry", "DE");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.cv", "cv5");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.dfltlng", "en");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.dfltsrch", true);
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.dnsErr", true);
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.excTlbr", false);
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.hdrMd5", "A3E32C601D918AEDC10978A82B56D232");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.hmpg", true);
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=nv2&cd=2XzuyEtN2Y1L1QzutDtBtDtD0ByEzzyDzztA0F0CzyyEtC0BtN0D0Tzu0CyEyCyDtN1L2XzutBtFtBtFtCtFyDyByBtN1L1Czu1G2XtB&cr=1258449019[...]
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.hrdid", "0200B48583FC941B");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.id", "0200B48583FC941B");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.instlday", "15804");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.instlref", "");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", "false");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.keywordurl", "");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.monitorreport", true);
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.newtab", "false");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://searchfunmoods.com/?f=2&a=nv2&cd=2XzuyEtN2Y1L1QzutDtBtDtD0ByEzzyDzztA0F0CzyyEtC0BtN0D0Tzu0CyEyCyDtN1L2XzutBtFtBtFtCtFyDyByBtN1L1Czu1G2XtB&cr=12584490[...]
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.pnu_base", "{\"newVrsn\":\"252\",\"lastVrsn\":\"252\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.savedVrsnTs", "1");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.sg", "none");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.smplgrp", "free");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.srch", "");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.srchprvdr", "Funmoods");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.tlbrid", "base");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://searchfunmoods.com/?f=3&a=nv2&cd=2XzuyEtN2Y1L1QzutDtBtDtD0ByEzzyDzztA0F0CzyyEtC0BtN0D0Tzu0CyEyCyDtN1L2XzutBtFtBtFtCtFyDyByBtN1L1Czu1G2XtB&cr=125844[...]
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.vrsn", "1.8.11.0");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.vrsni", "1.8.11.0");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.vrsnts", "");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.xpestat\\xpereportdata", "9-3-2013");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.hmpg", true);
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.newTab", false);
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.8.11.021:31:7");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extentions.y2layers.installId", "3d326580-6768-4b9e-a190-63ce44f8ee32");
-\\ Google Chrome v
-\\ Opera v29.0.1795.60
*************************
AdwCleaner[R0].txt - [14111 bytes] - [22/05/2015 00:05:13]
AdwCleaner[S0].txt - [14730 bytes] - [22/05/2015 00:09:16]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14790 bytes] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 21.05.2015 Suchlauf-Zeit: 23:04:09 Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.05.21.03 Rootkit Datenbank: v2015.05.16.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: Lexy Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 390043 Verstrichene Zeit: 51 Min, 43 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.6 (05.21.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Lexy on 22.05.2015 at 0:38:16,11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Users\Lexy\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Lexy\appdata\local\{6C36B345-85D2-439C-B66E-260A225967C5}
Successfully deleted: [Empty Folder] C:\Users\Lexy\appdata\local\{E185B054-FF46-4788-A670-7C7072AEEE8F}
~~~ FireFox
Successfully deleted the following from C:\Users\Lexy\AppData\Roaming\mozilla\firefox\profiles\xft0vk8n.default-1363947649468\prefs.js
user_pref(extensions.delta.admin, false);
user_pref(extensions.delta.aflt, babsst);
user_pref(extensions.delta.appId, {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3});
user_pref(extensions.delta.autoRvrt, false);
user_pref(extensions.delta.bbDpng, 26);
user_pref(extensions.delta.cntry, DE);
user_pref(extensions.delta.dfltLng, de);
user_pref(extensions.delta.excTlbr, false);
user_pref(extensions.delta.ffxUnstlRst, true);
user_pref(extensions.delta.hdrMd5, 6B3B346821B9C75694BFB3B4A352212D);
user_pref(extensions.delta.id, b8a1941b0000000000000200b48583fc);
user_pref(extensions.delta.instlDay, 15973);
user_pref(extensions.delta.instlRef, sst);
user_pref(extensions.delta.lastVrsnTs, 1.8.24.615:03:24);
user_pref(extensions.delta.newTab, false);
user_pref(extensions.delta.prdct, delta);
user_pref(extensions.delta.prtnrId, delta);
user_pref(extensions.delta.rvrt, false);
user_pref(extensions.delta.sg, er);
user_pref(extensions.delta.smplGrp, none);
user_pref(extensions.delta.tlbrId, base);
user_pref(extensions.delta.tlbrSrchUrl, );
user_pref(extensions.delta.vrsn, 1.8.24.6);
user_pref(extensions.delta.vrsnTs, 1.8.24.615:03:24);
user_pref(extensions.delta.vrsni, 1.8.24.6);
user_pref(extensions.delta_i.babExt, );
user_pref(extensions.delta_i.babTrack, affID=119357&tt=240913_246&tsp=5016);
user_pref(extensions.delta_i.srcExt, ss);
Emptied folder: C:\Users\Lexy\AppData\Roaming\mozilla\firefox\profiles\xft0vk8n.default-1363947649468\minidumps [190 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.05.2015 at 0:42:04,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-05-2015
Ran by Lexy (administrator) on LEXY-PC on 22-05-2015 00:44:57
Running from C:\Users\Lexy\Desktop
Loaded Profiles: Lexy (Available profiles: Lexy)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
() C:\Program Files\LANCOM\Advanced VPN Client\NCPSEC.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Memeo) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NcpBudgetGui] => C:\Program Files\LANCOM\Advanced VPN Client\NcpBudgetGui.exe [999424 2013-11-13] (NCP engineering GmbH)
HKLM-x32\...\Run: [NcpPopup] => C:\Program Files\LANCOM\Advanced VPN Client\ncppopup.exe [1011280 2012-03-20] (NCP engineering GmbH)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-04-02] (RealNetworks, Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\VESWinlogon: C:\Windows\SYSTEM32\VESWinlogon.dll [2007-07-25] (Sony Corporation)
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {11b66750-b5e2-11de-9df8-001bfb57dcd1} - explorer .\Start.htm
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {39296a35-1998-11e1-b200-001e101f1838} - F:\AutoRun.exe
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {858936fd-2a7a-11e1-9f04-001a804a3ef4} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {8bdb5a25-1eb6-11dd-a0f9-001bfb57dcd1} - G:\InstallTomTomHOME.exe
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {90147ad3-cb2b-11e0-a807-001a804a3ef4} - F:\AutoRun.exe
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {90147b0c-cb2b-11e0-a807-001e101f82a0} - F:\AutoRun.exe
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {f83f8188-d23d-11e0-9eab-001e101f4da1} - F:\AutoRun.exe
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> none
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => "C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe"
HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-03-23]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {539F31C0-3B74-40B9-A47D-9655DDEBB7EC} URL =
SearchScopes: HKU\.DEFAULT -> {76D942BC-59C4-4034-B456-48CE494193B8} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {0E8310AC-7BDC-4C45-8159-319CC44B4E9A} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {539F31C0-3B74-40B9-A47D-9655DDEBB7EC} URL =
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {559EBC72-CCE9-42AE-8E31-119F867AC22D} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {5AFA46B7-57B8-4318-BC64-44C5A7F12DDE} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {76D942BC-59C4-4034-B456-48CE494193B8} URL = https://www.google.com/search?q={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-21] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-21] (Oracle Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://navigram.com/engine/v1140/Navigram.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-07-12] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-02-18] (DivX, LLC)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-02-18] (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @innoplus.de/ino3DViewer -> C:\Program Files\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll [2008-11-26] (INNOVA-engineering GmbH Dresden)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files\Virtual Earth 3D\ [2010-04-26] ()
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-09-27] (Google)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-04-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2009-04-15] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-04-02] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3626444559-52657498-4274862289-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Lexy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-11-13] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2008-06-02] (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-04-02] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-04-02] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012-06-20] (Nullsoft, Inc.)
FF Extension: Bitdefender QuickScan - C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2015-05-20]
FF Extension: Ghostery - C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\firefox@ghostery.com.xpi [2015-05-15]
FF Extension: NoScript - C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-12-15]
FF Extension: Adblock Plus - C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-22]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-16]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-16]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord [2009-04-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-25]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-02]
Chrome:
=======
CHR Profile: C:\Users\Lexy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Lexy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-05-27]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2011-12-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2011-12-15] (Avira Operations GmbH & Co. KG)
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2009-07-20] (Logitech, Inc.)
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S2 ncpclcfg; C:\Program Files\LANCOM\Advanced VPN Client\ncpclcfg.exe [150800 2013-10-28] (NCP engineering GmbH)
S2 ncprwsnt; C:\Program Files\LANCOM\Advanced VPN Client\ncprwsnt.exe [1400584 2014-02-28] (NCP Engineering GmbH)
R2 NcpSec; C:\Program Files\LANCOM\Advanced VPN Client\NCPSEC.EXE [119808 2011-04-21] () [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [File not signed]
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S4 serviceIEConfig; C:\Windows\System32\ieconfig_1und1_svc.exe [662416 2009-04-15] (mquadr.at softwareengineering und consulting gmbh)
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S4 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [File not signed]
S2 STacSV; C:\Windows\system32\stacsv.exe [94208 2007-06-12] (SigmaTel, Inc.)
S4 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [104960 2007-11-09] (ArcSoft, Inc.)
S4 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2007-06-28] (Sony Corporation) [File not signed]
S4 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182392 2007-07-25] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2523136 2007-06-21] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-IntegratedServer-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-06-21] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-06-21] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-Mobile-Gateway; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [499712 2007-06-21] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-11] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-UCLS-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-06-21] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-06-21] (Sony Corporation) [File not signed]
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [333088 2008-03-03] (Sony Corporation)
S3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2007-06-28] (Sony Corporation) [File not signed]
S3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1228336 2014-02-28] (Sony Corporation)
S2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [188416 2007-06-28] (Sony Corporation) [File not signed]
S2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [184320 2007-06-28] (Sony Corporation) [File not signed]
S2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2009-11-13] (WDC) [File not signed]
R2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [74640 2011-12-15] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137416 2012-02-15] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-12-15] (Avira GmbH)
R1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [9072 2008-07-04] (Sonic Solutions)
R1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [9200 2008-07-04] (Sonic Solutions)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
S3 GigasetGenericUSB; C:\Windows\System32\DRIVERS\GigasetGenericUSB.sys [44032 2012-10-08] (Siemens Home and Office Communication Devices GmbH & Co. KG) [File not signed]
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
S3 ncpfilt; C:\Windows\System32\DRIVERS\ncplelhp.sys [87888 2014-02-28] (NCP Engineering GmbH)
R3 ncplelhp; C:\Windows\System32\DRIVERS\ncplelhp.sys [87888 2014-02-28] (NCP Engineering GmbH)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
S3 SonyImgF; C:\Windows\System32\DRIVERS\SonyImgF.sys [31104 2007-04-05] (Sony Corporation) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2010-02-25] () [File not signed]
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-06-12] (SigmaTel, Inc.)
R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2007-06-05] (Texas Instruments)
S3 w800bus; C:\Windows\System32\DRIVERS\w800bus.sys [60768 2005-06-13] (MCCI)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 ivusb; system32\DRIVERS\ivusb.sys [X]
S3 nmwcdnsu; system32\drivers\nmwcdnsu.sys [X]
S3 nmwcdnsuc; system32\drivers\nmwcdnsuc.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
U5 usbser; C:\Windows\System32\Drivers\usbser.sys [27648 2009-04-11] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-22 00:44 - 2015-05-22 00:44 - 00000000 ____D () C:\Users\Lexy\Desktop\FRST-OlderVersion
2015-05-22 00:42 - 2015-05-22 00:42 - 00002586 _____ () C:\Users\Lexy\Desktop\JRT.txt
2015-05-22 00:39 - 2015-05-22 00:39 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LEXY-PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2015-05-22 00:38 - 2015-05-22 00:38 - 00000000 ____D () C:\RegBackup
2015-05-22 00:36 - 2015-05-22 00:37 - 02720009 _____ (Thisisu) C:\Users\Lexy\Desktop\JRT.exe
2015-05-22 00:30 - 2015-05-22 00:30 - 00014871 _____ () C:\Users\Lexy\Desktop\AdwCleaner[S0].txt
2015-05-22 00:05 - 2015-05-22 00:23 - 00000000 ____D () C:\AdwCleaner
2015-05-22 00:00 - 2015-05-22 00:01 - 00001212 _____ () C:\Users\Lexy\Desktop\mbam.txt
2015-05-21 23:07 - 2015-05-21 23:07 - 02222592 _____ () C:\Users\Lexy\Downloads\AdwCleaner_4.205.exe
2015-05-21 22:57 - 2015-05-22 00:29 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-21 22:56 - 2015-05-21 22:56 - 00000915 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-21 22:56 - 2015-05-21 22:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-21 22:56 - 2015-05-21 22:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-05-21 22:56 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-21 22:56 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-21 22:56 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-21 22:37 - 2015-05-21 22:37 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Lexy\Downloads\mbam-setup-2.1.6.1022(2).exe
2015-05-21 22:20 - 2015-05-21 22:21 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Lexy\Downloads\mbam-setup-2.1.6.1022(1).exe
2015-05-21 22:14 - 2015-05-21 22:15 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Lexy\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-21 11:49 - 2015-05-21 11:49 - 00000000 ____D () C:\Program Files\ESET
2015-05-21 11:48 - 2015-05-21 11:48 - 02347384 _____ (ESET) C:\Users\Lexy\Downloads\esetsmartinstaller_deu.exe
2015-05-21 11:35 - 2015-05-21 11:35 - 00001880 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-05-21 11:35 - 2015-05-21 11:35 - 00000000 ___RD () C:\Program Files\Skype
2015-05-21 11:35 - 2015-05-21 11:35 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-05-21 11:24 - 2015-05-21 11:19 - 00096352 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-05-21 11:23 - 2015-05-21 11:23 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-05-21 10:31 - 2015-05-21 10:33 - 13662720 _____ (Sony Corporation ) C:\Users\Lexy\Downloads\VEC5_0_01_14040(2).exe
2015-05-21 10:27 - 2015-05-21 10:28 - 08343552 _____ () C:\Users\Lexy\Downloads\vec4_2.exe
2015-05-21 10:24 - 2015-05-21 10:25 - 13662720 _____ (Sony Corporation ) C:\Users\Lexy\Downloads\VEC5_0_01_14040(1).exe
2015-05-21 10:23 - 2015-05-21 10:24 - 13662720 _____ (Sony Corporation ) C:\Users\Lexy\Downloads\VEC5_0_01_14040.exe
2015-05-21 07:28 - 2015-05-21 07:28 - 00000978 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2015-05-20 23:09 - 2015-05-20 23:09 - 00001075 _____ () C:\Users\Lexy\Desktop\Revo Uninstaller.lnk
2015-05-20 23:09 - 2015-05-20 23:09 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-05-20 23:08 - 2015-05-20 23:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Lexy\Downloads\revosetup95.exe
2015-05-20 21:35 - 2015-05-20 21:35 - 00004664 _____ () C:\Users\Lexy\Desktop\Gmer.log
2015-05-20 20:43 - 2015-05-20 20:43 - 00000803 _____ () C:\Users\Lexy\Desktop\ESET online scanner.txt
2015-05-20 20:04 - 2015-05-20 20:04 - 00380416 _____ () C:\Users\Lexy\Desktop\Gmer-19357.exe
2015-05-20 19:16 - 2015-05-20 19:19 - 00075764 _____ () C:\Users\Lexy\Desktop\Addition.txt
2015-05-20 19:12 - 2015-05-22 00:44 - 00026282 _____ () C:\Users\Lexy\Desktop\FRST.txt
2015-05-20 19:11 - 2015-05-22 00:45 - 00000000 ____D () C:\FRST
2015-05-20 19:07 - 2015-05-20 19:08 - 00000470 _____ () C:\Users\Lexy\Desktop\defogger_disable.log
2015-05-20 19:07 - 2015-05-20 19:07 - 00000000 _____ () C:\Users\Lexy\defogger_reenable
2015-05-20 19:04 - 2015-05-20 19:04 - 00050477 _____ () C:\Users\Lexy\Desktop\Defogger.exe
2015-05-20 18:59 - 2015-05-22 00:44 - 01147392 _____ (Farbar) C:\Users\Lexy\Desktop\FRST.exe
2015-05-20 15:51 - 2015-05-20 15:51 - 02347384 _____ (ESET) C:\Users\Lexy\Downloads\esetsmartinstaller_enu.exe
2015-05-20 12:44 - 2015-05-21 10:33 - 00001842 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-20 12:43 - 2015-05-21 10:31 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-18 20:43 - 2015-05-18 20:43 - 01046430 _____ () C:\Users\Lexy\Downloads\STANDING.pdf.part
2015-05-18 00:21 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-05-18 00:21 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-05-18 00:21 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-05-18 00:21 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-05-18 00:21 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-18 00:21 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-05-18 00:21 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-18 00:21 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-18 00:21 - 2015-04-19 22:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-18 00:21 - 2015-04-19 06:59 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-17 23:27 - 2015-05-17 23:27 - 00000852 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-17 23:24 - 2015-05-17 23:25 - 00243656 _____ () C:\Users\Lexy\Downloads\Firefox Setup Stub 38.0.1(1).exe
2015-05-17 23:24 - 2015-05-17 23:24 - 00243656 _____ () C:\Users\Lexy\Downloads\Firefox Setup Stub 38.0.1.exe
2015-05-17 19:52 - 2015-04-10 17:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-17 19:52 - 2015-04-10 17:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-17 19:52 - 2015-04-10 17:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-17 19:52 - 2015-04-10 17:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-17 19:52 - 2015-04-10 17:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-17 19:52 - 2015-04-10 17:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-17 19:52 - 2015-04-10 17:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-17 19:52 - 2015-04-10 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-17 19:52 - 2015-04-10 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-17 19:52 - 2015-04-10 17:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-17 19:52 - 2015-04-10 17:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-17 19:52 - 2015-04-10 17:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-17 19:52 - 2015-04-10 17:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-17 19:52 - 2015-04-10 17:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-17 19:51 - 2015-04-10 17:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-17 19:07 - 2015-01-29 03:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-05-17 19:06 - 2015-01-29 03:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-05-17 19:04 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-05-17 19:04 - 2014-08-27 02:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-05-17 19:02 - 2014-06-16 00:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-05-17 19:02 - 2014-06-13 20:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-05-17 19:02 - 2014-06-13 20:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-05-17 19:00 - 2014-12-19 02:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-05-17 19:00 - 2014-10-10 03:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-05-17 19:00 - 2014-10-10 03:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-17 19:00 - 2014-10-10 01:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-17 18:58 - 2014-11-04 02:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-05-17 18:56 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-17 18:56 - 2015-03-05 04:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-17 18:56 - 2015-01-15 06:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-17 18:56 - 2014-10-10 03:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-17 18:47 - 2014-10-24 03:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-17 18:46 - 2015-03-05 04:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-05-17 18:46 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-17 18:45 - 2015-03-14 04:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-17 18:45 - 2015-03-13 03:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-05-17 18:45 - 2015-03-13 03:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-17 18:45 - 2015-01-09 04:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-17 18:45 - 2015-01-09 02:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-17 18:45 - 2014-10-24 03:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-05-17 18:31 - 2014-11-26 04:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-05-17 18:30 - 2015-02-20 04:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-05-17 18:30 - 2015-02-20 02:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-05-17 18:26 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-17 18:19 - 2015-05-17 18:21 - 00000000 ____D () C:\Users\Lexy\AppData\Local\PDFCreator
2015-05-17 18:18 - 2015-01-21 04:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-05-17 18:17 - 2014-08-12 04:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-05-17 18:11 - 2015-05-17 18:11 - 00000832 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2015-05-17 18:11 - 2015-05-17 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-05-17 18:10 - 2014-10-13 03:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-05-16 10:28 - 2014-12-06 05:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-05-16 10:28 - 2014-10-03 03:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-05-16 10:28 - 2014-10-03 03:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-05-16 10:28 - 2014-10-03 03:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-05-16 10:28 - 2014-10-03 03:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-05-16 10:27 - 2015-02-18 04:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-05-16 10:27 - 2014-12-06 05:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-05-16 10:27 - 2014-12-06 05:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-05-16 10:24 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-16 10:19 - 2014-09-05 01:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2015-05-16 10:15 - 2014-12-08 03:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-05-16 10:14 - 2014-12-06 05:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-05-15 18:05 - 2015-05-15 18:07 - 00000000 ____D () C:\Users\Lexy\Desktop\STICK
2015-05-14 07:29 - 2015-05-14 07:29 - 00000000 ____D () C:\Users\Lexy\AppData\Local\Avg
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-22 00:43 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-22 00:43 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-22 00:39 - 2014-02-22 18:47 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-22 00:37 - 2012-03-02 22:04 - 01132409 _____ () C:\Windows\WindowsUpdate.log
2015-05-22 00:29 - 2012-01-26 23:16 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-05-22 00:27 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-22 00:25 - 2014-04-09 23:33 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-22 00:25 - 2014-04-07 21:35 - 00000000 ____D () C:\Program Files\Opera
2015-05-22 00:25 - 2013-12-29 11:59 - 00513720 _____ () C:\Windows\PFRO.log
2015-05-22 00:24 - 2007-08-02 04:03 - 00003204 _____ () C:\Windows\bthservsdp.dat
2015-05-22 00:24 - 2006-11-02 15:01 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-21 23:57 - 2014-01-11 23:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-21 22:18 - 2013-07-22 21:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-21 14:05 - 2013-12-15 11:33 - 00000820 _____ () C:\Windows\Tasks\Google Software Updater.job
2015-05-21 11:35 - 2014-02-19 01:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-21 11:35 - 2007-12-04 00:38 - 00000000 ____D () C:\ProgramData\Skype
2015-05-21 11:30 - 2013-09-21 09:51 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-21 11:17 - 2007-08-02 04:48 - 00000000 ____D () C:\Program Files\Java
2015-05-21 10:56 - 2007-12-04 00:42 - 00000000 ____D () C:\Users\Lexy\AppData\Roaming\Skype
2015-05-21 10:51 - 2009-02-01 22:21 - 00000000 ____D () C:\Update
2015-05-21 10:46 - 2014-03-20 21:18 - 00000000 ____D () C:\ProgramData\ProductData
2015-05-21 10:42 - 2011-05-22 11:30 - 00000000 ____D () C:\Program Files\IObit
2015-05-21 10:33 - 2011-01-26 23:43 - 00002155 _____ () C:\Windows\epplauncher.mif
2015-05-21 10:20 - 2014-04-14 23:31 - 00000000 _____ () C:\Windows\Model.log
2015-05-21 10:20 - 2009-02-01 22:27 - 00000023 _____ () C:\Windows\Model.txt
2015-05-21 07:28 - 2007-08-02 04:42 - 00000000 ____D () C:\ProgramData\Sony Corporation
2015-05-21 07:28 - 2007-08-02 04:40 - 00000000 ____D () C:\Program Files\Sony
2015-05-21 00:03 - 2008-01-04 21:51 - 00000000 ____D () C:\Program Files\Buhl finance
2015-05-21 00:03 - 2007-08-02 04:27 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-05-20 23:54 - 2012-12-21 00:21 - 00000000 ____D () C:\ProgramData\Gigaset QuickSync
2015-05-20 23:50 - 2012-04-04 07:06 - 00000000 ____D () C:\Users\Lexy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi
2015-05-20 23:45 - 2009-12-12 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Picture Utility
2015-05-20 19:07 - 2007-11-24 16:31 - 00000000 ____D () C:\Users\Lexy
2015-05-20 15:45 - 2014-01-27 23:15 - 00000000 ____D () C:\Users\Lexy\AppData\Roaming\QuickScan
2015-05-19 23:02 - 2012-07-17 20:24 - 00001752 ____H () C:\Users\Lexy\Documents\Default.rdp
2015-05-18 21:32 - 2014-02-22 18:47 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-18 21:18 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-18 20:10 - 2013-07-16 10:40 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-18 16:25 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2015-05-18 16:14 - 2006-11-02 12:33 - 00006798 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-18 16:06 - 2006-11-02 14:47 - 00442120 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-18 16:03 - 2014-02-16 21:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-18 16:03 - 2013-03-21 23:53 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-18 00:23 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2015-05-18 00:23 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-17 23:27 - 2011-03-26 17:44 - 00000864 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-17 19:06 - 2007-10-10 05:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-17 18:12 - 2012-10-14 20:20 - 00000000 ____D () C:\Program Files\PDFCreator
2015-05-17 17:57 - 2011-06-16 19:53 - 00002455 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-16 10:21 - 2010-06-07 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-16 10:20 - 2008-06-01 14:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-15 18:57 - 2012-05-17 08:07 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-15 18:57 - 2011-08-02 18:24 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-30 10:07 - 2006-11-02 12:24 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
==================== Files in the root of some directories =======
2007-03-12 18:59 - 2007-03-12 18:59 - 0299008 _____ () C:\Program Files\navigram_register.exe
2011-08-02 18:27 - 2011-07-14 10:31 - 1456640 _____ () C:\Program Files\Common Files\Falk Navi-Manager.msi
2012-07-11 22:12 - 2012-07-11 22:15 - 0002415 _____ () C:\Users\Lexy\AppData\Roaming\hamster_installer_log.txt
2008-10-04 13:13 - 2011-06-12 21:19 - 0027657 _____ () C:\Users\Lexy\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2008-12-29 20:38 - 2011-04-11 22:20 - 0009521 _____ () C:\Users\Lexy\AppData\Roaming\mdbu.bin
2009-10-04 12:02 - 2009-10-04 12:02 - 0000760 _____ () C:\Users\Lexy\AppData\Roaming\setup_ldm.iss
2014-06-19 08:11 - 2014-06-19 08:11 - 0000024 _____ () C:\Users\Lexy\AppData\Roaming\temp.ini
2012-01-26 23:34 - 2012-01-26 23:34 - 0020289 _____ () C:\Users\Lexy\AppData\Roaming\UserTile.png
2007-11-25 02:26 - 2007-12-05 21:36 - 0000572 _____ () C:\Users\Lexy\AppData\Roaming\wklnhst.dat
2010-11-20 22:11 - 2012-06-11 01:14 - 0001188 _____ () C:\Users\Lexy\AppData\Local\crc32list11.txt
2007-12-04 00:39 - 2007-12-04 00:39 - 0000552 _____ () C:\Users\Lexy\AppData\Local\d3d8caps.dat
2008-02-22 20:02 - 2012-03-02 23:32 - 0001356 _____ () C:\Users\Lexy\AppData\Local\d3d9caps.dat
2007-11-24 16:39 - 2014-02-08 11:33 - 0154624 _____ () C:\Users\Lexy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-11 22:15 - 2012-07-11 22:15 - 0000393 _____ () C:\Users\Lexy\AppData\Local\HamsterVideoConverterSettings.cfg
2009-03-10 22:38 - 2009-04-15 09:29 - 0000089 _____ () C:\Users\Lexy\AppData\Local\qeymg.bat
2009-04-07 17:08 - 2009-04-10 08:44 - 0313413 _____ () C:\Users\Lexy\AppData\Local\ywwamqw_nav.dat
2014-01-27 23:49 - 2014-01-27 23:49 - 0764668 _____ () C:\ProgramData\1390858327.bdinstall.bin
2014-03-22 21:47 - 2014-03-22 21:47 - 0092109 _____ () C:\ProgramData\1395517664.bdinstall.bin
2014-03-22 21:50 - 2014-03-22 21:50 - 0250923 _____ () C:\ProgramData\1395517667.bdinstall.bin
2007-12-05 21:11 - 2007-12-05 21:11 - 0000032 _____ () C:\ProgramData\ezsid.dat
2008-06-01 14:36 - 2008-06-01 14:36 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-11-01 14:35 - 2011-05-20 18:00 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt
2007-10-10 05:18 - 2007-10-10 05:19 - 1132112 _____ () C:\ProgramData\pswi_preloaded.exe
Files to move or delete:
====================
C:\ProgramData\ezsid.dat
C:\ProgramData\pswi_preloaded.exe
Some files in TEMP:
====================
C:\Users\Lexy\AppData\Local\Temp\DivXSetup.exe
C:\Users\Lexy\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Lexy\AppData\Local\Temp\GLF20FD.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF3105.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF3A3F.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF4AE.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF5263.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF5EED.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF6219.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF6756.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF6802.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF6FA0.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF7A24.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF878C.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF8801.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF936A.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF9BC8.EXE
C:\Users\Lexy\AppData\Local\Temp\GLFA9D3.EXE
C:\Users\Lexy\AppData\Local\Temp\GLFD436.EXE
C:\Users\Lexy\AppData\Local\Temp\GLFE24B.EXE
C:\Users\Lexy\AppData\Local\Temp\GLFE8BE.EXE
C:\Users\Lexy\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Lexy\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Lexy\AppData\Local\Temp\lowproc.exe
C:\Users\Lexy\AppData\Local\Temp\promote-upx.exe
C:\Users\Lexy\AppData\Local\Temp\Quarantine.exe
C:\Users\Lexy\AppData\Local\Temp\SHSetup.exe
C:\Users\Lexy\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Lexy\AppData\Local\Temp\sqlite3.dll
C:\Users\Lexy\AppData\Local\Temp\stubhelper.dll
C:\Users\Lexy\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Lexy\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Lexy\AppData\Local\Temp\_is6F6D.exe
C:\Users\Lexy\AppData\Local\Temp\_is98DD.exe
C:\Users\Lexy\AppData\Local\Temp\_isA466.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-22 00:32
==================== End of log ============================
|
|
22.05.2015, 10:01
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Vista - InstallMonetizer.AQ MSIL/BrowseFox.J Toolbar.Widgi.N Systweak.A Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken. 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.05.2015, 11:26
| #8 |
| | Windows Vista - InstallMonetizer.AQ MSIL/BrowseFox.J Toolbar.Widgi.N Systweak.A frst Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-05-2015 Ran by Lexy (administrator) on LEXY-PC on 22-05-2015 11:08:35 Running from C:\Users\Lexy\Desktop Loaded Profiles: Lexy (Available profiles: Lexy) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Sony Corporation) C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (NCP engineering GmbH) C:\Program Files\LANCOM\Advanced VPN Client\NcpBudgetGui.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe (NCP engineering GmbH) C:\Program Files\LANCOM\Advanced VPN Client\ncpclcfg.exe (NCP Engineering GmbH) C:\Program Files\LANCOM\Advanced VPN Client\ncprwsnt.exe () C:\Program Files\LANCOM\Advanced VPN Client\NCPSEC.EXE () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (Secunia) C:\Program Files\Secunia\PSI\psia.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (SigmaTel, Inc.) C:\Windows\System32\stacsv.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (Memeo) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Secunia) C:\Program Files\Secunia\PSI\sua.exe (RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE (Expert System S.p.A.) C:\Program Files\Duden\Duden Korrektor\DKCore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [NcpBudgetGui] => C:\Program Files\LANCOM\Advanced VPN Client\NcpBudgetGui.exe [999424 2013-11-13] (NCP engineering GmbH) HKLM-x32\...\Run: [NcpPopup] => C:\Program Files\LANCOM\Advanced VPN Client\ncppopup.exe [1011280 2012-03-20] (NCP engineering GmbH) HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters). HKLM-x32\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-04-02] (RealNetworks, Inc.) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKLM-x32\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) Winlogon\Notify\VESWinlogon: C:\Windows\SYSTEM32\VESWinlogon.dll [2007-07-25] (Sony Corporation) HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {11b66750-b5e2-11de-9df8-001bfb57dcd1} - explorer .\Start.htm HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {39296a35-1998-11e1-b200-001e101f1838} - F:\AutoRun.exe HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {858936fd-2a7a-11e1-9f04-001a804a3ef4} - F:\LaunchU3.exe -a HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {8bdb5a25-1eb6-11dd-a0f9-001bfb57dcd1} - G:\InstallTomTomHOME.exe HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {90147ad3-cb2b-11e0-a807-001a804a3ef4} - F:\AutoRun.exe HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {90147b0c-cb2b-11e0-a807-001e101f82a0} - F:\AutoRun.exe HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {f83f8188-d23d-11e0-9eab-001e101f4da1} - F:\AutoRun.exe HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> none HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => "C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe" HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-03-23] ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {539F31C0-3B74-40B9-A47D-9655DDEBB7EC} URL = SearchScopes: HKU\.DEFAULT -> {76D942BC-59C4-4034-B456-48CE494193B8} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {0E8310AC-7BDC-4C45-8159-319CC44B4E9A} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {539F31C0-3B74-40B9-A47D-9655DDEBB7EC} URL = SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {559EBC72-CCE9-42AE-8E31-119F867AC22D} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {5AFA46B7-57B8-4318-BC64-44C5A7F12DDE} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {76D942BC-59C4-4034-B456-48CE494193B8} URL = https://www.google.com/search?q={searchTerms} BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-21] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-21] (Oracle Corporation) Toolbar: HKU\.DEFAULT -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://navigram.com/engine/v1140/Navigram.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-07-12] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468 FF Homepage: hxxp://www.google.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-15] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] () FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-02-18] (DivX, LLC) FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-02-18] (DivX, LLC) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @innoplus.de/ino3DViewer -> C:\Program Files\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll [2008-11-26] (INNOVA-engineering GmbH Dresden) FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-21] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files\Virtual Earth 3D\ [2010-04-26] () FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-09-27] (Google) FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-04-02] (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2009-04-15] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-04-02] (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3626444559-52657498-4274862289-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Lexy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-11-13] (Citrix Online) FF Extension: Bitdefender QuickScan - C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2015-05-20] FF Extension: Ghostery - C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\firefox@ghostery.com.xpi [2015-05-15] FF Extension: NoScript - C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-12-15] FF Extension: Adblock Plus - C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-22] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord [2009-04-15] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-25] FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-02] Chrome: ======= CHR Profile: C:\Users\Lexy\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Lexy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-05-27] CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [Not Found] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2011-12-15] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2011-12-15] (Avira Operations GmbH & Co. KG) S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2009-07-20] (Logitech, Inc.) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S4 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [File not signed] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation) R2 ncpclcfg; C:\Program Files\LANCOM\Advanced VPN Client\ncpclcfg.exe [150800 2013-10-28] (NCP engineering GmbH) R2 ncprwsnt; C:\Program Files\LANCOM\Advanced VPN Client\ncprwsnt.exe [1400584 2014-02-28] (NCP Engineering GmbH) R2 NcpSec; C:\Program Files\LANCOM\Advanced VPN Client\NCPSEC.EXE [119808 2011-04-21] () [File not signed] S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation) S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [File not signed] R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) S4 serviceIEConfig; C:\Windows\System32\ieconfig_1und1_svc.exe [662416 2009-04-15] (mquadr.at softwareengineering und consulting gmbh) R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.) S4 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [File not signed] R2 STacSV; C:\Windows\system32\stacsv.exe [94208 2007-06-12] (SigmaTel, Inc.) S4 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [104960 2007-11-09] (ArcSoft, Inc.) S4 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2007-06-28] (Sony Corporation) [File not signed] S4 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182392 2007-07-25] (Sony Corporation) S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2523136 2007-06-21] (Sony Corporation) [File not signed] S3 VAIOMediaPlatform-IntegratedServer-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-06-21] (Sony Corporation) [File not signed] S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-06-21] (Sony Corporation) [File not signed] S3 VAIOMediaPlatform-Mobile-Gateway; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [499712 2007-06-21] (Sony Corporation) [File not signed] S3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-11] (Sony Corporation) [File not signed] S3 VAIOMediaPlatform-UCLS-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-06-21] (Sony Corporation) [File not signed] S3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-06-21] (Sony Corporation) [File not signed] S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [333088 2008-03-03] (Sony Corporation) R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2007-06-28] (Sony Corporation) [File not signed] R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1228336 2014-02-28] (Sony Corporation) R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [188416 2007-06-28] (Sony Corporation) [File not signed] R2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [184320 2007-06-28] (Sony Corporation) [File not signed] R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2009-11-13] (WDC) [File not signed] R2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed] S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [74640 2011-12-15] (Avira GmbH) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137416 2012-02-15] (Avira GmbH) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-12-15] (Avira GmbH) R1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [9072 2008-07-04] (Sonic Solutions) R1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [9200 2008-07-04] (Sonic Solutions) S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed] S3 GigasetGenericUSB; C:\Windows\System32\DRIVERS\GigasetGenericUSB.sys [44032 2012-10-08] (Siemens Home and Office Communication Devices GmbH & Co. KG) [File not signed] R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.) R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.) S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-22] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation) S3 ncpfilt; C:\Windows\System32\DRIVERS\ncplelhp.sys [87888 2014-02-28] (NCP Engineering GmbH) R3 ncplelhp; C:\Windows\System32\DRIVERS\ncplelhp.sys [87888 2014-02-28] (NCP Engineering GmbH) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia) S3 SonyImgF; C:\Windows\System32\DRIVERS\SonyImgF.sys [31104 2007-04-05] (Sony Corporation) [File not signed] R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH) R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2010-02-25] () [File not signed] R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-06-12] (SigmaTel, Inc.) R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2007-06-05] (Texas Instruments) S3 w800bus; C:\Windows\System32\DRIVERS\w800bus.sys [60768 2005-06-13] (MCCI) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 ivusb; system32\DRIVERS\ivusb.sys [X] S3 nmwcdnsu; system32\drivers\nmwcdnsu.sys [X] S3 nmwcdnsuc; system32\drivers\nmwcdnsuc.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X] S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X] S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X] S3 USBAAPL; System32\Drivers\usbaapl.sys [X] U5 usbser; C:\Windows\System32\Drivers\usbser.sys [27648 2009-04-11] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-22 10:31 - 2015-05-22 10:31 - 00000864 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-05-22 10:31 - 2015-05-22 10:31 - 00000852 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-05-22 10:31 - 2015-05-22 10:31 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-05-22 10:14 - 2015-05-22 10:14 - 00243656 _____ () C:\Users\Lexy\Downloads\Firefox Setup Stub 38.0.1 (1).exe 2015-05-22 00:44 - 2015-05-22 00:44 - 00000000 ____D () C:\Users\Lexy\Desktop\FRST-OlderVersion 2015-05-22 00:42 - 2015-05-22 00:42 - 00002586 _____ () C:\Users\Lexy\Desktop\JRT.txt 2015-05-22 00:39 - 2015-05-22 00:39 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LEXY-PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat 2015-05-22 00:38 - 2015-05-22 00:38 - 00000000 ____D () C:\RegBackup 2015-05-22 00:36 - 2015-05-22 00:37 - 02720009 _____ (Thisisu) C:\Users\Lexy\Desktop\JRT.exe 2015-05-22 00:30 - 2015-05-22 00:30 - 00014871 _____ () C:\Users\Lexy\Desktop\AdwCleaner[S0].txt 2015-05-22 00:05 - 2015-05-22 00:23 - 00000000 ____D () C:\AdwCleaner 2015-05-22 00:00 - 2015-05-22 00:01 - 00001212 _____ () C:\Users\Lexy\Desktop\mbam.txt 2015-05-21 23:07 - 2015-05-21 23:07 - 02222592 _____ () C:\Users\Lexy\Downloads\AdwCleaner_4.205.exe 2015-05-21 22:57 - 2015-05-22 10:19 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-21 22:56 - 2015-05-21 22:56 - 00000915 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-05-21 22:56 - 2015-05-21 22:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-05-21 22:56 - 2015-05-21 22:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-05-21 22:56 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-05-21 22:56 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-05-21 22:56 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-05-21 22:37 - 2015-05-21 22:37 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Lexy\Downloads\mbam-setup-2.1.6.1022(2).exe 2015-05-21 22:20 - 2015-05-21 22:21 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Lexy\Downloads\mbam-setup-2.1.6.1022(1).exe 2015-05-21 22:14 - 2015-05-21 22:15 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Lexy\Downloads\mbam-setup-2.1.6.1022.exe 2015-05-21 11:49 - 2015-05-21 11:49 - 00000000 ____D () C:\Program Files\ESET 2015-05-21 11:48 - 2015-05-21 11:48 - 02347384 _____ (ESET) C:\Users\Lexy\Downloads\esetsmartinstaller_deu.exe 2015-05-21 11:35 - 2015-05-21 11:35 - 00001880 _____ () C:\Users\Public\Desktop\Skype.lnk 2015-05-21 11:35 - 2015-05-21 11:35 - 00000000 ___RD () C:\Program Files\Skype 2015-05-21 11:35 - 2015-05-21 11:35 - 00000000 ____D () C:\Program Files\Common Files\Skype 2015-05-21 11:24 - 2015-05-21 11:19 - 00096352 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2015-05-21 11:23 - 2015-05-21 11:23 - 00000000 ____D () C:\Program Files\Common Files\Java 2015-05-21 10:31 - 2015-05-21 10:33 - 13662720 _____ (Sony Corporation ) C:\Users\Lexy\Downloads\VEC5_0_01_14040(2).exe 2015-05-21 10:27 - 2015-05-21 10:28 - 08343552 _____ () C:\Users\Lexy\Downloads\vec4_2.exe 2015-05-21 10:24 - 2015-05-21 10:25 - 13662720 _____ (Sony Corporation ) C:\Users\Lexy\Downloads\VEC5_0_01_14040(1).exe 2015-05-21 10:23 - 2015-05-21 10:24 - 13662720 _____ (Sony Corporation ) C:\Users\Lexy\Downloads\VEC5_0_01_14040.exe 2015-05-21 07:28 - 2015-05-21 07:28 - 00000978 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk 2015-05-20 23:09 - 2015-05-20 23:09 - 00001075 _____ () C:\Users\Lexy\Desktop\Revo Uninstaller.lnk 2015-05-20 23:09 - 2015-05-20 23:09 - 00000000 ____D () C:\Program Files\VS Revo Group 2015-05-20 23:08 - 2015-05-20 23:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Lexy\Downloads\revosetup95.exe 2015-05-20 21:35 - 2015-05-20 21:35 - 00004664 _____ () C:\Users\Lexy\Desktop\Gmer.log 2015-05-20 20:43 - 2015-05-20 20:43 - 00000803 _____ () C:\Users\Lexy\Desktop\ESET online scanner.txt 2015-05-20 20:04 - 2015-05-20 20:04 - 00380416 _____ () C:\Users\Lexy\Desktop\Gmer-19357.exe 2015-05-20 19:16 - 2015-05-20 19:19 - 00075764 _____ () C:\Users\Lexy\Desktop\Addition.txt 2015-05-20 19:12 - 2015-05-22 11:08 - 00027160 _____ () C:\Users\Lexy\Desktop\FRST.txt 2015-05-20 19:11 - 2015-05-22 11:08 - 00000000 ____D () C:\FRST 2015-05-20 19:07 - 2015-05-20 19:08 - 00000470 _____ () C:\Users\Lexy\Desktop\defogger_disable.log 2015-05-20 19:07 - 2015-05-20 19:07 - 00000000 _____ () C:\Users\Lexy\defogger_reenable 2015-05-20 19:04 - 2015-05-20 19:04 - 00050477 _____ () C:\Users\Lexy\Desktop\Defogger.exe 2015-05-20 18:59 - 2015-05-22 00:44 - 01147392 _____ (Farbar) C:\Users\Lexy\Desktop\FRST.exe 2015-05-20 15:51 - 2015-05-20 15:51 - 02347384 _____ (ESET) C:\Users\Lexy\Downloads\esetsmartinstaller_enu.exe 2015-05-20 12:44 - 2015-05-21 10:33 - 00001842 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-05-20 12:43 - 2015-05-21 10:31 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2015-05-18 20:43 - 2015-05-18 20:43 - 01046430 _____ () C:\Users\Lexy\Downloads\STANDING.pdf.part 2015-05-18 00:21 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2015-05-18 00:21 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2015-05-18 00:21 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2015-05-18 00:21 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2015-05-18 00:21 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-05-18 00:21 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2015-05-18 00:21 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2015-05-18 00:21 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-18 00:21 - 2015-04-19 22:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-18 00:21 - 2015-04-19 06:59 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-05-17 23:24 - 2015-05-17 23:25 - 00243656 _____ () C:\Users\Lexy\Downloads\Firefox Setup Stub 38.0.1(1).exe 2015-05-17 23:24 - 2015-05-17 23:24 - 00243656 _____ () C:\Users\Lexy\Downloads\Firefox Setup Stub 38.0.1.exe 2015-05-17 19:52 - 2015-04-10 17:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-17 19:52 - 2015-04-10 17:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-17 19:52 - 2015-04-10 17:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-17 19:52 - 2015-04-10 17:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-17 19:52 - 2015-04-10 17:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-17 19:52 - 2015-04-10 17:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-17 19:52 - 2015-04-10 17:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-17 19:52 - 2015-04-10 17:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-17 19:52 - 2015-04-10 17:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-17 19:52 - 2015-04-10 17:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-17 19:52 - 2015-04-10 17:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-05-17 19:52 - 2015-04-10 17:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-05-17 19:52 - 2015-04-10 17:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-05-17 19:52 - 2015-04-10 17:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-05-17 19:52 - 2015-04-10 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-05-17 19:52 - 2015-04-10 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-17 19:52 - 2015-04-10 17:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-17 19:52 - 2015-04-10 17:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-17 19:52 - 2015-04-10 17:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-05-17 19:52 - 2015-04-10 17:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-05-17 19:52 - 2015-04-10 17:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-05-17 19:51 - 2015-04-10 17:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-17 19:07 - 2015-01-29 03:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-05-17 19:06 - 2015-01-29 03:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-05-17 19:04 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-05-17 19:04 - 2014-08-27 02:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-05-17 19:02 - 2014-06-16 00:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2015-05-17 19:02 - 2014-06-13 20:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2015-05-17 19:02 - 2014-06-13 20:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2015-05-17 19:00 - 2014-12-19 02:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-05-17 19:00 - 2014-10-10 03:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2015-05-17 19:00 - 2014-10-10 03:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-05-17 19:00 - 2014-10-10 01:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-05-17 18:58 - 2014-11-04 02:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-05-17 18:56 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-17 18:56 - 2015-03-05 04:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-05-17 18:56 - 2015-01-15 06:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-05-17 18:56 - 2014-10-10 03:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-05-17 18:47 - 2014-10-24 03:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-05-17 18:46 - 2015-03-05 04:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2015-05-17 18:46 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-05-17 18:45 - 2015-03-14 04:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-05-17 18:45 - 2015-03-13 03:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-05-17 18:45 - 2015-03-13 03:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-05-17 18:45 - 2015-01-09 04:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-05-17 18:45 - 2015-01-09 02:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-05-17 18:45 - 2014-10-24 03:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2015-05-17 18:31 - 2014-11-26 04:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-05-17 18:30 - 2015-02-20 04:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-05-17 18:30 - 2015-02-20 02:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-05-17 18:26 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-17 18:19 - 2015-05-17 18:21 - 00000000 ____D () C:\Users\Lexy\AppData\Local\PDFCreator 2015-05-17 18:18 - 2015-01-21 04:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-05-17 18:17 - 2014-08-12 04:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2015-05-17 18:11 - 2015-05-17 18:11 - 00000832 _____ () C:\Users\Public\Desktop\PDFCreator.lnk 2015-05-17 18:11 - 2015-05-17 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2015-05-17 18:10 - 2014-10-13 03:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-05-16 10:28 - 2014-12-06 05:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2015-05-16 10:28 - 2014-10-03 03:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-05-16 10:28 - 2014-10-03 03:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-05-16 10:28 - 2014-10-03 03:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-05-16 10:28 - 2014-10-03 03:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-05-16 10:27 - 2015-02-18 04:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-05-16 10:27 - 2014-12-06 05:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-05-16 10:27 - 2014-12-06 05:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2015-05-16 10:24 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-16 10:19 - 2014-09-05 01:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys 2015-05-16 10:15 - 2014-12-08 03:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-05-16 10:14 - 2014-12-06 05:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-05-15 18:05 - 2015-05-15 18:07 - 00000000 ____D () C:\Users\Lexy\Desktop\STICK 2015-05-14 07:29 - 2015-05-14 07:29 - 00000000 ____D () C:\Users\Lexy\AppData\Local\Avg ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-22 10:57 - 2014-01-11 23:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-22 10:32 - 2014-02-16 21:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-05-22 10:27 - 2007-12-04 23:12 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-05-22 10:14 - 2014-04-07 21:35 - 00000000 ____D () C:\Program Files\Opera 2015-05-22 10:12 - 2012-03-02 22:04 - 01289324 _____ () C:\Windows\WindowsUpdate.log 2015-05-22 10:10 - 2012-01-26 23:16 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2015-05-22 10:08 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-22 10:08 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-22 10:07 - 2014-02-22 18:47 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-22 10:07 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-22 01:28 - 2007-08-02 04:03 - 00003204 _____ () C:\Windows\bthservsdp.dat 2015-05-22 01:28 - 2006-11-02 15:01 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-05-22 01:27 - 2014-01-27 23:15 - 00000000 ____D () C:\Users\Lexy\AppData\Roaming\QuickScan 2015-05-22 00:25 - 2014-04-09 23:33 - 00000000 ____D () C:\ProgramData\MFAData 2015-05-22 00:25 - 2013-12-29 11:59 - 00513720 _____ () C:\Windows\PFRO.log 2015-05-21 22:18 - 2013-07-22 21:50 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-05-21 14:05 - 2013-12-15 11:33 - 00000820 _____ () C:\Windows\Tasks\Google Software Updater.job 2015-05-21 11:35 - 2014-02-19 01:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-05-21 11:35 - 2007-12-04 00:38 - 00000000 ____D () C:\ProgramData\Skype 2015-05-21 11:30 - 2013-09-21 09:51 - 00000000 ____D () C:\ProgramData\Oracle 2015-05-21 11:17 - 2007-08-02 04:48 - 00000000 ____D () C:\Program Files\Java 2015-05-21 10:56 - 2007-12-04 00:42 - 00000000 ____D () C:\Users\Lexy\AppData\Roaming\Skype 2015-05-21 10:51 - 2009-02-01 22:21 - 00000000 ____D () C:\Update 2015-05-21 10:46 - 2014-03-20 21:18 - 00000000 ____D () C:\ProgramData\ProductData 2015-05-21 10:42 - 2011-05-22 11:30 - 00000000 ____D () C:\Program Files\IObit 2015-05-21 10:33 - 2011-01-26 23:43 - 00002155 _____ () C:\Windows\epplauncher.mif 2015-05-21 10:20 - 2014-04-14 23:31 - 00000000 _____ () C:\Windows\Model.log 2015-05-21 10:20 - 2009-02-01 22:27 - 00000023 _____ () C:\Windows\Model.txt 2015-05-21 07:28 - 2007-08-02 04:42 - 00000000 ____D () C:\ProgramData\Sony Corporation 2015-05-21 07:28 - 2007-08-02 04:40 - 00000000 ____D () C:\Program Files\Sony 2015-05-21 00:03 - 2008-01-04 21:51 - 00000000 ____D () C:\Program Files\Buhl finance 2015-05-21 00:03 - 2007-08-02 04:27 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-05-20 23:54 - 2012-12-21 00:21 - 00000000 ____D () C:\ProgramData\Gigaset QuickSync 2015-05-20 23:50 - 2012-04-04 07:06 - 00000000 ____D () C:\Users\Lexy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi 2015-05-20 23:45 - 2009-12-12 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Picture Utility 2015-05-20 19:07 - 2007-11-24 16:31 - 00000000 ____D () C:\Users\Lexy 2015-05-19 23:02 - 2012-07-17 20:24 - 00001752 ____H () C:\Users\Lexy\Documents\Default.rdp 2015-05-18 21:32 - 2014-02-22 18:47 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-18 21:18 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-05-18 20:10 - 2013-07-16 10:40 - 00000000 ____D () C:\Windows\system32\MRT 2015-05-18 16:25 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache 2015-05-18 16:14 - 2006-11-02 12:33 - 00006798 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-18 16:06 - 2006-11-02 14:47 - 00442120 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-05-18 00:23 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\system32\XPSViewer 2015-05-18 00:23 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal 2015-05-17 19:06 - 2007-10-10 05:14 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-05-17 18:12 - 2012-10-14 20:20 - 00000000 ____D () C:\Program Files\PDFCreator 2015-05-17 17:57 - 2011-06-16 19:53 - 00002455 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2015-05-16 10:21 - 2010-06-07 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-16 10:20 - 2008-06-01 14:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-05-15 18:57 - 2012-05-17 08:07 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-05-15 18:57 - 2011-08-02 18:24 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-04-30 10:07 - 2006-11-02 12:24 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe ==================== Files in the root of some directories ======= 2007-03-12 18:59 - 2007-03-12 18:59 - 0299008 _____ () C:\Program Files\navigram_register.exe 2011-08-02 18:27 - 2011-07-14 10:31 - 1456640 _____ () C:\Program Files\Common Files\Falk Navi-Manager.msi 2012-07-11 22:12 - 2012-07-11 22:15 - 0002415 _____ () C:\Users\Lexy\AppData\Roaming\hamster_installer_log.txt 2008-10-04 13:13 - 2011-06-12 21:19 - 0027657 _____ () C:\Users\Lexy\AppData\Roaming\Kommagetrennte Werte (Windows).ADR 2008-12-29 20:38 - 2011-04-11 22:20 - 0009521 _____ () C:\Users\Lexy\AppData\Roaming\mdbu.bin 2009-10-04 12:02 - 2009-10-04 12:02 - 0000760 _____ () C:\Users\Lexy\AppData\Roaming\setup_ldm.iss 2014-06-19 08:11 - 2014-06-19 08:11 - 0000024 _____ () C:\Users\Lexy\AppData\Roaming\temp.ini 2012-01-26 23:34 - 2012-01-26 23:34 - 0020289 _____ () C:\Users\Lexy\AppData\Roaming\UserTile.png 2007-11-25 02:26 - 2007-12-05 21:36 - 0000572 _____ () C:\Users\Lexy\AppData\Roaming\wklnhst.dat 2010-11-20 22:11 - 2012-06-11 01:14 - 0001188 _____ () C:\Users\Lexy\AppData\Local\crc32list11.txt 2007-12-04 00:39 - 2007-12-04 00:39 - 0000552 _____ () C:\Users\Lexy\AppData\Local\d3d8caps.dat 2008-02-22 20:02 - 2012-03-02 23:32 - 0001356 _____ () C:\Users\Lexy\AppData\Local\d3d9caps.dat 2007-11-24 16:39 - 2014-02-08 11:33 - 0154624 _____ () C:\Users\Lexy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-07-11 22:15 - 2012-07-11 22:15 - 0000393 _____ () C:\Users\Lexy\AppData\Local\HamsterVideoConverterSettings.cfg 2009-03-10 22:38 - 2009-04-15 09:29 - 0000089 _____ () C:\Users\Lexy\AppData\Local\qeymg.bat 2009-04-07 17:08 - 2009-04-10 08:44 - 0313413 _____ () C:\Users\Lexy\AppData\Local\ywwamqw_nav.dat 2014-01-27 23:49 - 2014-01-27 23:49 - 0764668 _____ () C:\ProgramData\1390858327.bdinstall.bin 2014-03-22 21:47 - 2014-03-22 21:47 - 0092109 _____ () C:\ProgramData\1395517664.bdinstall.bin 2014-03-22 21:50 - 2014-03-22 21:50 - 0250923 _____ () C:\ProgramData\1395517667.bdinstall.bin 2007-12-05 21:11 - 2007-12-05 21:11 - 0000032 _____ () C:\ProgramData\ezsid.dat 2008-06-01 14:36 - 2008-06-01 14:36 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2009-11-01 14:35 - 2011-05-20 18:00 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt 2007-10-10 05:18 - 2007-10-10 05:19 - 1132112 _____ () C:\ProgramData\pswi_preloaded.exe Files to move or delete: ==================== C:\ProgramData\ezsid.dat C:\ProgramData\pswi_preloaded.exe Some files in TEMP: ==================== C:\Users\Lexy\AppData\Local\Temp\DivXSetup.exe C:\Users\Lexy\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Lexy\AppData\Local\Temp\GLF20FD.EXE C:\Users\Lexy\AppData\Local\Temp\GLF3105.EXE C:\Users\Lexy\AppData\Local\Temp\GLF3A3F.EXE C:\Users\Lexy\AppData\Local\Temp\GLF4AE.EXE C:\Users\Lexy\AppData\Local\Temp\GLF5263.EXE C:\Users\Lexy\AppData\Local\Temp\GLF5EED.EXE C:\Users\Lexy\AppData\Local\Temp\GLF6219.EXE C:\Users\Lexy\AppData\Local\Temp\GLF6756.EXE C:\Users\Lexy\AppData\Local\Temp\GLF6802.EXE C:\Users\Lexy\AppData\Local\Temp\GLF6FA0.EXE C:\Users\Lexy\AppData\Local\Temp\GLF7A24.EXE C:\Users\Lexy\AppData\Local\Temp\GLF878C.EXE C:\Users\Lexy\AppData\Local\Temp\GLF8801.EXE C:\Users\Lexy\AppData\Local\Temp\GLF936A.EXE C:\Users\Lexy\AppData\Local\Temp\GLF9BC8.EXE C:\Users\Lexy\AppData\Local\Temp\GLFA9D3.EXE C:\Users\Lexy\AppData\Local\Temp\GLFD436.EXE C:\Users\Lexy\AppData\Local\Temp\GLFE24B.EXE C:\Users\Lexy\AppData\Local\Temp\GLFE8BE.EXE C:\Users\Lexy\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Lexy\AppData\Local\Temp\jre-8u45-windows-au.exe C:\Users\Lexy\AppData\Local\Temp\lowproc.exe C:\Users\Lexy\AppData\Local\Temp\promote-upx.exe C:\Users\Lexy\AppData\Local\Temp\Quarantine.exe C:\Users\Lexy\AppData\Local\Temp\SHSetup.exe C:\Users\Lexy\AppData\Local\Temp\SkypeSetup.exe C:\Users\Lexy\AppData\Local\Temp\sqlite3.dll C:\Users\Lexy\AppData\Local\Temp\stubhelper.dll C:\Users\Lexy\AppData\Local\Temp\vlc-2.1.3-win32.exe C:\Users\Lexy\AppData\Local\Temp\vlc-2.1.5-win32.exe C:\Users\Lexy\AppData\Local\Temp\_is6F6D.exe C:\Users\Lexy\AppData\Local\Temp\_is98DD.exe C:\Users\Lexy\AppData\Local\Temp\_isA466.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-22 10:15 ==================== End of log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-05-2015
Ran by Lexy at 2015-05-22 11:10:35
Running from C:\Users\Lexy\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3626444559-52657498-4274862289-500 - Administrator - Disabled)
Guest (S-1-5-21-3626444559-52657498-4274862289-501 - Limited - Disabled)
Lexy (S-1-5-21-3626444559-52657498-4274862289-1002 - Administrator - Enabled) => C:\Users\Lexy
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: LANCOM Advanced VPN Client (Disabled) {BEB21647-135A-7893-42A0-BBC3960C218D}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3D-Viewer-innoPlus (HKLM\...\{B96DB037-DBEA-4186-9081-9CBD537F82E8}) (Version: 10.00.0119 - INNOVA-engineering GmbH)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Adobe SVG Viewer (HKLM\...\Adobe SVG Viewer) (Version: 1.0 - Adobe Systems, Inc.)
AFPL Ghostscript 8.54 (HKLM\...\AFPL Ghostscript 8.54) (Version: - )
AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version: - )
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
ArcSoft Magic-i Visual Effects Installer (HKLM\...\{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}) (Version: - ArcSoft)
AVS DVD Player version 2.4 (HKLM\...\AVS DVD Player_is1) (Version: - Online Media Technologies Ltd.)
Bing Maps 3D (HKLM\...\{2D87E961-577B-492B-AD54-1368680FB9A7}) (Version: 4.0.903.16005 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CadStd (HKLM\...\CadStd) (Version: 3.7.4 - Apperson & Daughters)
CanoScan Toolbox Ver4.1 (HKLM\...\{BCE46757-7674-4416-BEDB-68205A60409E}) (Version: - )
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Citrix Online Launcher (HKLM\...\{307ECD26-43D7-4AD4-82CF-794B63EDF096}) (Version: 1.0.141 - Citrix)
Click to DVD 2.0.05 Menu Data (HKLM\...\{9E407618-D9CD-4F39-9490-9ED45294073D}) (Version: 2.0.05 - Sony Corporation)
Click to DVD 2.6.00 (HKLM\...\{E809063C-51A3-4269-8984-D1EB742F2151}) (Version: 2.6.00 - Sony Corporation)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
DSD Direct (HKLM\...\{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}) (Version: 2.0.01 - Sony Corporation)
DSD Playback Plug-in (HKLM\...\{009E7FB7-1775-4D89-8956-F5C9A1C019FC}) (Version: 1.1 - Sony Corporation)
DSL Connection Manager (Version: 2.0.0.17 - Telefónica o2 Germany GmbH & Co. OHG) Hidden
Duden Korrektor PLUS (HKLM\...\InstallShield_{541E5E15-7186-4395-9593-16D02765FF27}) (Version: 5.00.1507.00 - Duden)
Duden Korrektor PLUS (Version: 5.00.1507.00 - Duden) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Falk Navi-Manager (Version: 2.1.0.0 - Falk Marcopolo Interactive GmbH) Hidden
Falk Navi-Manager (Version: 2.7.0 - Falk Navigation GmbH) Hidden
Favorit (HKLM\...\qeymg) (Version: - )
GearDrvs (Version: 1 - Symantec Corporation) Hidden
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GoToMeeting 5.9.0.1207 (HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)
GPL Ghostscript 9.00 (HKLM\...\GPL Ghostscript 9.00) (Version: - )
GuG - Grundstücksmarkt und Grundstückswert (HKLM\...\{B4ACF448-765F-45B0-9C2A-05E426600A4C}) (Version: 1.0 - Wolters Kluwer Deutschland Information Services GmbH)
HDAUDIO SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200) (Version: - )
Instant Mode (HKLM\...\{E6707034-D7A4-49B1-94D0-F5AACE46F06C}) (Version: 1.0.2 - InterVideo)
iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JiveX DICOM Viewer Light 4.4.2 (HKLM\...\JiveX DICOM Viewer Light 4.4.2) (Version: - VISUS Technology Transfer GmbH)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
LANCOM Advanced VPN Client (HKLM\...\NCP RWS/GA) (Version: 2.32 Build 218 - LANCOM Systems GmbH)
LocationFree Player (HKLM\...\{D937DD80-3928-4617-876F-538A25AECB17}) (Version: 3.02.0000 - Sony Corporation)
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 16.002.03.02.511 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 38.0.1 (x86 de) (HKLM\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.2 - F.J. Wechselberger)
NAVIGON Fresh 3.4.1 (HKLM\...\NAVIGON Fresh) (Version: 3.4.1 - NAVIGON)
Norton 360 (Version: 1.2.0.10 - Symantec Corporation) Hidden
Office-Bibliothek (HKLM\...\{5C81B189-5456-40C4-9313-7FE6FA6DD64C}) (Version: 5.00.3 - Bibliographisches Institut & F.A. Brockhaus AG)
OpenMG Limited Patch 4.7-07-15-19-01 (HKLM\...\OpenMG HotFix4.7-07-13-22-01) (Version: - )
OpenMG Secure Module 4.7.00 (HKLM\...\InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation)
OpenMG Secure Module 4.7.00 (Version: 4.7.00.12140 - Sony Corporation) Hidden
Opera Stable 29.0.1795.60 (HKLM\...\Opera 29.0.1795.60) (Version: 29.0.1795.60 - Opera Software ASA)
PDF Blender (HKLM\...\PDF Blender) (Version: - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.1 - pdfforge)
Primo (Version: 1.00.0000 - Your Company Name) Hidden
QuickBooks Product Listing Service (HKLM\...\{91208A47-5D08-4C79-986F-1931940F51BB}) (Version: 2.0.148 - Intuit)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealPlayer (HKLM\...\RealPlayer 6.0) (Version: - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Regel 7.0 Standard Demo (HKLM\...\Regel 7.0 Standard Demo) (Version: 7.01 - HPW-Software)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Runtime (Version: 1.00.0000 - Your Company Name) Hidden
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Samsung New PC Studio USB Driver Installer (HKLM\...\InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio USB Driver Installer (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Samsung PC Studio 3 USB Driver Installer (HKLM\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Samsung Samples Installer (HKLM\...\{7AC15160-A49B-4A89-B181-D4619C025FFF}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
SAMSUNG SYMBIAN USB Download Driver (HKLM\...\{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}) (Version: 1.1.808.7165 - SAMSUNG Electronics CO,.LTD)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.103.0 - SAMSUNG Electronics Co., Ltd.)
SamsungConnectivityCableDriver (HKLM\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung)
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Setting Utility Series (HKLM\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 3.0.00.07240 - Sony Corporation)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SlimDX Redistributable (June 2010) (HKLM\...\{354D00E0-C7C9-4BC1-BC12-08C4977AA827}) (Version: 2.0.10.43 - SlimDX Group)
SonicStage Mastering Studio Audio Filter (HKLM\...\{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}) (Version: 2.3.01 - Sony Corporation)
SonicStage Mastering Studio Audio Filter Custom Preset (HKLM\...\{EC37A846-53AC-4DA7-98FA-76A4E74AA900}) (Version: 2.3 - Sony Corporation)
SonicStage Mastering Studio Plugins (HKLM\...\{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}) (Version: 2.4 - Sony Corporation)
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 4.2.11.14260 - Sony Corporation)
Sony Video Shared Library (HKLM\...\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}) (Version: 3.2.00 - Sony Corporation)
Sublight (HKLM\...\Sublight_is1) (Version: 4.0.0 - Sublight Labs)
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.16642 - TeamViewer)
TVUPlayer 2.5.2.2 (HKLM\...\TVUPlayer) (Version: 2.5.2.2 - TVU networks)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
UUSEE(ÓÆÊÓÍøÂçµçÊÓ) 4.3.6.5 (HKLM\...\UUSEE(ÓÆÊÓÍøÂçµçÊÓ)) (Version: 4.3.6.5 - UUSee company, Inc.)
VAIO Azure Float Wallpaper (HKLM\...\{0312BD0D-A1FE-4E1A-9208-D436F566D867}) (Version: 1.0.00.10100 - Sony Corporation)
VAIO Camera Capture Utility (HKLM\...\{6D2576EC-A0E9-418A-A09A-409933A3B6F4}) (Version: 2.7.01.08030 - Sony Corporation)
VAIO Center Access Bar (HKLM\...\{C299F969-AE3D-4679-ADF5-682A186CE62E}) (Version: 1.00.0622 - Sony)
VAIO Content Folder Setting (HKLM\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 1.0.00.07170 - Sony Corporation)
VAIO Content Importer VAIO Content Exporter (Version: 1.4.73.04270 - Sony Corporation) Hidden
VAIO Content Importer / VAIO Content Exporter (HKLM\...\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}) (Version: 1.4.73.04270 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (HKLM\...\{DEBA60A3-7CDE-48D7-993D-7C68663AEE68}) (Version: 3.0.01.03032 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (Version: 3.0.01.03032 - Sony Corporation) Hidden
VAIO Content Metadata Manager Settings (HKLM\...\{12D0BE8D-538C-4AB1-86DE-C540308F50DA}) (Version: 3.6.0.09240 - Sony Corporation)
VAIO Content Metadata Manager Settings (Version: 3.6.0.09240 - Sony Corporation) Hidden
VAIO Content Metadata XML Interface Library (HKLM\...\{AEBB1D78-EB8C-4F8B-B57E-459958979C3B}) (Version: 3.1.00.03103 - Sony Corporation)
VAIO Content Metadata XML Interface Library (Version: 3.1.00.03103 - Sony Corporation) Hidden
VAIO Control Center (HKLM\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 2.1.00.07110 - Sony Corporation)
VAIO Entertainment Center (HKLM\...\{E74F7423-77CB-4F6A-A44D-604E1010FE50}) (Version: 2.00.0711 - Sony)
VAIO Entertainment Platform (HKLM\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.0.00.06280 - Sony Corporation)
VAIO Event Service (HKLM\...\{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}) (Version: 3.2.00.07240 - Sony Corporation)
VAIO Floral Dusk Wallpaper (HKLM\...\{B59B3DA8-06F8-4B4C-AE94-5180753EF108}) (Version: 1.0.00.10100 - Sony Corporation)
VAIO Help And Support (HKLM\...\{7D716354-2C08-48DC-9AC5-957348048817}) (Version: 3.10.0724.FZVP - Sony Corporation)
VAIO Launcher (HKLM\...\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}) (Version: 1.0.00.07090 - Sony Corporation)
VAIO Media (Version: 6.0.10 - Sony Corporation) Hidden
VAIO Media 6.0 (HKLM\...\{560F6B2E-F0DF-44E5-8190-A4A161F0E205}) (Version: 6.0.10 - Sony Corporation)
VAIO Media AC3 Decoder 1.0 (HKLM\...\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}) (Version: - )
VAIO Media Content Collection 6.0 (HKLM\...\{500162A0-4DD5-460A-BAFD-895AAE48C532}) (Version: - Sony Corporation)
VAIO Media Integrated Server 6.1 (HKLM\...\{785EB1D4-ECEC-4195-99B4-73C47E187721}) (Version: - Sony Corporation)
VAIO Media Redistribution 6.0 (HKLM\...\{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}) (Version: 6.0.10 - Sony Corporation)
VAIO Media Registration Tool (Version: 6.0.10 - Sony Corporation) Hidden
VAIO Media Registration Tool 6.0 (HKLM\...\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}) (Version: 6.0.10 - Sony Corporation)
VAIO Movie Story (HKLM\...\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 1.3.02.09240 - Sony Corporation)
VAIO Movie Story (Version: 1.0.00.18280 - Sony Corporation) Hidden
VAIO Movie Story 1.3 Upgrade (Version: 1.3.02.09240 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM\...\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 1.3.00.06120 - Sony Corporation)
VAIO MusicBox (HKLM\...\{4EA55D20-27FB-45D7-8726-147E8A5F6C62}) (Version: 1.0.00.07090 - Sony Corporation)
VAIO MusicBox Sample Music (HKLM\...\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}) (Version: 1.0.00.07030 - Sony Corporation)
VAIO OOBE (HKLM\...\{1B500D37-E7CF-480B-8054-8A563594EC4E}) (Version: 3.00.0710 - Sony Corporation)
VAIO Original Function Settings (Version: 2.0.2.02240 - Sony Corporation) Hidden
VAIO Original Funktion Einstellungen (HKLM\...\{7C404084-C5A6-42FF-B731-0BAC79A6E134}) (Version: 2.0.2.02240 - Sony Corporation)
VAIO PC Wireless LAN Wizard (HKLM\...\{BCED773C-99EE-48DD-8915-25733F69F0A8}) (Version: 1.00.0716 - Sony)
VAIO Power Management (HKLM\...\{802889F8-6AF5-45A5-9764-CA5B999E50FC}) (Version: 2.2.00.06130 - Sony Corporation)
VAIO Productivity Center (HKLM\...\{BABC878D-BB64-4688-9A88-1D9E88F339A9}) (Version: 2.00.0702 - Sony)
VAIO Security Center (HKLM\...\{CFED0AE3-6D93-4745-B8A0-F3410B493CC4}) (Version: 5.00.0716 - Sony Corporation)
VAIO Service Utility (HKLM\...\VAIO Service Utility) (Version: 1.1.1.3 - Sony)
VAIO Survey (HKLM\...\{34B37A74-125E-4406-87BA-E4BD3D097AE5}) (Version: 5.00.7207 - Sony)
VAIO Teal Whisper Wallpaper (HKLM\...\{235915A8-1C0D-4920-95EA-FE8B773E5F57}) (Version: 1.0.00.10100 - Sony Corporation)
VAIO Update (HKLM\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VU5x86 (Version: 1.1.0 - Sony Corporation ) Hidden
WD SmartWare (HKLM\...\{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}) (Version: 1.2.0.8 - Western Digital)
WIDCOMM Bluetooth Software 6.1.0.1203 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.1.0.1203 - Broadcom Corporation)
Winamp (HKLM\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live OneCare safety scanner (HKLM\...\Windows Live OneCare safety scanner) (Version: - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinDVD for VAIO (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B8.384 - InterVideo Inc.)
WinDVD for VAIO (Version: 8.0-B8.384 - InterVideo Inc.) Hidden
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Wireless Switch Setting Utility (HKLM\...\{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}) (Version: 3.6.00.18210 - Sony Corporation)
WISO Mein Geld 2012 Professional (HKLM\...\WISO Mein Geld 2012 Professional) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2012 Professional (Version: 14.0.1.18 - Buhl Data Service GmbH) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3626444559-52657498-4274862289-1002_Classes\CLSID\{16569F81-76A4-4339-8745-BE295A404D9B}\InprocServer32 -> C:\Users\Lexy\appdata\local\microsoft\Windows Sidebar\Gadgets\Video.Gadget\dll\AOLVideoGadgetHelper.dll (AOL)
CustomCLSID: HKU\S-1-5-21-3626444559-52657498-4274862289-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1207\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
==================== Restore Points =========================
21-05-2015 16:02:39 Scheduled Checkpoint
21-05-2015 22:11:10 Revo Uninstaller's restore point - AVG 2014
21-05-2015 22:26:33 AVG 2014 wurde entfernt
21-05-2015 22:32:53 Removed AVG 2014
22-05-2015 10:15:24 Revo Uninstaller's restore point - Mozilla Firefox 38.0.1 (x86 de)
22-05-2015 10:20:03 Revo Uninstaller's restore point - Apple Software Update
22-05-2015 10:23:01 Revo Uninstaller's restore point - Apple Mobile Device Support
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00BB28EE-F330-4C8F-8DD9-51380D2DE6A6} - System32\Tasks\{DB02960D-3E88-4F50-80B9-90C6A3F5CF76} => Firefox.exe hxxp://www.skype.com/go/downloading?source=installer&ver=7.4.85.102&LastError=-9
Task: {13184BE2-ECFA-4607-B38F-4A677FEC7DCE} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3626444559-52657498-4274862289-1002 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {1BA0811D-9E53-421B-9380-FBB3084F8A92} - System32\Tasks\Opera scheduled Autoupdate 1398549131 => c:\program files\opera\launcher.exe [2015-05-18] (Opera Software)
Task: {1DEFA22E-F22F-4D7B-8992-59D93FD16AAC} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {1E423AF4-5D61-47F1-9659-80E740800CC8} - System32\Tasks\{C926E061-3CD6-4605-AD6D-51FB41686C06} => pcalua.exe -a C:\Users\Lexy\AppData\Local\Temp\GLF6E1C\EP0000187620.exe -d C:\Users\Lexy\AppData\Local\Temp\GLF6E1C
Task: {1EF63912-26B9-45AB-9E78-51CE88ECAEDC} - System32\Tasks\{31D8B88E-6B28-4D94-B239-069674C107F0} => pcalua.exe -a "C:\Users\Lexy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7I81YI66\q816506.exe" -d C:\Users\Lexy\Desktop
Task: {3AFDB2BD-46B7-46E8-8DEC-7DE5A066D708} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-15] (Adobe Systems Incorporated)
Task: {3BA2BE2C-9925-49F1-A81C-B35EFCDA5B5A} - System32\Tasks\{D3E96DE9-9061-4E0D-99F4-11A89251A520} => Firefox.exe hxxp://ui.skype.com/ui/0/7.4.85.102/de/go/help.faq.installer?LastError=1603
Task: {41867401-B848-4F45-BEB8-4C04E3BA9BDA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-08] (Google Inc.)
Task: {4EFE2AA6-63D6-432A-A4DB-5E3D0DD282A1} - System32\Tasks\SONY\WSSU\WSSU => C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe [2007-06-15] (Sony Corporation)
Task: {750513BF-A40A-4FBC-837A-DA8D3395CF32} - System32\Tasks\{FEA3844A-A767-403F-A228-E4BC401617BC} => pcalua.exe -a "C:\Program Files\LANCOM\Advanced VPN Client\UNINST.EXE" -d "C:\Program Files\LANCOM\Advanced VPN Client"
Task: {7AE3B831-1023-4614-B006-0C4AD9A881AB} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {9D072985-EF80-4BCB-830F-889986F4C856} - System32\Tasks\{811984AA-D715-4EB8-B0D9-CCB0832052AF} => c:\program files\opera\launcher.exe [2015-05-18] (Opera Software)
Task: {A857E555-7A14-4F9C-8D7D-CC11FF1540D2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3626444559-52657498-4274862289-1002 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {AA3CEAC4-2784-470F-B81F-25A33017ACE8} - System32\Tasks\{6340DE61-6134-4A47-9B42-62C393E49845} => pcalua.exe -a C:\Users\Lexy\AppData\Local\Temp\GLF9F10\EP0000187620.exe -d C:\Users\Lexy\AppData\Local\Temp\GLF9F10
Task: {ABBC905E-631C-477F-828C-A604F6C54B04} - System32\Tasks\{7BD98EDA-7CFE-463B-8AA2-22D8DFF9C883} => pcalua.exe -a C:\Users\Lexy\AppData\Local\Temp\GLFB6B0\EP0000187620.exe -d C:\Users\Lexy\AppData\Local\Temp\GLFB6B0
Task: {B3063F29-D8EF-4B30-BEF9-D771E53362A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-08] (Google Inc.)
Task: {F3D0EA79-FE36-48D0-8D34-84BBDCBD6099} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-27] (Google)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2007-08-02 04:51 - 2007-06-29 14:56 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2014-04-21 22:02 - 2014-02-28 13:02 - 00108032 _____ () C:\Program Files\LANCOM\Advanced VPN Client\ncpmif32.dll
2012-07-17 14:55 - 2002-06-28 10:16 - 00151552 _____ () C:\Program Files\LANCOM\Advanced VPN Client\ncpcfg.dll
2012-07-17 14:55 - 2013-11-11 15:02 - 00199168 _____ () C:\Program Files\LANCOM\Advanced VPN Client\ncpdlg.dll
2012-07-17 14:55 - 2002-09-04 15:27 - 00102400 _____ () C:\Program Files\LANCOM\Advanced VPN Client\ncpcry.dll
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2012-07-17 14:55 - 2011-10-12 15:43 - 00148992 _____ () C:\Program Files\LANCOM\Advanced VPN Client\ncpbudget2008.dll
2014-04-21 22:02 - 2011-04-21 07:11 - 00119808 _____ () C:\Program Files\LANCOM\Advanced VPN Client\NCPSEC.EXE
2014-04-21 22:02 - 2014-02-18 12:51 - 01817088 _____ () C:\Program Files\LANCOM\Advanced VPN Client\ncpgacc.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2015-05-21 11:19 - 2015-05-21 11:19 - 00019040 _____ () C:\Program Files\Java\jre1.8.0_45\bin\jp2native.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2007-04-15 21:44 - 2007-04-15 21:44 - 00898560 _____ () C:\Program Files\Duden\Duden Korrektor\libxml2.dll
2007-04-15 21:44 - 2007-04-15 21:44 - 00073728 _____ () C:\Program Files\Duden\Duden Korrektor\zlib1.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\100sexlinks.com -> 100sexlinks.com
There are 4791 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\img24.jpg
DNS Servers: Media is not connected to internet.
==================== MSCONFIG/TASK MANAGER Error getting ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Application Updater => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DfSdkS => 3
MSCONFIG\Services: FsUsbExService => 2
MSCONFIG\Services: gusvc => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: IMFservice => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: IviRegMgr => 2
MSCONFIG\Services: MSCSPTISRV => 3
MSCONFIG\Services: PDF Architect Helper Service => 2
MSCONFIG\Services: PDF Architect Service => 2
MSCONFIG\Services: SamsungAllShareV2.0 => 2
MSCONFIG\Services: serviceIEConfig => 2
MSCONFIG\Services: SimpleSlideShowServer => 3
MSCONFIG\Services: SPTISRV => 3
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: uCamMonitor => 2
MSCONFIG\Services: vToolbarUpdater15.3.0 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^t@x aktuell.lnk => C:\Windows\pss\t@x aktuell.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Advanced SystemCare 6 =>
MSCONFIG\startupreg: AllShareAgent =>
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service =>
MSCONFIG\startupreg: AutoStartNPSAgent => c:\program files\samsung\samsung new pc studio\npsagent.exe
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: Google Updater => "c:\program files\google\google updater\googleupdater.exe" -check_deprecation
MSCONFIG\startupreg: iTunesHelper => c:\program files\itunes\ituneshelper.exe
MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => khalmnpr.exe
MSCONFIG\startupreg: LifeCam => "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: NcpBudgetGui => "c:\program files\lancom\advanced vpn client\ncpbudgetgui.exe" -start
MSCONFIG\startupreg: NcpPopup => "C:\Program Files\LANCOM\Advanced VPN Client\ncppopup.exe" noerrmsg
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "c:\program files\skype\phone\skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TomTomHOME.exe =>
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: Windows Mobile-based device management => %windir%\WindowsMobile\wmdSync.exe
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\Lexy\AppData\Roaming\Yontoo\YontooDesktop.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{78E22DB7-B77B-4EC8-A7CD-2F34595FF90D}] => (Allow) C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe
FirewallRules: [{1B8CD137-BEAB-461F-9DF7-D29C96EFBBA4}] => (Allow) C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe
FirewallRules: [{49679896-5EA7-448F-A3CB-1CF1C5D5937A}] => (Allow) C:\Program Files\Sony\VAIO Media 6.0\Vc.exe
FirewallRules: [{FD6549A7-3B54-45E7-8485-87538CC01817}] => (Allow) C:\Program Files\Sony\VAIO Media 6.0\Vc.exe
FirewallRules: [TCP Query User{D8420B1C-4C69-476F-808D-41BF87E497CD}C:\program files\sopcast\sopcast.exe] => (Block) C:\program files\sopcast\sopcast.exe
FirewallRules: [UDP Query User{B58D82AB-5689-4D8B-B86A-4DCD8F237CD1}C:\program files\sopcast\sopcast.exe] => (Block) C:\program files\sopcast\sopcast.exe
FirewallRules: [TCP Query User{8ED12532-C267-416A-98F4-161B28A004E9}C:\program files\sopcast\adv\sopadver.exe] => (Block) C:\program files\sopcast\adv\sopadver.exe
FirewallRules: [UDP Query User{E0666EA3-E127-4089-A4B6-F3F67CB27086}C:\program files\sopcast\adv\sopadver.exe] => (Block) C:\program files\sopcast\adv\sopadver.exe
FirewallRules: [TCP Query User{17BBCC43-953A-40BB-AB6E-AAC2666E6877}C:\program files\sopcast\adv\sopadver.exe] => (Allow) C:\program files\sopcast\adv\sopadver.exe
FirewallRules: [UDP Query User{E44440C6-02FE-4003-B98F-66CE88E402EE}C:\program files\sopcast\adv\sopadver.exe] => (Allow) C:\program files\sopcast\adv\sopadver.exe
FirewallRules: [TCP Query User{4A2C1C82-6AC7-4090-B226-19E775DB8331}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
FirewallRules: [UDP Query User{FFCBC131-396A-4A12-8110-C2DB6DD8BFD4}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
FirewallRules: [{316B6993-98A7-49DC-A7A5-7511274368D6}] => (Allow) C:\Program Files\PPLive\PPLive.exe
FirewallRules: [{15D08214-15C6-411C-81CF-2E18E8DA7F47}] => (Allow) C:\Program Files\PPLive\PPLive.exe
FirewallRules: [TCP Query User{4527B42F-E487-4AA0-A7AE-117CBB0C272D}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{EFEA7E9B-4F87-401B-9AF1-8C6CD0ABC163}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{6513C40B-9BB1-4069-8246-A7B1B80DBF7B}C:\program files\surfmusik 3.1\surfmusik.exe] => (Allow) C:\program files\surfmusik 3.1\surfmusik.exe
FirewallRules: [UDP Query User{4672F9F9-1FA3-4C17-9CC6-F0977DD086D7}C:\program files\surfmusik 3.1\surfmusik.exe] => (Allow) C:\program files\surfmusik 3.1\surfmusik.exe
FirewallRules: [TCP Query User{FE4296B5-1FBF-4EAF-9400-6F50D267F1E9}C:\program files\zattoo\zattood.exe] => (Allow) C:\program files\zattoo\zattood.exe
FirewallRules: [UDP Query User{707F14F2-05AC-4F1D-9596-8DBA3F59A11C}C:\program files\zattoo\zattood.exe] => (Allow) C:\program files\zattoo\zattood.exe
FirewallRules: [TCP Query User{75A2F8B7-206C-40AA-971E-6CB10D2898DB}C:\program files\zattoo\zattoo.exe] => (Allow) C:\program files\zattoo\zattoo.exe
FirewallRules: [UDP Query User{C1264FB3-5303-4F90-AB1D-75BB37B47FBA}C:\program files\zattoo\zattoo.exe] => (Allow) C:\program files\zattoo\zattoo.exe
FirewallRules: [TCP Query User{052C97EE-670F-4899-81BA-9BFFD2FBB866}C:\program files\tvuplayer\tvuplayer.exe] => (Allow) C:\program files\tvuplayer\tvuplayer.exe
FirewallRules: [UDP Query User{CF0B7CE9-B954-42C8-B834-A2BA3CF406C7}C:\program files\tvuplayer\tvuplayer.exe] => (Allow) C:\program files\tvuplayer\tvuplayer.exe
FirewallRules: [TCP Query User{4F6E18A8-F82A-4534-9A53-58F6494017B6}C:\program files\real\realplayer\realplay.exe] => (Block) C:\program files\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{9CFF79C9-DF75-4936-B437-359127255740}C:\program files\real\realplayer\realplay.exe] => (Block) C:\program files\real\realplayer\realplay.exe
FirewallRules: [TCP Query User{5E8FBB86-6DC7-492F-A04A-844CB89365C0}C:\program files\nokia\nokia software updater\nsu_ui_client.exe] => (Allow) C:\program files\nokia\nokia software updater\nsu_ui_client.exe
FirewallRules: [UDP Query User{06CA3D3C-517B-418C-9E30-972AE849406E}C:\program files\nokia\nokia software updater\nsu_ui_client.exe] => (Allow) C:\program files\nokia\nokia software updater\nsu_ui_client.exe
FirewallRules: [TCP Query User{29FB5CDB-6B4D-4952-AF56-E9576C4B4738}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe] => (Allow) C:\program files\common files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [UDP Query User{BA3E48D0-F422-467C-9516-C95D0B81B38A}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe] => (Allow) C:\program files\common files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [TCP Query User{947ACEFE-56DC-4AB4-AB88-C738AEA2FBB1}C:\program files\simplecenter\home media server.exe] => (Allow) C:\program files\simplecenter\home media server.exe
FirewallRules: [UDP Query User{99EC694A-E76E-40DB-98CF-BEACE3F090EA}C:\program files\simplecenter\home media server.exe] => (Allow) C:\program files\simplecenter\home media server.exe
FirewallRules: [TCP Query User{BD13C577-8FBB-42B3-92ED-C83C200A03C5}C:\program files\uusee\uuseeplayer.exe] => (Allow) C:\program files\uusee\uuseeplayer.exe
FirewallRules: [UDP Query User{6368CC49-B230-4C5A-8F82-B812F4D33003}C:\program files\uusee\uuseeplayer.exe] => (Allow) C:\program files\uusee\uuseeplayer.exe
FirewallRules: [TCP Query User{0EF2971B-D528-4F9D-8F16-496B90C4CC5B}C:\program files\tvuplayer\tvuplayer.exe] => (Block) C:\program files\tvuplayer\tvuplayer.exe
FirewallRules: [UDP Query User{03C2BF4A-261D-46E4-94F4-D9B7873E0011}C:\program files\tvuplayer\tvuplayer.exe] => (Block) C:\program files\tvuplayer\tvuplayer.exe
FirewallRules: [{9CFB5ABB-FBC4-42BE-8239-038D8EECB1C5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{8B3B33CE-B8BC-41D7-AF1B-DFA60AD3B971}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{24CABB4B-93D0-4C44-A463-8900EBE5EDD1}C:\program files\surfmusik 3.1\surfmusik.exe] => (Allow) C:\program files\surfmusik 3.1\surfmusik.exe
FirewallRules: [UDP Query User{F4ED6E71-8A33-4359-9C8F-0C9B87ADEF6B}C:\program files\surfmusik 3.1\surfmusik.exe] => (Allow) C:\program files\surfmusik 3.1\surfmusik.exe
FirewallRules: [TCP Query User{088DAB27-BC1D-41D3-9D3A-E18FAE52F782}C:\program files\pplive\pplive.exe] => (Allow) C:\program files\pplive\pplive.exe
FirewallRules: [UDP Query User{8CB6BE55-97C9-4934-9E9F-5F6BE7CFF2E6}C:\program files\pplive\pplive.exe] => (Allow) C:\program files\pplive\pplive.exe
FirewallRules: [{A5A3AB99-EDA7-4674-8366-748883443D34}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{780BE9A6-F38D-4B7C-BAF1-F4D0EFC8FCEA}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{5A9F5D9B-3B12-4786-A7B2-27F6D9DD29D2}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{308AD548-AA6C-4DF5-A90C-436B6E60FAF8}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [TCP Query User{3C6FB0BA-87CE-433E-87BF-027D1741C07B}C:\program files\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{1A18033D-874F-4D7D-825E-465E148B754E}C:\program files\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files\google\google earth\plugin\geplugin.exe
FirewallRules: [{E753399B-0EB6-4E25-BB97-438C1E372876}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{A2668EDD-3310-46A2-95F7-6C94838F2AB5}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{FB2AF1DE-3FE1-400D-B6B7-DC0E919545E7}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{51F0B638-3A0F-4808-B3A2-25793FC9B270}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{F3CFC278-8F5F-4890-A32F-2495364EACD6}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{7A4696BC-0C66-4C61-A67F-B6129CF476AF}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{56D1FA41-4BCB-4B01-AF88-BCB4D4C809F1}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{D65F81F8-CA42-4061-B0E5-625DD0F5BBED}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{9F4645F3-5E13-4006-845C-1A87FA149E83}] => (Allow) LPort=80
FirewallRules: [{BC32EABE-D1BE-43EA-923B-60A0B398D914}] => (Allow) LPort=80
FirewallRules: [{5CB28410-B94A-469D-974D-6F05D2FFC43B}] => (Allow) LPort=80
FirewallRules: [{9F4BACB4-31F5-4BDD-AB40-E061783A63F3}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{023467E8-0BE5-493D-951F-0A16E7051871}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{BEAC78F8-C134-4503-9252-B01C97131481}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{BFFEF07C-CCC5-428D-AD79-11D65B0705DF}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{BF833142-F10C-4382-8F9F-6468D3CB1EC9}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{209F9465-39F1-4052-B15A-2759127B2FF7}C:\program files\jivexdvlight\jre\bin\javaw.exe] => (Allow) C:\program files\jivexdvlight\jre\bin\javaw.exe
FirewallRules: [UDP Query User{C11AB735-3BE2-4B32-80F8-D1573EAD4BEE}C:\program files\jivexdvlight\jre\bin\javaw.exe] => (Allow) C:\program files\jivexdvlight\jre\bin\javaw.exe
FirewallRules: [TCP Query User{8B6AB8B4-2DD2-4A23-812E-90075C822B0B}C:\program files\lancom\advanced vpn client\ncpmon.exe] => (Allow) C:\program files\lancom\advanced vpn client\ncpmon.exe
FirewallRules: [UDP Query User{E783ECEB-C97F-4E59-9224-4325520ACC87}C:\program files\lancom\advanced vpn client\ncpmon.exe] => (Allow) C:\program files\lancom\advanced vpn client\ncpmon.exe
FirewallRules: [TCP Query User{EE642530-844E-4700-AFD2-5F9CD6138942}C:\program files\lancom\advanced vpn client\ncpmon.exe] => (Allow) C:\program files\lancom\advanced vpn client\ncpmon.exe
FirewallRules: [UDP Query User{84443EAE-9CFF-4187-8ED0-28F3C4932916}C:\program files\lancom\advanced vpn client\ncpmon.exe] => (Allow) C:\program files\lancom\advanced vpn client\ncpmon.exe
FirewallRules: [{8DF8D55D-6B19-4635-925B-20BD592ED8AB}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{D497B358-AEA8-4F9D-A1F1-43E755633DC6}C:\program files\itunes\itunes.exe] => (Block) C:\program files\itunes\itunes.exe
FirewallRules: [{A35272B5-48D0-41DC-9894-B7FFC62AC937}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{1526B63F-04F3-4844-A008-2D5906E181C0}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{23BEB9F9-B2C2-42D5-88B2-ADF1AE7EA835}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{C27D7843-EE0C-415F-A5C9-F74870BFC3AA}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{958DE50F-8FB0-4C3E-A1E1-98C027654282}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2389A4C2-7698-4DDE-AA40-E60D568740F1}] => (Allow) LPort=2869
FirewallRules: [{93E9F9FE-1463-4036-833F-B0CC95280471}] => (Allow) LPort=1900
FirewallRules: [{15279C77-74B9-4698-988B-DB0505D25755}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5106BB96-8F63-4A42-812A-DA53647C1540}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{DD9B30AD-D54A-4052-B884-831923B6B53D}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{7A81F545-EF43-4F8F-9509-CA2DAF1C51A2}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{BA80BEE1-CBFF-4AC8-88EA-DAFC800C6746}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{25A500DF-23D8-4850-9BDD-196B3F63225F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{F5F3C801-FC7B-4422-A690-1000E33BEC35}C:\program files\wolterskluwer\gug\server\apache\bin\lexpro_uan_nv_1802.exe] => (Allow) C:\program files\wolterskluwer\gug\server\apache\bin\lexpro_uan_nv_1802.exe
FirewallRules: [UDP Query User{3B8D5BDD-2261-4379-A719-E659959D1625}C:\program files\wolterskluwer\gug\server\apache\bin\lexpro_uan_nv_1802.exe] => (Allow) C:\program files\wolterskluwer\gug\server\apache\bin\lexpro_uan_nv_1802.exe
FirewallRules: [{C598880B-323C-4582-A0D5-37BF730714F9}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\uusee\UUSeePlayer.exe] => Enabled:UUPlayer
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/22/2015 10:32:13 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
Error: (05/22/2015 10:32:13 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
Error: (05/22/2015 10:32:03 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
Error: (05/22/2015 10:32:03 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
Error: (05/22/2015 10:22:59 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {47f768ff-fcb4-48a2-9776-13cbe41012cf}
Error: (05/22/2015 10:20:02 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {47f768ff-fcb4-48a2-9776-13cbe41012cf}
Error: (05/22/2015 10:16:44 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
Error: (05/22/2015 10:16:44 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
Error: (05/22/2015 10:15:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CreateVssExamineWriterMetadata. hr = 0x80042311.
Operation:
Writer Exposing its Metadata
Context:
Execution Context: Requestor
Writer Instance ID: {47F768FF-FCB4-48A2-9776-13CBE41012CF}
Writer Class Id: {E8132975-6F93-4464-A53E-1050253AE220}
Writer Name: System Writer
Error: (05/22/2015 10:15:44 AM) (Source: VSS) (EventID: 8228) (User: )
Description: Fail to parse XML file.
Reason A name contained an invalid character.
Line 0x00000174
Position 0x0000078a
Errorcode 0xc00ce505
Problem text <FILE_LIST path="c:\windows\microsoft.net\framework\v4.0.30319" filespec="system.diagnostics.debug.dll" filespecBackupType="3855"/><FILE_LIST path="c:\windows\microsoft.net\framework\v4.0.30319" filespec="system.web.services.dll" filespecBackupType="3855"/><FILE_LIST path="c:\windows\microsoft.net\framework\v4.0.30319\wpf" filespec="presentationui.dll" filespecBackupType="3855"/><FILE_LIST path="c:\windows\microsoft.net\framework\v4.0.30319\wpf" filespec="system.windows.input.manipulations.dll" filespecBackupType="3855"/><FILE_LIST path="c:\windows\system32\drivers" filespec="mcd.sys" filespecBackupType="3855"/><FILE_LIST path="c:\windows\system32\en-us" filespec="compcln.exe.mui" filespecBackupType="3855"/><FILE_LIST path="c:\windows\system32\en-us" filespec="extrac32.exe.mui" filespecBackupType="3855"/><FILE_LIST path="c:\windows\system32\en-us" filespec="hpojwia.dll.mui" filespecBackupType="3855"/><FILE_LIST path="c:\windows\system32\en-us" filespec="inetcpl.cpl.mui" filespecBackupType="3855"/><FILE_LIST path="c:\windows\system32\en-us" filespec="msdtcvsp1res.dll.mui" filespecBackupType="3855"/><FILE_LIST path="c:\windows\system32\en-us" filespec="winethc.dll.mui" filespecBackupType="3855"/><FILE_LIST path="c:\windows\system32\en-us" filespec="wpdshextautoplay.exe.mui" filespecBackupType="3855"/><FILE_LIST path="c:\windows\system32" filespec="migautoplay.exe" filespecBackupType="3855"/><FILE_LIST path="c:\windows\system32" filespec="system.drv" filespecBackupType="3855"/><FILE_LIST path="c:\windows\system32\wbem" filespec="system.mof" filespecBackupType="3855"/><FILE_LIST path="c:\program files\movie maker\shared\dvdstyles\specialoccasion" filespec="navigationup_selectionsubpicture.png" filespecBackupType="3855"/><FILE_LIST path="c:\windows\ehome\createdisc" filespec="sonicmceburnengineicon.png" filespecBackupType="3855"/><FILE_LIST path="c:\windows\inf" filespec="mdmgsm.inf" filespecBackupTyp</root>
Operation:
Writer Exposing its Metadata
Context:
Execution Context: Requestor
Writer Instance ID: {47F768FF-FCB4-48A2-9776-13CBE41012CF}
Writer Class Id: {E8132975-6F93-4464-A53E-1050253AE220}
Writer Name: System Writer
System errors:
=============
Error: (05/22/2015 10:27:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Apple Mobile Device1600001Restart the service
Error: (05/22/2015 10:14:36 AM) (Source: Schannel) (EventID: 4108) (User: )
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80096004. The SSL connection request has failed. The attached data contains the server certificate.
Error: (05/22/2015 10:08:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Avira Echtzeit Scanner%%1053
Error: (05/22/2015 10:08:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Avira Echtzeit Scanner
Error: (05/22/2015 10:08:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (05/22/2015 10:08:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Avira Planer%%1053
Error: (05/22/2015 10:08:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Avira Planer
Error: (05/22/2015 01:28:37 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000NcpSec
Error: (05/22/2015 00:40:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Software Licensing11200001Restart the service
Error: (05/22/2015 00:39:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Modules Installer23000001Restart the service
Microsoft Office:
=========================
Error: (01/05/2013 10:34:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 28971 seconds with 120 seconds of active time. This session ended with a crash.
Error: (08/15/2012 06:18:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 48 seconds with 0 seconds of active time. This session ended with a crash.
Error: (06/02/2008 10:07:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 114 seconds with 0 seconds of active time. This session ended with a crash.
Error: (12/15/2007 08:42:20 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 22 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2015-05-22 11:10:05.628
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-05-22 11:10:05.043
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-05-22 11:10:04.455
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-05-22 11:10:03.866
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-05-22 11:10:03.033
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-05-22 11:10:02.418
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-05-22 11:10:01.833
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-05-22 11:10:01.218
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-05-22 11:09:12.009
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-05-22 11:09:11.398
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz
Percentage of memory in use: 66%
Total physical RAM: 2549.69 MB
Available physical RAM: 852.42 MB
Total Pagefile: 5320.19 MB
Available Pagefile: 3337.28 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.38 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:141.61 GB) (Free:28.51 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 3DE4A73D)
Partition 1: (Not Active) - (Size=7.4 GB) - (Type=27)
Partition 2: (Active) - (Size=141.6 GB) - (Type=07 NTFS)
==================== End of log ============================
|
|
22.05.2015, 12:47
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Vista - InstallMonetizer.AQ MSIL/BrowseFox.J Toolbar.Widgi.N Systweak.A FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {539F31C0-3B74-40B9-A47D-9655DDEBB7EC} URL =
SearchScopes: HKU\.DEFAULT -> {76D942BC-59C4-4034-B456-48CE494193B8} URL =
Toolbar: HKU\.DEFAULT -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
C:\ProgramData\ezsid.dat
C:\ProgramData\pswi_preloaded.exe
EmptyTemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.05.2015, 18:11
| #10 |
| | Windows Vista - InstallMonetizer.AQ MSIL/BrowseFox.J Toolbar.Widgi.N Systweak.A hier wie gewünscht ie fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x86) Version: 21-05-2015
Ran by Lexy at 2015-05-22 14:31:57 Run:2
Running from C:\Users\Lexy\Desktop
Loaded Profiles: Lexy (Available profiles: Lexy)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {539F31C0-3B74-40B9-A47D-9655DDEBB7EC} URL =
SearchScopes: HKU\.DEFAULT -> {76D942BC-59C4-4034-B456-48CE494193B8} URL =
Toolbar: HKU\.DEFAULT -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
C:\ProgramData\ezsid.dat
C:\ProgramData\pswi_preloaded.exe
EmptyTemp:
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => Key not found.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{539F31C0-3B74-40B9-A47D-9655DDEBB7EC} => Key not found.
HKCR\CLSID\{539F31C0-3B74-40B9-A47D-9655DDEBB7EC} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{76D942BC-59C4-4034-B456-48CE494193B8} => Key not found.
HKCR\CLSID\{76D942BC-59C4-4034-B456-48CE494193B8} => Key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value not found.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value not found.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
"C:\ProgramData\ezsid.dat" => File/Directory not found.
"C:\ProgramData\pswi_preloaded.exe" => File/Directory not found.
EmptyTemp: => Removed 1.4 GB temporary data.
The system needed a reboot.
==== End of Fixlog 16:29:06 ====
|
|
22.05.2015, 21:32
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Vista - InstallMonetizer.AQ MSIL/BrowseFox.J Toolbar.Widgi.N Systweak.A Okay, dann Kontrollscans mit ESET und SC bitte: ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.05.2015, 20:34
| #12 |
| | Windows Vista - InstallMonetizer.AQ MSIL/BrowseFox.J Toolbar.Widgi.N Systweak.A Hallo Cosinus, hier die gewünschten Logs... und vielen Dank für die Tipps und Ratschläge. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ddb4ffd6f730a547b5ffbe1493c91754
# engine=23951
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-05-21 12:43:44
# local_time=2015-05-21 02:43:44 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='AVG AntiVirus Free Edition 2014'
# compatibility_mode=1051 16777213 100 100 96682 119349808 0 0
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 15139 55196218 0 0
# scanned=243990
# found=2
# cleaned=2
# scan_time=9792
sh=FDC2005CED8ACF86C68FE1B86B0698D0539E8CE0 ft=1 fh=1aa6a68885750335 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung (gelöscht (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\Program Files\Avira\AntiVir Desktop\apnstub.exe"
sh=510F9ECCDEF59D5A22F78C368FF1C0782778DCF2 ft=1 fh=9084951344c01481 vn="Win32/OpenCandy potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Lexy\AppData\Local\Temp\60377607-a0fb-49b0-adba-9c435df33687\winamp563_full_emusic-7plus_de-de.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ddb4ffd6f730a547b5ffbe1493c91754
# engine=23978
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-22 09:59:39
# local_time=2015-05-22 11:59:39 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 134894 55315973 0 0
# scanned=70975
# found=0
# cleaned=0
# scan_time=4369
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ddb4ffd6f730a547b5ffbe1493c91754
# engine=23987
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-23 07:24:26
# local_time=2015-05-23 09:24:26 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 211980 55393059 0 0
# scanned=153609
# found=0
# cleaned=0
# scan_time=11860
Code:
ATTFilter Results of screen317's Security Check version 1.001 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Firewall Disabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Secunia PSI (3.0.0.9016) JavaFX 2.1.1 Java 8 Update 45 Adobe Flash Player 17.0.0.169 Adobe Reader 10.1.14 Adobe Reader out of Date! Mozilla Firefox (38.0.1) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` |
|
23.05.2015, 20:40
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Vista - InstallMonetizer.AQ MSIL/BrowseFox.J Toolbar.Widgi.N Systweak.A Sieht gut aus....nur solltest du den Adobe Reader aktualisieren. Ich würde ja sagen, weg mit dem Ding. Das Teil ist Bloat. Lieber PDF-x-Change. Und um hier und da mal ne PDF anzuzeigen reicht der Firefox. Mehr dazu später. Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) empfehle ich die Erweiterung Ghostery, diese verhindert weitgehend Usertracking bzw. das Anzeigen von Werbebannern. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.05.2015, 20:59
| #14 |
| | Windows Vista - InstallMonetizer.AQ MSIL/BrowseFox.J Toolbar.Widgi.N Systweak.A Ghostery habe ich mir die Tage schon besorgt. Aber Danke nochmals für den Tip. Bzgl. Adobe pdf werde ich mich gleich einmal darum kümmern. Lieder stürtzt mein firefox trotzdem immer noch ständig ab. Hier einmal die aktuelle Absturzmeldung: Code:
ATTFilter AdapterDeviceID: 0x2a02
AdapterDriverVersion: 7.14.10.1244
AdapterSubsysID: 00000000
AdapterVendorID: 0x8086
Add-ons: %7BDF153AFF-6948-45d7-AC98-4FC4AF8A08E2%7D:1.3.3,%7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.142,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:38.0.1,%7Bd10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d%7D:2.6.9,firefox%40ghostery.com:5.4.5
AvailablePageFile: 3555729408
AvailablePhysicalMemory: 939393024
AvailableVirtualMemory: 1553313792
BIOS_Manufacturer: Phoenix Technologies LTD
BlockedDllList: rndlmainbrowserrecordplugin.dll;
BreakpadReserveAddress: 36765696
BreakpadReserveSize: 67108864
BuildID: 20150513174244
CrashTime: 1432410614
EMCheckCompatibility: true
FramePoisonBase: 00000000f0de0000
FramePoisonSize: 65536
InstallTime: 1431898094
Notes: DriverVersionMismatch
AdapterVendorID: 0x8086, AdapterDeviceID: 0x2a02, AdapterSubsysID: 00000000, AdapterDriverVersion: 7.14.10.1244
D3D11-WARP? D3D11-WARP+ D3D11 Layers? D3D11 Layers+
ProductID: {ec8030f7-c20a-464f-9b0e-13a3a9e97384}
ProductName: Firefox
ReleaseChannel: release
SecondsSinceLastCrash: 3486
StartupTime: 1432409035
SystemMemoryUsePercentage: 64
Theme: classic/1.0
Throttleable: 1
TotalPageFile: 5576523776
TotalPhysicalMemory: 2673545216
TotalVirtualMemory: 2147352576
URL: hxxp://www.chip.de/?icp2=DLer
Vendor: Mozilla
Version: 38.0.1
Winsock_LSP: MSAFD Tcpip [TCP/IPv6] : 2 : 1 :
MSAFD Tcpip [UDP/IPv6] : 2 : 2 : %SystemRoot%\system32\mswsock.dll
MSAFD Tcpip [RAW/IPv6] : 2 : 3 :
MSAFD Tcpip [TCP/IP] : 2 : 1 : %SystemRoot%\system32\mswsock.dll
MSAFD Tcpip [UDP/IP] : 2 : 2 :
MSAFD Tcpip [RAW/IP] : 2 : 3 : %SystemRoot%\system32\mswsock.dll
RSVP TCPv6 Service Provider : 2 : 1 :
RSVP TCP Service Provider : 2 : 1 : %SystemRoot%\system32\mswsock.dll
RSVP UDPv6 Service Provider : 2 : 2 :
RSVP UDP Service Provider : 2 : 2 : %SystemRoot%\system32\mswsock.dll
MSAFD RfComm [Bluetooth] : 2 : 1 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{90A6A6AD-AE64-455C-AFC9-4C9D72B92A7D}] SEQPACKET 18 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{90A6A6AD-AE64-455C-AFC9-4C9D72B92A7D}] DATAGRAM 18 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B56EAEE0-77CE-4131-AEB8-131983966A68}] SEQPACKET 6 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B56EAEE0-77CE-4131-AEB8-131983966A68}] DATAGRAM 6 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{0D85F191-7A12-4FEB-BEA3-128C9EBA0793}] SEQPACKET 8 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{0D85F191-7A12-4FEB-BEA3-128C9EBA0793}] DATAGRAM 8 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E0A57E45-E85A-4488-8C0B-0BC1B7364430}] SEQPACKET 17 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E0A57E45-E85A-4488-8C0B-0BC1B7364430}] DATAGRAM 17 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9DC925EE-17C8-4C18-85B7-60C378526693}] SEQPACKET 14 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9DC925EE-17C8-4C18-85B7-60C378526693}] DATAGRAM 14 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5C5F5950-F976-45A8-9D86-97A85CBD9DFB}] SEQPACKET 15 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5C5F5950-F976-45A8-9D86-97A85CBD9DFB}] DATAGRAM 15 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B9719C19-4AB7-42D5-B668-F66B22BC7C26}] SEQPACKET 10 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B9719C19-4AB7-42D5-B668-F66B22BC7C26}] DATAGRAM 10 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{2FDD8618-E419-4324-9845-AAA998F2FCAD}] SEQPACKET 11 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{2FDD8618-E419-4324-9845-AAA998F2FCAD}] DATAGRAM 11 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{526788DF-EE70-432B-9FCD-AD8C90BB6FAA}] SEQPACKET 7 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{526788DF-EE70-432B-9FCD-AD8C90BB6FAA}] DATAGRAM 7 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E6389605-1D1B-420C-BD38-2C4BCF9FCA35}] SEQPACKET 3 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E6389605-1D1B-420C-BD38-2C4BCF9FCA35}] DATAGRAM 3 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{A00CC1C0-F7F1-40C1-AEC6-13DE7BF8C499}] SEQPACKET 1 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{A00CC1C0-F7F1-40C1-AEC6-13DE7BF8C499}] DATAGRAM 1 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F3190096-33E1-494F-8233-2FE9ECE13E18}] SEQPACKET 5 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F3190096-33E1-494F-8233-2FE9ECE13E18}] DATAGRAM 5 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5C5F5950-F976-45A8-9D86-97A85CBD9DFB}] SEQPACKET 16 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5C5F5950-F976-45A8-9D86-97A85CBD9DFB}] DATAGRAM 16 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip_{B9719C19-4AB7-42D5-B668-F66B22BC7C26}] SEQPACKET 13 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{B9719C19-4AB7-42D5-B668-F66B22BC7C26}] DATAGRAM 13 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip_{2FDD8618-E419-4324-9845-AAA998F2FCAD}] SEQPACKET 12 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{2FDD8618-E419-4324-9845-AAA998F2FCAD}] DATAGRAM 12 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip_{526788DF-EE70-432B-9FCD-AD8C90BB6FAA}] SEQPACKET 9 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{526788DF-EE70-432B-9FCD-AD8C90BB6FAA}] DATAGRAM 9 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip_{E6389605-1D1B-420C-BD38-2C4BCF9FCA35}] SEQPACKET 2 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{E6389605-1D1B-420C-BD38-2C4BCF9FCA35}] DATAGRAM 2 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip_{A00CC1C0-F7F1-40C1-AEC6-13DE7BF8C499}] SEQPACKET 0 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{A00CC1C0-F7F1-40C1-AEC6-13DE7BF8C499}] DATAGRAM 0 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F3190096-33E1-494F-8233-2FE9ECE13E18}] SEQPACKET 4 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F3190096-33E1-494F-8233-2FE9ECE13E18}] DATAGRAM 4 : 2 : 2 :
useragent_locale: de
Diese Meldung enthält Informationen über den Status der Anwendung zum Zeitpunkt des Absturzes.
|
|
23.05.2015, 21:13
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Vista - InstallMonetizer.AQ MSIL/BrowseFox.J Toolbar.Widgi.N Systweak.A Erstell dir mal ein neues Profil und teste: Firefox => http://support.mozilla.com/de/kb/Profile%20verwalten Chrome => https://support.google.com/chrome/answer/3296214?hl=de
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Windows Vista - InstallMonetizer.AQ MSIL/BrowseFox.J Toolbar.Widgi.N Systweak.A |
| .dll, administrator, adobe, avast, avg, avira, bonjour, browser, chromium, coupons, defender, explorer, firefox, flash player, home, homepage, mozilla, registry, scan, security, software, svchost.exe, system, temp, virus, vista, win32/toolbar.widgi.n, windows, winlogon.exe |
dann auf 
und dann auf 
. 
Linear-Darstellung
