Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows Vista - InstallMonetizer.AQ MSIL/BrowseFox.J Toolbar.Widgi.N Systweak.A (https://www.trojaner-board.de/167117-windows-vista-installmonetizer-aq-msil-browsefox-j-toolbar-widgi-n-systweak-a.html)

alexbk 20.05.2015 21:45
Windows Vista - InstallMonetizer.AQ MSIL/BrowseFox.J Toolbar.Widgi.N Systweak.A
 
Aus irgendwelchen Gründen stürtzt Firefox ständig ab.


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-05-2015
Ran by Lexy (administrator) on LEXY-PC on 20-05-2015 19:12:25
Running from C:\Users\Lexy\Desktop
Loaded Profiles: Lexy (Available profiles: Lexy)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sony Corporation) C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
(NCP engineering GmbH) C:\Program Files\LANCOM\Advanced VPN Client\NcpBudgetGui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(NCP engineering GmbH) C:\Program Files\LANCOM\Advanced VPN Client\ncpclcfg.exe
(NCP Engineering GmbH) C:\Program Files\LANCOM\Advanced VPN Client\ncprwsnt.exe
() C:\Program Files\LANCOM\Advanced VPN Client\NCPSEC.EXE
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(SigmaTel, Inc.) C:\Windows\System32\stacsv.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Expert System S.p.A.) C:\Program Files\Duden\Duden Korrektor\DKCore.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
() C:\Program Files\Opera\29.0.1795.47\opera_autoupdate.exe
(Opera Software ASA) C:\Windows\Temp\Opera Autoupdate\cprogram filesopera\2780_27278\Opera_Stable_29.0.1795.60-29.0.1795.47_Patch.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ESET) C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
() C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [NcpBudgetGui] => C:\Program Files\LANCOM\Advanced VPN Client\NcpBudgetGui.exe [999424 2013-11-13] (NCP engineering GmbH)
HKLM\...\Run: [NcpPopup] => C:\Program Files\LANCOM\Advanced VPN Client\ncppopup.exe [1011280 2012-03-20] (NCP engineering GmbH)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-04-02] (RealNetworks, Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
Winlogon\Notify\VESWinlogon: C:\Windows\SYSTEM32\VESWinlogon.dll [2007-07-25] (Sony Corporation)
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {11b66750-b5e2-11de-9df8-001bfb57dcd1} - explorer .\Start.htm
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {39296a35-1998-11e1-b200-001e101f1838} - F:\AutoRun.exe
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {858936fd-2a7a-11e1-9f04-001a804a3ef4} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {8bdb5a25-1eb6-11dd-a0f9-001bfb57dcd1} - G:\InstallTomTomHOME.exe
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {90147ad3-cb2b-11e0-a807-001a804a3ef4} - F:\AutoRun.exe
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {90147b0c-cb2b-11e0-a807-001e101f82a0} - F:\AutoRun.exe
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {f83f8188-d23d-11e0-9eab-001e101f4da1} - F:\AutoRun.exe
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> none
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => "C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-03-23]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search.yahoo.com?type=668083&fr=spigot-yhp-ie
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2
URLSearchHook: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 - IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\7.3\iobitToolbarIE.dll No File
URLSearchHook: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.3\iobitappsToolbarIE.dll No File
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM -> {539F31C0-3B74-40B9-A47D-9655DDEBB7EC} URL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=sny_ie7
SearchScopes: HKU\.DEFAULT -> DefaultScope {3AD58498-B64A-4094-913D-BCA865C6027E} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=668083&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {3AD58498-B64A-4094-913D-BCA865C6027E} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=668083&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {539F31C0-3B74-40B9-A47D-9655DDEBB7EC} URL =
SearchScopes: HKU\.DEFAULT -> {76D942BC-59C4-4034-B456-48CE494193B8} URL =
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> DefaultScope {76D942BC-59C4-4034-B456-48CE494193B8} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {0E8310AC-7BDC-4C45-8159-319CC44B4E9A} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B8A10200B48583FC&affID=119357&tt=240913_246&tsp=5016
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {539F31C0-3B74-40B9-A47D-9655DDEBB7EC} URL =
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {559EBC72-CCE9-42AE-8E31-119F867AC22D} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {5AFA46B7-57B8-4318-BC64-44C5A7F12DDE} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=068d8e74-f9ba-11e0-8b53-001a804a3ef4&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {76D942BC-59C4-4034-B456-48CE494193B8} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {CF739809-1C6C-47C0-85B9-569DBB141420} URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=DVS
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2014-03-20] (IObit)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://navigram.com/engine/v1140/Navigram.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-07-12] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-02-18] (DivX, LLC)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-02-18] (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @innoplus.de/ino3DViewer -> C:\Program Files\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll [2008-11-26] (INNOVA-engineering GmbH Dresden)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files\Virtual Earth 3D\ [2010-04-26] ()
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-09-27] (Google)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-04-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2009-04-15] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-04-02] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3626444559-52657498-4274862289-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Lexy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-11-13] (Citrix Online)
FF user.js: detected! => C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\user.js [2013-09-25]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2008-06-02] (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-04-02] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-04-02] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2011-10-03] (vShare.tv )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012-06-20] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\searchplugins\babylon.xml [2013-05-27]
FF SearchPlugin: C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\searchplugins\delta.xml [2013-05-27]
FF Extension: Yontoo - C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\plugin@yontoo.com [2013-04-09]
FF Extension: Bitdefender QuickScan - C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2015-05-20]
FF Extension: FreeHDSport TV - C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\fhdp@fhdp.tv.xpi [2013-04-09]
FF Extension: Ghostery - C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\firefox@ghostery.com.xpi [2015-05-15]
FF Extension: NoScript - C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-12-15]
FF Extension: Adblock Plus - C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-22]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-16]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-16]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord [2009-04-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-25]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-02]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2012-09-08]

Chrome:
=======
CHR Profile: C:\Users\Lexy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Tube Karaoke) - C:\Users\Lexy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgnhgbflngpggpmpfdkhmhmfdophhepe [2013-05-27]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Lexy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-04-14]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Lexy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-05-27]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.0.crx [2012-11-22]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx [2013-07-05]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [kkfggacklibaabdomphfdpcodjgihgon] - C:\Program Files\ATDheNetTVApp.com\stv10.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files\vShare.tv plugin\vshareplg.crx [2011-08-31]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx [2013-04-26]
CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files\Yontoo\YontooLayers.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2011-12-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2011-12-15] (Avira Operations GmbH & Co. KG)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2009-07-20] (Logitech, Inc.)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-03-20] (IObit)
S4 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 ncpclcfg; C:\Program Files\LANCOM\Advanced VPN Client\ncpclcfg.exe [150800 2013-10-28] (NCP engineering GmbH)
R2 ncprwsnt; C:\Program Files\LANCOM\Advanced VPN Client\ncprwsnt.exe [1400584 2014-02-28] (NCP Engineering GmbH)
R2 NcpSec; C:\Program Files\LANCOM\Advanced VPN Client\NCPSEC.EXE [119808 2011-04-21] () [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S4 serviceIEConfig; C:\Windows\System32\ieconfig_1und1_svc.exe [662416 2009-04-15] (mquadr.at softwareengineering und consulting gmbh)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S4 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [File not signed]
R2 STacSV; C:\Windows\system32\stacsv.exe [94208 2007-06-12] (SigmaTel, Inc.)
S4 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [104960 2007-11-09] (ArcSoft, Inc.)
S4 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2007-06-28] (Sony Corporation) [File not signed]
S4 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182392 2007-07-25] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2523136 2007-06-21] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-IntegratedServer-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-06-21] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-06-21] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-Mobile-Gateway; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [499712 2007-06-21] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-11] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-UCLS-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-06-21] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-06-21] (Sony Corporation) [File not signed]
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [333088 2008-03-03] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2007-06-28] (Sony Corporation) [File not signed]
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1228336 2014-02-27] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [188416 2007-06-28] (Sony Corporation) [File not signed]
R2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [184320 2007-06-28] (Sony Corporation) [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2009-11-13] (WDC) [File not signed]
R2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S4 Application Updater; "C:\Program Files\Application Updater\ApplicationUpdater.exe" [X]
S2 Yontoo Desktop Updater; "C:\Program Files\Yontoo\Y2Desktop.Updater.exe" "C:\Users\Lexy\AppData\Roaming\Yontoo\YontooDesktop.exe"

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [74640 2011-12-15] (Avira GmbH)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137416 2012-02-15] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-12-15] (Avira GmbH)
R1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [9072 2008-07-04] (Sonic Solutions)
R1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [9200 2008-07-04] (Sonic Solutions)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
S3 GigasetGenericUSB; C:\Windows\System32\DRIVERS\GigasetGenericUSB.sys [44032 2012-10-08] (Siemens Home and Office Communication Devices GmbH & Co. KG)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 ncpfilt; C:\Windows\System32\DRIVERS\ncplelhp.sys [87888 2014-02-28] (NCP Engineering GmbH)
R3 ncplelhp; C:\Windows\System32\DRIVERS\ncplelhp.sys [87888 2014-02-28] (NCP Engineering GmbH)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
S3 SonyImgF; C:\Windows\System32\DRIVERS\SonyImgF.sys [31104 2007-04-05] (Sony Corporation) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2010-02-25] () [File not signed]
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-06-12] (SigmaTel, Inc.)
R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2007-06-05] (Texas Instruments)
S3 w800bus; C:\Windows\System32\DRIVERS\w800bus.sys [60768 2005-06-13] (MCCI)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 ivusb; system32\DRIVERS\ivusb.sys [X]
S3 nmwcdnsu; system32\drivers\nmwcdnsu.sys [X]
S3 nmwcdnsuc; system32\drivers\nmwcdnsuc.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
U5 usbser; C:\Windows\System32\Drivers\usbser.sys [27648 2009-04-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 19:12 - 2015-05-20 19:15 - 00034646 _____ () C:\Users\Lexy\Desktop\FRST.txt
2015-05-20 19:11 - 2015-05-20 19:12 - 00000000 ____D () C:\FRST
2015-05-20 19:07 - 2015-05-20 19:08 - 00000470 _____ () C:\Users\Lexy\Desktop\defogger_disable.log
2015-05-20 19:07 - 2015-05-20 19:07 - 00000000 _____ () C:\Users\Lexy\defogger_reenable
2015-05-20 19:04 - 2015-05-20 19:04 - 00050477 _____ () C:\Users\Lexy\Desktop\Defogger.exe
2015-05-20 18:59 - 2015-05-20 18:59 - 01146880 _____ (Farbar) C:\Users\Lexy\Desktop\FRST.exe
2015-05-20 15:53 - 2015-05-20 15:53 - 00000000 ____D () C:\Program Files\ESET
2015-05-20 15:51 - 2015-05-20 15:51 - 02347384 _____ (ESET) C:\Users\Lexy\Downloads\esetsmartinstaller_enu.exe
2015-05-20 12:44 - 2015-05-20 12:44 - 00001842 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-20 12:43 - 2015-05-20 12:44 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-18 20:43 - 2015-05-18 20:43 - 01046430 _____ () C:\Users\Lexy\Downloads\STANDING.pdf.part
2015-05-18 00:21 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-05-18 00:21 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-05-18 00:21 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-05-18 00:21 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-05-18 00:21 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-18 00:21 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-05-18 00:21 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-18 00:21 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-18 00:21 - 2015-04-19 22:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-18 00:21 - 2015-04-19 06:59 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-17 23:27 - 2015-05-17 23:27 - 00000852 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-17 23:24 - 2015-05-17 23:25 - 00243656 _____ () C:\Users\Lexy\Downloads\Firefox Setup Stub 38.0.1(1).exe
2015-05-17 23:24 - 2015-05-17 23:24 - 00243656 _____ () C:\Users\Lexy\Downloads\Firefox Setup Stub 38.0.1.exe
2015-05-17 19:52 - 2015-04-10 17:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-17 19:52 - 2015-04-10 17:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-17 19:52 - 2015-04-10 17:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-17 19:52 - 2015-04-10 17:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-17 19:52 - 2015-04-10 17:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-17 19:52 - 2015-04-10 17:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-17 19:52 - 2015-04-10 17:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-17 19:52 - 2015-04-10 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-17 19:52 - 2015-04-10 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-17 19:52 - 2015-04-10 17:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-17 19:52 - 2015-04-10 17:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-17 19:52 - 2015-04-10 17:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-17 19:52 - 2015-04-10 17:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-17 19:52 - 2015-04-10 17:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-17 19:51 - 2015-04-10 17:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-17 19:07 - 2015-01-29 03:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-05-17 19:06 - 2015-01-29 03:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-05-17 19:04 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-05-17 19:04 - 2014-08-27 02:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-05-17 19:02 - 2014-06-16 00:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-05-17 19:02 - 2014-06-13 20:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-05-17 19:02 - 2014-06-13 20:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-05-17 19:00 - 2014-12-19 02:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-05-17 19:00 - 2014-10-10 03:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-05-17 19:00 - 2014-10-10 03:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-17 19:00 - 2014-10-10 01:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-17 18:58 - 2014-11-04 02:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-05-17 18:56 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-17 18:56 - 2015-03-05 04:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-17 18:56 - 2015-01-15 06:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-17 18:56 - 2014-10-10 03:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-17 18:47 - 2014-10-24 03:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-17 18:46 - 2015-03-05 04:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-05-17 18:46 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-17 18:45 - 2015-03-14 04:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-17 18:45 - 2015-03-13 03:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-05-17 18:45 - 2015-03-13 03:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-17 18:45 - 2015-01-09 04:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-17 18:45 - 2015-01-09 02:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-17 18:45 - 2014-10-24 03:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-05-17 18:31 - 2014-11-26 04:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-05-17 18:30 - 2015-02-20 04:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-05-17 18:30 - 2015-02-20 02:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-05-17 18:26 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-17 18:19 - 2015-05-17 18:21 - 00000000 ____D () C:\Users\Lexy\AppData\Local\PDFCreator
2015-05-17 18:18 - 2015-01-21 04:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-05-17 18:17 - 2014-08-12 04:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-05-17 18:11 - 2015-05-17 18:11 - 00000832 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2015-05-17 18:11 - 2015-05-17 18:11 - 00000000 ____D () C:\Users\Lexy\AppData\Roaming\pdfforge
2015-05-17 18:11 - 2015-05-17 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-05-17 18:10 - 2014-10-13 03:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-05-17 18:06 - 2015-05-17 18:08 - 27837984 _____ (pdfforge ) C:\Users\Lexy\Downloads\PDFCreator-2_1_1-setup.exe
2015-05-17 18:06 - 2015-05-17 18:08 - 27837984 _____ (pdfforge ) C:\Users\Lexy\Downloads\PDFCreator-2_1_1-setup(1).exe
2015-05-16 10:28 - 2014-12-06 05:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-05-16 10:28 - 2014-10-03 03:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-05-16 10:28 - 2014-10-03 03:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-05-16 10:28 - 2014-10-03 03:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-05-16 10:28 - 2014-10-03 03:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-05-16 10:27 - 2015-02-18 04:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-05-16 10:27 - 2014-12-06 05:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-05-16 10:27 - 2014-12-06 05:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-05-16 10:24 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-16 10:19 - 2014-09-05 01:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2015-05-16 10:15 - 2014-12-08 03:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-05-16 10:14 - 2014-12-06 05:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-05-15 18:05 - 2015-05-15 18:07 - 00000000 ____D () C:\Users\Lexy\Desktop\STICK
2015-05-14 07:29 - 2015-05-14 07:29 - 00000000 ____D () C:\Users\Lexy\AppData\Local\Avg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 19:15 - 2007-12-04 00:42 - 00000000 ____D () C:\Users\Lexy\AppData\Roaming\Skype
2015-05-20 19:07 - 2007-11-24 16:31 - 00000000 ____D () C:\Users\Lexy
2015-05-20 18:57 - 2014-01-11 23:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-20 17:51 - 2014-04-09 23:33 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-20 17:44 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-20 17:44 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-20 16:26 - 2012-03-02 22:04 - 01719885 _____ () C:\Windows\WindowsUpdate.log
2015-05-20 15:45 - 2014-01-27 23:15 - 00000000 ____D () C:\Users\Lexy\AppData\Roaming\QuickScan
2015-05-20 14:05 - 2013-12-15 11:33 - 00000820 _____ () C:\Windows\Tasks\Google Software Updater.job
2015-05-20 12:46 - 2011-01-26 23:43 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-05-20 11:46 - 2012-01-26 23:16 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-05-20 11:44 - 2014-02-22 18:47 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-20 11:44 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-20 00:00 - 2007-08-02 04:03 - 00003204 _____ () C:\Windows\bthservsdp.dat
2015-05-20 00:00 - 2006-11-02 15:01 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-19 23:02 - 2012-07-17 20:24 - 00001752 ____H () C:\Users\Lexy\Documents\Default.rdp
2015-05-19 13:38 - 2014-04-07 21:35 - 00000000 ____D () C:\Program Files\Opera
2015-05-18 21:32 - 2014-02-22 18:47 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-18 21:18 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-18 20:10 - 2013-07-16 10:40 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-18 16:25 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2015-05-18 16:14 - 2006-11-02 12:33 - 00006798 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-18 16:06 - 2006-11-02 14:47 - 00442120 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-18 16:03 - 2014-02-16 21:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-18 16:03 - 2013-12-29 11:59 - 00476448 _____ () C:\Windows\PFRO.log
2015-05-18 16:03 - 2013-03-21 23:53 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-18 00:23 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2015-05-18 00:23 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-17 23:27 - 2011-03-26 17:44 - 00000864 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-17 19:06 - 2007-10-10 05:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-17 18:12 - 2012-10-14 20:20 - 00000000 ____D () C:\Program Files\PDFCreator
2015-05-17 17:57 - 2011-06-16 19:53 - 00002455 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-16 10:21 - 2010-06-07 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-16 10:20 - 2008-06-01 14:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-16 10:09 - 2014-05-20 21:35 - 00000978 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2015-05-15 18:57 - 2012-05-17 08:07 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-15 18:57 - 2011-08-02 18:24 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-14 07:45 - 2007-12-04 00:38 - 00000000 ____D () C:\ProgramData\Skype
2015-05-14 07:32 - 2014-04-09 23:39 - 00000858 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2015-05-14 07:20 - 2014-03-20 21:18 - 00000000 ____D () C:\ProgramData\ProductData
2015-04-30 10:07 - 2006-11-02 12:24 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Files in the root of some directories =======

2007-03-12 18:59 - 2007-03-12 18:59 - 0299008 _____ () C:\Program Files\navigram_register.exe
2011-08-02 18:27 - 2011-07-14 10:31 - 1456640 _____ () C:\Program Files\Common Files\Falk Navi-Manager.msi
2008-05-10 21:31 - 2009-03-21 15:27 - 0000000 _____ () C:\Users\Lexy\AppData\Roaming\AVSDVDPlayer.m3u
2012-07-11 22:12 - 2012-07-11 22:15 - 0002415 _____ () C:\Users\Lexy\AppData\Roaming\hamster_installer_log.txt
2008-10-04 13:13 - 2011-06-12 21:19 - 0027657 _____ () C:\Users\Lexy\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2008-12-29 20:38 - 2011-04-11 22:20 - 0009521 _____ () C:\Users\Lexy\AppData\Roaming\mdbu.bin
2009-10-04 12:02 - 2009-10-04 12:02 - 0000760 _____ () C:\Users\Lexy\AppData\Roaming\setup_ldm.iss
2014-06-19 08:11 - 2014-06-19 08:11 - 0000024 _____ () C:\Users\Lexy\AppData\Roaming\temp.ini
2012-01-26 23:34 - 2012-01-26 23:34 - 0020289 _____ () C:\Users\Lexy\AppData\Roaming\UserTile.png
2007-11-25 02:26 - 2007-12-05 21:36 - 0000572 _____ () C:\Users\Lexy\AppData\Roaming\wklnhst.dat
2010-11-20 22:11 - 2012-06-11 01:14 - 0001188 _____ () C:\Users\Lexy\AppData\Local\crc32list11.txt
2007-12-04 00:39 - 2007-12-04 00:39 - 0000552 _____ () C:\Users\Lexy\AppData\Local\d3d8caps.dat
2008-02-22 20:02 - 2012-03-02 23:32 - 0001356 _____ () C:\Users\Lexy\AppData\Local\d3d9caps.dat
2007-11-24 16:39 - 2014-02-08 11:33 - 0154624 _____ () C:\Users\Lexy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-11 22:15 - 2012-07-11 22:15 - 0000393 _____ () C:\Users\Lexy\AppData\Local\HamsterVideoConverterSettings.cfg
2009-03-10 22:38 - 2009-04-15 09:29 - 0000089 _____ () C:\Users\Lexy\AppData\Local\qeymg.bat
2009-04-07 17:08 - 2009-04-10 08:44 - 0313413 _____ () C:\Users\Lexy\AppData\Local\ywwamqw_nav.dat
2014-01-27 23:49 - 2014-01-27 23:49 - 0764668 _____ () C:\ProgramData\1390858327.bdinstall.bin
2014-03-22 21:47 - 2014-03-22 21:47 - 0092109 _____ () C:\ProgramData\1395517664.bdinstall.bin
2014-03-22 21:50 - 2014-03-22 21:50 - 0250923 _____ () C:\ProgramData\1395517667.bdinstall.bin
2007-12-05 21:11 - 2007-12-05 21:11 - 0000032 _____ () C:\ProgramData\ezsid.dat
2008-06-01 14:36 - 2008-06-01 14:36 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-11-01 14:35 - 2011-05-20 18:00 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt
2007-10-10 05:18 - 2007-10-10 05:19 - 1132112 _____ () C:\ProgramData\pswi_preloaded.exe

Files to move or delete:
====================
C:\ProgramData\ezsid.dat
C:\ProgramData\pswi_preloaded.exe


Some content of TEMP:
====================
C:\Users\Lexy\AppData\Local\Temp\DivXSetup.exe
C:\Users\Lexy\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Lexy\AppData\Local\Temp\GLF20FD.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF3105.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF3A3F.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF4AE.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF5263.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF5EED.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF6219.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF6756.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF6802.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF6FA0.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF7A24.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF878C.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF936A.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF9BC8.EXE
C:\Users\Lexy\AppData\Local\Temp\GLFD436.EXE
C:\Users\Lexy\AppData\Local\Temp\GLFE24B.EXE
C:\Users\Lexy\AppData\Local\Temp\GLFE8BE.EXE
C:\Users\Lexy\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Lexy\AppData\Local\Temp\lowproc.exe
C:\Users\Lexy\AppData\Local\Temp\promote-upx.exe
C:\Users\Lexy\AppData\Local\Temp\SHSetup.exe
C:\Users\Lexy\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Lexy\AppData\Local\Temp\stubhelper.dll
C:\Users\Lexy\AppData\Local\Temp\updatepackasc.exe
C:\Users\Lexy\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Lexy\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Lexy\AppData\Local\Temp\_is6F6D.exe
C:\Users\Lexy\AppData\Local\Temp\_is98DD.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-20 12:04

==================== End Of Log ============================
--- --- ---


Code:
C:\Program Files\IObit Apps Toolbar\WidgiHelper.exe        a variant of Win32/Toolbar.Widgi.N potentially unwanted application        deleted - quarantined
C:\Program Files\IObit Toolbar\WidgiHelper.exe        a variant of Win32/Toolbar.Widgi.N potentially unwanted application        deleted - quarantined
C:\Users\Lexy\AppData\Roaming\Yontoo\dat\DIBS.dat        a variant of MSIL/BrowseFox.J potentially unwanted application        deleted - quarantined
C:\Users\Lexy\Downloads\PDFCreator-2_1_1-setup(1).exe        Win32/InstallMonetizer.AQ potentially unwanted application        deleted - quarantined
C:\Users\Lexy\Downloads\PDFCreator-2_1_1-setup.exe        Win32/InstallMonetizer.AQ potentially unwanted application        deleted - quarantined
C:\Windows\System32\roboot.exe        a variant of Win32/Systweak.A potentially unwanted application        deleted - quarantined

alexbk 20.05.2015 21:47
Addition

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-05-2015
Ran by Lexy at 2015-05-20 19:16:52
Running from C:\Users\Lexy\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3626444559-52657498-4274862289-500 - Administrator - Disabled)
Guest (S-1-5-21-3626444559-52657498-4274862289-501 - Limited - Disabled)
Lexy (S-1-5-21-3626444559-52657498-4274862289-1002 - Administrator - Enabled) => C:\Users\Lexy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D-Viewer-innoPlus (HKLM\...\{B96DB037-DBEA-4186-9081-9CBD537F82E8}) (Version: 10.00.0119 - INNOVA-engineering GmbH)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Adobe SVG Viewer (HKLM\...\Adobe SVG Viewer) (Version: 1.0 - Adobe Systems, Inc.)
AFPL Ghostscript 8.54 (HKLM\...\AFPL Ghostscript 8.54) (Version:  - )
AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version:  - )
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-i Visual Effects Installer (HKLM\...\{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}) (Version:  - ArcSoft)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4311 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
AVS DVD Player version 2.4 (HKLM\...\AVS DVD Player_is1) (Version:  - Online Media Technologies Ltd.)
Bing Maps 3D (HKLM\...\{2D87E961-577B-492B-AD54-1368680FB9A7}) (Version: 4.0.903.16005 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CadStd (HKLM\...\CadStd) (Version: 3.7.4 - Apperson & Daughters)
CanoScan Toolbox Ver4.1 (HKLM\...\{BCE46757-7674-4416-BEDB-68205A60409E}) (Version:  - )
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Citrix Online Launcher (HKLM\...\{307ECD26-43D7-4AD4-82CF-794B63EDF096}) (Version: 1.0.141 - Citrix)
Click to DVD 2.0.05 Menu Data (HKLM\...\{9E407618-D9CD-4F39-9490-9ED45294073D}) (Version: 2.0.05 - Sony Corporation)
Click to DVD 2.6.00 (HKLM\...\{E809063C-51A3-4269-8984-D1EB742F2151}) (Version: 2.6.00 - Sony Corporation)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
DSD Direct (HKLM\...\{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}) (Version: 2.0.01 - Sony Corporation)
DSD Playback Plug-in (HKLM\...\{009E7FB7-1775-4D89-8956-F5C9A1C019FC}) (Version: 1.1 - Sony Corporation)
DSL Connection Manager (Version: 2.0.0.17 - Telefónica o2 Germany GmbH & Co. OHG) Hidden
Duden Korrektor PLUS (HKLM\...\InstallShield_{541E5E15-7186-4395-9593-16D02765FF27}) (Version: 5.00.1507.00 - Duden)
Duden Korrektor PLUS (Version: 5.00.1507.00 - Duden) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Falk Navi-Manager (Version: 2.1.0.0 - Falk Marcopolo Interactive GmbH) Hidden
Falk Navi-Manager (Version: 2.7.0 - Falk Navigation GmbH) Hidden
Favorit (HKLM\...\qeymg) (Version:  - )
GearDrvs (Version: 1 - Symantec Corporation) Hidden
Gigaset QuickSync (HKLM\...\{627673ff-f4ea-43fd-893d-28fc6176fb2d}) (Version: 8.0.0856.1 - Gigaset Communications GmbH)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GoToMeeting 5.9.0.1207 (HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)
GPL Ghostscript 9.00 (HKLM\...\GPL Ghostscript 9.00) (Version:  - )
GuG - Grundstücksmarkt und Grundstückswert (HKLM\...\{B4ACF448-765F-45B0-9C2A-05E426600A4C}) (Version: 1.0 - Wolters Kluwer Deutschland Information Services GmbH)
HDAUDIO SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200) (Version:  - )
Instant Mode (HKLM\...\{E6707034-D7A4-49B1-94D0-F5AACE46F06C}) (Version: 1.0.2 - InterVideo)
IObit Apps Toolbar v7.3 (HKLM\...\{BB398653-2180-436A-ACA8-33B6F98135F5}) (Version: 7.3 - Spigot, Inc.) <==== ATTENTION
IObit Toolbar Removal Tool (HKLM\...\IObit Toolbar Removal Tool_is1) (Version: build_1.0.0.142_rev_3343_date_12:50:45 28-02-14 - Security Stronghold) <==== ATTENTION
IObit Toolbar v7.3 (HKLM\...\{5ACE806A-910C-4D00-8347-A5426875BAF7}) (Version: 7.3 - Spigot, Inc.) <==== ATTENTION
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 3.2.9.10 - IObit)
iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JiveX DICOM Viewer Light 4.4.2 (HKLM\...\JiveX DICOM Viewer Light 4.4.2) (Version:  - VISUS Technology Transfer GmbH)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
LANCOM Advanced VPN Client (HKLM\...\NCP RWS/GA) (Version: 2.32 Build 218 - LANCOM Systems GmbH)
LocationFree Player (HKLM\...\{D937DD80-3928-4617-876F-538A25AECB17}) (Version: 3.02.0000 - Sony Corporation)
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 16.002.03.02.511 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 38.0.1 (x86 de) (HKLM\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.3.01.13160 - Sony Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.2 - F.J. Wechselberger)
NAVIGON Fresh 3.4.1 (HKLM\...\NAVIGON Fresh) (Version: 3.4.1 - NAVIGON)
Norton 360 (Version: 1.2.0.10 - Symantec Corporation) Hidden
Office-Bibliothek (HKLM\...\{5C81B189-5456-40C4-9313-7FE6FA6DD64C}) (Version: 5.00.3 - Bibliographisches Institut & F.A. Brockhaus AG)
Online Foto Print System ( OFPS Printax Foto+Medienlabor ) (HKLM\...\Online Foto Print System (printax)) (Version:  - )
OpenMG Limited Patch 4.7-07-15-19-01 (HKLM\...\OpenMG HotFix4.7-07-13-22-01) (Version:  - )
OpenMG Secure Module 4.7.00 (HKLM\...\InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation)
OpenMG Secure Module 4.7.00 (Version: 4.7.00.12140 - Sony Corporation) Hidden
Opera Stable 29.0.1795.47 (HKLM\...\Opera 29.0.1795.47) (Version: 29.0.1795.47 - Opera Software ASA)
PDF Blender (HKLM\...\PDF Blender) (Version:  - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.1 - pdfforge)
Primo (Version: 1.00.0000 - Your Company Name) Hidden
QuickBooks Product Listing Service (HKLM\...\{91208A47-5D08-4C79-986F-1931940F51BB}) (Version: 2.0.148 - Intuit)
RamBooster (HKLM\...\{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}) (Version: 2.0 - RamBooster) <==== ATTENTION
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version:  - )
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Regel 7.0 Standard Demo (HKLM\...\Regel 7.0 Standard Demo) (Version: 7.01 - HPW-Software)
Runtime (Version: 1.00.0000 - Your Company Name) Hidden
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Samsung New PC Studio USB Driver Installer (HKLM\...\InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio USB Driver Installer (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Samsung PC Studio 3 USB Driver Installer (HKLM\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Samsung Samples Installer (HKLM\...\{7AC15160-A49B-4A89-B181-D4619C025FFF}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
SAMSUNG SYMBIAN USB Download Driver (HKLM\...\{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}) (Version: 1.1.808.7165 - SAMSUNG Electronics CO,.LTD)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.103.0 - SAMSUNG Electronics Co., Ltd.)
SamsungConnectivityCableDriver (HKLM\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung)
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Setting Utility Series (HKLM\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 3.0.00.07240 - Sony Corporation)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.13 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
SlimDX Redistributable (June 2010) (HKLM\...\{354D00E0-C7C9-4BC1-BC12-08C4977AA827}) (Version: 2.0.10.43 - SlimDX Group)
SonicStage Mastering Studio Audio Filter (HKLM\...\{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}) (Version: 2.3.01 - Sony Corporation)
SonicStage Mastering Studio Audio Filter Custom Preset (HKLM\...\{EC37A846-53AC-4DA7-98FA-76A4E74AA900}) (Version: 2.3 - Sony Corporation)
SonicStage Mastering Studio Plugins (HKLM\...\{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}) (Version: 2.4 - Sony Corporation)
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 4.2.11.14260 - Sony Corporation)
Sony Video Shared Library (HKLM\...\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}) (Version: 3.2.00 - Sony Corporation)
Sublight (HKLM\...\Sublight_is1) (Version: 4.0.0 - Sublight Labs)
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Sweet Home 3D version 3.5 (HKLM\...\Sweet Home 3D_is1) (Version:  - eTeks)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
t@x 2014 (HKLM\...\{2547CF96-DBB7-4EDD-9327-0EFDD0D1FA8A}) (Version: 21.00.8480 - Buhl Data Service GmbH)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.16642 - TeamViewer)
TVUPlayer 2.5.2.2 (HKLM\...\TVUPlayer) (Version: 2.5.2.2 - TVU networks)
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
UUSEE(ÓÆÊÓÍøÂçµçÊÓ) 4.3.6.5 (HKLM\...\UUSEE(ÓÆÊÓÍøÂçµçÊÓ)) (Version: 4.3.6.5 - UUSee company, Inc.)
VAIO Azure Float Wallpaper (HKLM\...\{0312BD0D-A1FE-4E1A-9208-D436F566D867}) (Version: 1.0.00.10100 - Sony Corporation)
VAIO Camera Capture Utility (HKLM\...\{6D2576EC-A0E9-418A-A09A-409933A3B6F4}) (Version: 2.7.01.08030 - Sony Corporation)
VAIO Center Access Bar (HKLM\...\{C299F969-AE3D-4679-ADF5-682A186CE62E}) (Version: 1.00.0622 - Sony)
VAIO Content Folder Setting (HKLM\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 1.0.00.07170 - Sony Corporation)
VAIO Content Importer  VAIO Content Exporter (Version: 1.4.73.04270 - Sony Corporation) Hidden
VAIO Content Importer / VAIO Content Exporter (HKLM\...\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}) (Version: 1.4.73.04270 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (HKLM\...\{DEBA60A3-7CDE-48D7-993D-7C68663AEE68}) (Version: 3.0.01.03032 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (Version: 3.0.01.03032 - Sony Corporation) Hidden
VAIO Content Metadata Manager Settings (HKLM\...\{12D0BE8D-538C-4AB1-86DE-C540308F50DA}) (Version: 3.6.0.09240 - Sony Corporation)
VAIO Content Metadata Manager Settings (Version: 3.6.0.09240 - Sony Corporation) Hidden
VAIO Content Metadata XML Interface Library (HKLM\...\{AEBB1D78-EB8C-4F8B-B57E-459958979C3B}) (Version: 3.1.00.03103 - Sony Corporation)
VAIO Content Metadata XML Interface Library (Version: 3.1.00.03103 - Sony Corporation) Hidden
VAIO Control Center (HKLM\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 2.1.00.07110 - Sony Corporation)
VAIO Entertainment Center (HKLM\...\{E74F7423-77CB-4F6A-A44D-604E1010FE50}) (Version: 2.00.0711 - Sony)
VAIO Entertainment Platform (HKLM\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.0.00.06280 - Sony Corporation)
VAIO Event Service (HKLM\...\{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}) (Version: 3.2.00.07240 - Sony Corporation)
VAIO Floral Dusk Wallpaper (HKLM\...\{B59B3DA8-06F8-4B4C-AE94-5180753EF108}) (Version: 1.0.00.10100 - Sony Corporation)
VAIO Help And Support (HKLM\...\{7D716354-2C08-48DC-9AC5-957348048817}) (Version: 3.10.0724.FZVP - Sony Corporation)
VAIO Launcher (HKLM\...\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}) (Version: 1.0.00.07090 - Sony Corporation)
VAIO Media (Version: 6.0.10 - Sony Corporation) Hidden
VAIO Media 6.0 (HKLM\...\{560F6B2E-F0DF-44E5-8190-A4A161F0E205}) (Version: 6.0.10 - Sony Corporation)
VAIO Media AC3 Decoder 1.0 (HKLM\...\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}) (Version:  - )
VAIO Media Content Collection 6.0 (HKLM\...\{500162A0-4DD5-460A-BAFD-895AAE48C532}) (Version:  - Sony Corporation)
VAIO Media Integrated Server 6.1 (HKLM\...\{785EB1D4-ECEC-4195-99B4-73C47E187721}) (Version:  - Sony Corporation)
VAIO Media Redistribution 6.0 (HKLM\...\{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}) (Version: 6.0.10 - Sony Corporation)
VAIO Media Registration Tool (Version: 6.0.10 - Sony Corporation) Hidden
VAIO Media Registration Tool 6.0 (HKLM\...\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}) (Version: 6.0.10 - Sony Corporation)
VAIO Movie Story (HKLM\...\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 1.3.02.09240 - Sony Corporation)
VAIO Movie Story (Version: 1.0.00.18280 - Sony Corporation) Hidden
VAIO Movie Story 1.3 Upgrade (Version: 1.3.02.09240 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM\...\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 1.3.00.06120 - Sony Corporation)
VAIO MusicBox (HKLM\...\{4EA55D20-27FB-45D7-8726-147E8A5F6C62}) (Version: 1.0.00.07090 - Sony Corporation)
VAIO MusicBox Sample Music (HKLM\...\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}) (Version: 1.0.00.07030 - Sony Corporation)
VAIO OOBE (HKLM\...\{1B500D37-E7CF-480B-8054-8A563594EC4E}) (Version: 3.00.0710 - Sony Corporation)
VAIO Original Function Settings (Version: 2.0.2.02240 - Sony Corporation) Hidden
VAIO Original Funktion Einstellungen (HKLM\...\{7C404084-C5A6-42FF-B731-0BAC79A6E134}) (Version: 2.0.2.02240 - Sony Corporation)
VAIO PC Wireless LAN Wizard (HKLM\...\{BCED773C-99EE-48DD-8915-25733F69F0A8}) (Version: 1.00.0716 - Sony)
VAIO Power Management (HKLM\...\{802889F8-6AF5-45A5-9764-CA5B999E50FC}) (Version: 2.2.00.06130 - Sony Corporation)
VAIO Productivity Center (HKLM\...\{BABC878D-BB64-4688-9A88-1D9E88F339A9}) (Version: 2.00.0702 - Sony)
VAIO Security Center (HKLM\...\{CFED0AE3-6D93-4745-B8A0-F3410B493CC4}) (Version: 5.00.0716 - Sony Corporation)
VAIO Service Utility (HKLM\...\VAIO Service Utility) (Version: 1.1.1.3 - Sony)
VAIO Survey (HKLM\...\{34B37A74-125E-4406-87BA-E4BD3D097AE5}) (Version: 5.00.7207 - Sony)
VAIO Teal Whisper Wallpaper (HKLM\...\{235915A8-1C0D-4920-95EA-FE8B773E5F57}) (Version: 1.0.00.10100 - Sony Corporation)
VAIO Update (HKLM\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.0.14270 - Sony Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
vShare.tv plugin 1.3 (HKLM\...\vShare.tv plugin) (Version: 1.3 - vShare.tv, Inc.) <==== ATTENTION
VU5x86 (Version: 1.1.0 - Sony Corporation ) Hidden
WD SmartWare (HKLM\...\{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}) (Version: 1.2.0.8 - Western Digital)
WIDCOMM Bluetooth Software 6.1.0.1203 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.1.0.1203 - Broadcom Corporation)
Winamp (HKLM\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live OneCare safety scanner (HKLM\...\Windows Live OneCare safety scanner) (Version:  - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinDVD for VAIO (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B8.384 - InterVideo Inc.)
WinDVD for VAIO (Version: 8.0-B8.384 - InterVideo Inc.) Hidden
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Wireless Switch Setting Utility (HKLM\...\{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}) (Version: 3.6.00.18210 - Sony Corporation)
WISO Mein Geld 2012 Professional (HKLM\...\WISO Mein Geld 2012 Professional) (Version:  - Buhl Data Service GmbH)
WISO Mein Geld 2012 Professional (Version: 14.0.1.18 - Buhl Data Service GmbH) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3626444559-52657498-4274862289-1002_Classes\CLSID\{16569F81-76A4-4339-8745-BE295A404D9B}\InprocServer32 -> C:\Users\Lexy\appdata\local\microsoft\Windows Sidebar\Gadgets\Video.Gadget\dll\AOLVideoGadgetHelper.dll (AOL)
CustomCLSID: HKU\S-1-5-21-3626444559-52657498-4274862289-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1207\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points  =========================

18-05-2015 22:39:19 Windows Update
19-05-2015 13:38:35 Scheduled Checkpoint
19-05-2015 13:42:57 Windows Update
19-05-2015 13:55:31 Windows Update
19-05-2015 14:00:08 Windows Update
19-05-2015 16:41:48 Windows Update
19-05-2015 23:58:33 Windows Update
20-05-2015 12:27:00 Windows Update
20-05-2015 12:33:54 Windows Update
20-05-2015 12:38:32 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1            localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00BB28EE-F330-4C8F-8DD9-51380D2DE6A6} - System32\Tasks\{DB02960D-3E88-4F50-80B9-90C6A3F5CF76} => Firefox.exe hxxp://www.skype.com/go/downloading?source=installer&amp;ver=7.4.85.102&amp;LastError=-9
Task: {1083DBE9-230A-41C1-88A2-D7AE163A2B86} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-02-28] (Sony Corporation)
Task: {13184BE2-ECFA-4607-B38F-4A677FEC7DCE} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3626444559-52657498-4274862289-1002 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {1E423AF4-5D61-47F1-9659-80E740800CC8} - System32\Tasks\{C926E061-3CD6-4605-AD6D-51FB41686C06} => pcalua.exe -a C:\Users\Lexy\AppData\Local\Temp\GLF6E1C\EP0000187620.exe -d C:\Users\Lexy\AppData\Local\Temp\GLF6E1C
Task: {1EF63912-26B9-45AB-9E78-51CE88ECAEDC} - System32\Tasks\{31D8B88E-6B28-4D94-B239-069674C107F0} => pcalua.exe -a "C:\Users\Lexy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7I81YI66\q816506.exe" -d C:\Users\Lexy\Desktop
Task: {2A3057D6-24E3-40C7-AC78-E518760A94BF} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2014-01-27] (Sony Corporation)
Task: {3AFDB2BD-46B7-46E8-8DEC-7DE5A066D708} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-15] (Adobe Systems Incorporated)
Task: {41867401-B848-4F45-BEB8-4C04E3BA9BDA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-08] (Google Inc.)
Task: {4EFE2AA6-63D6-432A-A4DB-5E3D0DD282A1} - System32\Tasks\SONY\WSSU\WSSU => C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe [2007-06-15] (Sony Corporation)
Task: {750513BF-A40A-4FBC-837A-DA8D3395CF32} - System32\Tasks\{FEA3844A-A767-403F-A228-E4BC401617BC} => pcalua.exe -a "C:\Program Files\LANCOM\Advanced VPN Client\UNINST.EXE" -d "C:\Program Files\LANCOM\Advanced VPN Client"
Task: {804E3411-009B-4043-9FEF-A6CFECB329B7} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-27] (Sony Corporation)
Task: {9D072985-EF80-4BCB-830F-889986F4C856} - System32\Tasks\{811984AA-D715-4EB8-B0D9-CCB0832052AF} => c:\program files\opera\launcher.exe [2015-04-17] (Opera Software)
Task: {A857E555-7A14-4F9C-8D7D-CC11FF1540D2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3626444559-52657498-4274862289-1002 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {AA3CEAC4-2784-470F-B81F-25A33017ACE8} - System32\Tasks\{6340DE61-6134-4A47-9B42-62C393E49845} => pcalua.exe -a C:\Users\Lexy\AppData\Local\Temp\GLF9F10\EP0000187620.exe -d C:\Users\Lexy\AppData\Local\Temp\GLF9F10
Task: {B3063F29-D8EF-4B30-BEF9-D771E53362A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-08] (Google Inc.)
Task: {C0173B12-1F46-480A-828D-AFF2AEECCE6E} - System32\Tasks\Opera scheduled Autoupdate 1398549131 => c:\program files\opera\launcher.exe [2015-04-17] (Opera Software)
Task: {C1382615-5CDB-4C44-812A-17A130B67A59} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DF1FEADD-BCF2-4E09-8EC2-27A855424BF5} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-03-20] (IObit)
Task: {F3D0EA79-FE36-48D0-8D34-84BBDCBD6099} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-27] (Google)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2007-08-02 04:51 - 2007-06-29 14:56 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-21 22:02 - 2014-02-28 13:02 - 00108032 _____ () C:\Program Files\LANCOM\Advanced VPN Client\ncpmif32.dll
2012-07-17 14:55 - 2002-06-28 10:16 - 00151552 _____ () C:\Program Files\LANCOM\Advanced VPN Client\ncpcfg.dll
2012-07-17 14:55 - 2013-11-11 15:02 - 00199168 _____ () C:\Program Files\LANCOM\Advanced VPN Client\ncpdlg.dll
2012-07-17 14:55 - 2002-09-04 15:27 - 00102400 _____ () C:\Program Files\LANCOM\Advanced VPN Client\ncpcry.dll
2012-07-17 14:55 - 2011-10-12 15:43 - 00148992 _____ () C:\Program Files\LANCOM\Advanced VPN Client\ncpbudget2008.dll
2014-04-21 22:02 - 2011-04-21 07:11 - 00119808 _____ () C:\Program Files\LANCOM\Advanced VPN Client\NCPSEC.EXE
2014-04-21 22:02 - 2014-02-18 12:51 - 01817088 _____ () C:\Program Files\LANCOM\Advanced VPN Client\ncpgacc.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2007-04-15 21:44 - 2007-04-15 21:44 - 00898560 _____ () C:\Program Files\Duden\Duden Korrektor\libxml2.dll
2007-04-15 21:44 - 2007-04-15 21:44 - 00073728 _____ () C:\Program Files\Duden\Duden Korrektor\zlib1.dll
2015-05-14 07:48 - 2015-04-17 10:01 - 01958008 _____ () c:\program files\opera\29.0.1795.47\opera_autoupdate.exe
2015-04-30 00:15 - 2015-04-30 00:15 - 00057856 _____ () C:\Program Files\Adobe\Reader 10.0\Reader\Locale\de_de\brdlang32.DEU
2011-02-14 23:57 - 2015-05-17 18:21 - 09498624 _____ () C:\Users\Lexy\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu
2011-02-14 23:59 - 2015-05-17 18:24 - 01180160 _____ () C:\Users\Lexy\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_PPKLite.DEU
2011-02-14 23:59 - 2015-05-17 18:24 - 01319424 _____ () C:\Users\Lexy\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_AcroForm.DEU
2011-02-14 23:59 - 2015-05-17 18:24 - 00100352 _____ () C:\Users\Lexy\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_EScript.DEU
2011-02-14 23:59 - 2015-05-17 18:22 - 03066880 _____ () C:\Users\Lexy\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Annots.DEU
2011-02-14 23:59 - 2015-05-17 18:24 - 00316416 _____ () C:\Users\Lexy\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_DigSig.DEU
2011-02-18 23:15 - 2015-05-17 20:54 - 00045568 _____ () C:\Users\Lexy\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_weblink.DEU
2012-07-27 22:51 - 2012-07-27 22:51 - 06549432 _____ () C:\Program Files\Adobe\Reader 10.0\Reader\authplay.dll
2015-04-30 00:15 - 2015-04-30 00:15 - 00305544 _____ () C:\Program Files\Adobe\Reader 10.0\Reader\sqlite.dll
2011-02-14 23:59 - 2015-05-17 18:25 - 00014336 _____ () C:\Users\Lexy\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Updater.DEU
2008-03-03 22:39 - 2007-09-20 19:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2015-05-20 15:53 - 2014-06-26 07:44 - 00358144 _____ () C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\100sexlinks.com -> 100sexlinks.com

There are 4791 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\img24.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Application Updater => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DfSdkS => 3
MSCONFIG\Services: FsUsbExService => 2
MSCONFIG\Services: gusvc => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: IMFservice => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: IviRegMgr => 2
MSCONFIG\Services: MSCSPTISRV => 3
MSCONFIG\Services: PDF Architect Helper Service => 2
MSCONFIG\Services: PDF Architect Service => 2
MSCONFIG\Services: SamsungAllShareV2.0 => 2
MSCONFIG\Services: serviceIEConfig => 2
MSCONFIG\Services: SimpleSlideShowServer => 3
MSCONFIG\Services: SPTISRV => 3
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: uCamMonitor => 2
MSCONFIG\Services: vToolbarUpdater15.3.0 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^t@x aktuell.lnk => C:\Windows\pss\t@x aktuell.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Advanced SystemCare 6 =>
MSCONFIG\startupreg: AllShareAgent =>
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service =>
MSCONFIG\startupreg: AutoStartNPSAgent => c:\program files\samsung\samsung new pc studio\npsagent.exe
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: Google Updater => "c:\program files\google\google updater\googleupdater.exe" -check_deprecation
MSCONFIG\startupreg: iTunesHelper => c:\program files\itunes\ituneshelper.exe
MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => khalmnpr.exe
MSCONFIG\startupreg: LifeCam => "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: NcpBudgetGui => "c:\program files\lancom\advanced vpn client\ncpbudgetgui.exe" -start
MSCONFIG\startupreg: NcpPopup => "C:\Program Files\LANCOM\Advanced VPN Client\ncppopup.exe" noerrmsg
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SearchSettings => "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: Skype => "c:\program files\skype\phone\skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TomTomHOME.exe =>
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: Windows Mobile-based device management => %windir%\WindowsMobile\wmdSync.exe
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\Lexy\AppData\Roaming\Yontoo\YontooDesktop.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{78E22DB7-B77B-4EC8-A7CD-2F34595FF90D}] => (Allow) C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe
FirewallRules: [{1B8CD137-BEAB-461F-9DF7-D29C96EFBBA4}] => (Allow) C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe
FirewallRules: [{49679896-5EA7-448F-A3CB-1CF1C5D5937A}] => (Allow) C:\Program Files\Sony\VAIO Media 6.0\Vc.exe
FirewallRules: [{FD6549A7-3B54-45E7-8485-87538CC01817}] => (Allow) C:\Program Files\Sony\VAIO Media 6.0\Vc.exe
FirewallRules: [{C598880B-323C-4582-A0D5-37BF730714F9}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{75339F18-4CF7-4E48-A9C9-E243273EB18C}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{0C75F875-80F6-47FD-B73D-E8F101853FC5}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{D8420B1C-4C69-476F-808D-41BF87E497CD}C:\program files\sopcast\sopcast.exe] => (Block) C:\program files\sopcast\sopcast.exe
FirewallRules: [UDP Query User{B58D82AB-5689-4D8B-B86A-4DCD8F237CD1}C:\program files\sopcast\sopcast.exe] => (Block) C:\program files\sopcast\sopcast.exe
FirewallRules: [TCP Query User{8ED12532-C267-416A-98F4-161B28A004E9}C:\program files\sopcast\adv\sopadver.exe] => (Block) C:\program files\sopcast\adv\sopadver.exe
FirewallRules: [UDP Query User{E0666EA3-E127-4089-A4B6-F3F67CB27086}C:\program files\sopcast\adv\sopadver.exe] => (Block) C:\program files\sopcast\adv\sopadver.exe
FirewallRules: [TCP Query User{17BBCC43-953A-40BB-AB6E-AAC2666E6877}C:\program files\sopcast\adv\sopadver.exe] => (Allow) C:\program files\sopcast\adv\sopadver.exe
FirewallRules: [UDP Query User{E44440C6-02FE-4003-B98F-66CE88E402EE}C:\program files\sopcast\adv\sopadver.exe] => (Allow) C:\program files\sopcast\adv\sopadver.exe
FirewallRules: [TCP Query User{4A2C1C82-6AC7-4090-B226-19E775DB8331}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
FirewallRules: [UDP Query User{FFCBC131-396A-4A12-8110-C2DB6DD8BFD4}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
FirewallRules: [{316B6993-98A7-49DC-A7A5-7511274368D6}] => (Allow) C:\Program Files\PPLive\PPLive.exe
FirewallRules: [{15D08214-15C6-411C-81CF-2E18E8DA7F47}] => (Allow) C:\Program Files\PPLive\PPLive.exe
FirewallRules: [TCP Query User{4527B42F-E487-4AA0-A7AE-117CBB0C272D}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{EFEA7E9B-4F87-401B-9AF1-8C6CD0ABC163}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{6513C40B-9BB1-4069-8246-A7B1B80DBF7B}C:\program files\surfmusik 3.1\surfmusik.exe] => (Allow) C:\program files\surfmusik 3.1\surfmusik.exe
FirewallRules: [UDP Query User{4672F9F9-1FA3-4C17-9CC6-F0977DD086D7}C:\program files\surfmusik 3.1\surfmusik.exe] => (Allow) C:\program files\surfmusik 3.1\surfmusik.exe
FirewallRules: [TCP Query User{FE4296B5-1FBF-4EAF-9400-6F50D267F1E9}C:\program files\zattoo\zattood.exe] => (Allow) C:\program files\zattoo\zattood.exe
FirewallRules: [UDP Query User{707F14F2-05AC-4F1D-9596-8DBA3F59A11C}C:\program files\zattoo\zattood.exe] => (Allow) C:\program files\zattoo\zattood.exe
FirewallRules: [TCP Query User{75A2F8B7-206C-40AA-971E-6CB10D2898DB}C:\program files\zattoo\zattoo.exe] => (Allow) C:\program files\zattoo\zattoo.exe
FirewallRules: [UDP Query User{C1264FB3-5303-4F90-AB1D-75BB37B47FBA}C:\program files\zattoo\zattoo.exe] => (Allow) C:\program files\zattoo\zattoo.exe
FirewallRules: [TCP Query User{052C97EE-670F-4899-81BA-9BFFD2FBB866}C:\program files\tvuplayer\tvuplayer.exe] => (Allow) C:\program files\tvuplayer\tvuplayer.exe
FirewallRules: [UDP Query User{CF0B7CE9-B954-42C8-B834-A2BA3CF406C7}C:\program files\tvuplayer\tvuplayer.exe] => (Allow) C:\program files\tvuplayer\tvuplayer.exe
FirewallRules: [TCP Query User{4F6E18A8-F82A-4534-9A53-58F6494017B6}C:\program files\real\realplayer\realplay.exe] => (Block) C:\program files\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{9CFF79C9-DF75-4936-B437-359127255740}C:\program files\real\realplayer\realplay.exe] => (Block) C:\program files\real\realplayer\realplay.exe
FirewallRules: [TCP Query User{5E8FBB86-6DC7-492F-A04A-844CB89365C0}C:\program files\nokia\nokia software updater\nsu_ui_client.exe] => (Allow) C:\program files\nokia\nokia software updater\nsu_ui_client.exe
FirewallRules: [UDP Query User{06CA3D3C-517B-418C-9E30-972AE849406E}C:\program files\nokia\nokia software updater\nsu_ui_client.exe] => (Allow) C:\program files\nokia\nokia software updater\nsu_ui_client.exe
FirewallRules: [TCP Query User{29FB5CDB-6B4D-4952-AF56-E9576C4B4738}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe] => (Allow) C:\program files\common files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [UDP Query User{BA3E48D0-F422-467C-9516-C95D0B81B38A}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe] => (Allow) C:\program files\common files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [TCP Query User{947ACEFE-56DC-4AB4-AB88-C738AEA2FBB1}C:\program files\simplecenter\home media server.exe] => (Allow) C:\program files\simplecenter\home media server.exe
FirewallRules: [UDP Query User{99EC694A-E76E-40DB-98CF-BEACE3F090EA}C:\program files\simplecenter\home media server.exe] => (Allow) C:\program files\simplecenter\home media server.exe
FirewallRules: [TCP Query User{BD13C577-8FBB-42B3-92ED-C83C200A03C5}C:\program files\uusee\uuseeplayer.exe] => (Allow) C:\program files\uusee\uuseeplayer.exe
FirewallRules: [UDP Query User{6368CC49-B230-4C5A-8F82-B812F4D33003}C:\program files\uusee\uuseeplayer.exe] => (Allow) C:\program files\uusee\uuseeplayer.exe
FirewallRules: [TCP Query User{0EF2971B-D528-4F9D-8F16-496B90C4CC5B}C:\program files\tvuplayer\tvuplayer.exe] => (Block) C:\program files\tvuplayer\tvuplayer.exe
FirewallRules: [UDP Query User{03C2BF4A-261D-46E4-94F4-D9B7873E0011}C:\program files\tvuplayer\tvuplayer.exe] => (Block) C:\program files\tvuplayer\tvuplayer.exe
FirewallRules: [TCP Query User{78564D83-5790-4DBB-9D01-8A07C532AB75}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{1D8F1BC8-FD3A-4592-A92D-94AD56B2FCE9}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{9CFB5ABB-FBC4-42BE-8239-038D8EECB1C5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{8B3B33CE-B8BC-41D7-AF1B-DFA60AD3B971}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{24CABB4B-93D0-4C44-A463-8900EBE5EDD1}C:\program files\surfmusik 3.1\surfmusik.exe] => (Allow) C:\program files\surfmusik 3.1\surfmusik.exe
FirewallRules: [UDP Query User{F4ED6E71-8A33-4359-9C8F-0C9B87ADEF6B}C:\program files\surfmusik 3.1\surfmusik.exe] => (Allow) C:\program files\surfmusik 3.1\surfmusik.exe
FirewallRules: [TCP Query User{088DAB27-BC1D-41D3-9D3A-E18FAE52F782}C:\program files\pplive\pplive.exe] => (Allow) C:\program files\pplive\pplive.exe
FirewallRules: [UDP Query User{8CB6BE55-97C9-4934-9E9F-5F6BE7CFF2E6}C:\program files\pplive\pplive.exe] => (Allow) C:\program files\pplive\pplive.exe
FirewallRules: [{A5A3AB99-EDA7-4674-8366-748883443D34}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{780BE9A6-F38D-4B7C-BAF1-F4D0EFC8FCEA}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{5A9F5D9B-3B12-4786-A7B2-27F6D9DD29D2}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{308AD548-AA6C-4DF5-A90C-436B6E60FAF8}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [TCP Query User{3C6FB0BA-87CE-433E-87BF-027D1741C07B}C:\program files\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{1A18033D-874F-4D7D-825E-465E148B754E}C:\program files\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files\google\google earth\plugin\geplugin.exe
FirewallRules: [{E753399B-0EB6-4E25-BB97-438C1E372876}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{A2668EDD-3310-46A2-95F7-6C94838F2AB5}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{FB2AF1DE-3FE1-400D-B6B7-DC0E919545E7}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{51F0B638-3A0F-4808-B3A2-25793FC9B270}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{F3CFC278-8F5F-4890-A32F-2495364EACD6}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{7A4696BC-0C66-4C61-A67F-B6129CF476AF}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{56D1FA41-4BCB-4B01-AF88-BCB4D4C809F1}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{D65F81F8-CA42-4061-B0E5-625DD0F5BBED}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{9F4645F3-5E13-4006-845C-1A87FA149E83}] => (Allow) LPort=80
FirewallRules: [{BC32EABE-D1BE-43EA-923B-60A0B398D914}] => (Allow) LPort=80
FirewallRules: [{5CB28410-B94A-469D-974D-6F05D2FFC43B}] => (Allow) LPort=80
FirewallRules: [TCP Query User{C1451A6F-7E74-40BD-A324-BA95533198C5}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{BC333930-A9AF-49D0-A83E-2C2742ECFF0D}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [{9F4BACB4-31F5-4BDD-AB40-E061783A63F3}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{023467E8-0BE5-493D-951F-0A16E7051871}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{BEAC78F8-C134-4503-9252-B01C97131481}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{BFFEF07C-CCC5-428D-AD79-11D65B0705DF}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{BF833142-F10C-4382-8F9F-6468D3CB1EC9}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{209F9465-39F1-4052-B15A-2759127B2FF7}C:\program files\jivexdvlight\jre\bin\javaw.exe] => (Allow) C:\program files\jivexdvlight\jre\bin\javaw.exe
FirewallRules: [UDP Query User{C11AB735-3BE2-4B32-80F8-D1573EAD4BEE}C:\program files\jivexdvlight\jre\bin\javaw.exe] => (Allow) C:\program files\jivexdvlight\jre\bin\javaw.exe
FirewallRules: [TCP Query User{8B6AB8B4-2DD2-4A23-812E-90075C822B0B}C:\program files\lancom\advanced vpn client\ncpmon.exe] => (Allow) C:\program files\lancom\advanced vpn client\ncpmon.exe
FirewallRules: [UDP Query User{E783ECEB-C97F-4E59-9224-4325520ACC87}C:\program files\lancom\advanced vpn client\ncpmon.exe] => (Allow) C:\program files\lancom\advanced vpn client\ncpmon.exe
FirewallRules: [TCP Query User{EE642530-844E-4700-AFD2-5F9CD6138942}C:\program files\lancom\advanced vpn client\ncpmon.exe] => (Allow) C:\program files\lancom\advanced vpn client\ncpmon.exe
FirewallRules: [UDP Query User{84443EAE-9CFF-4187-8ED0-28F3C4932916}C:\program files\lancom\advanced vpn client\ncpmon.exe] => (Allow) C:\program files\lancom\advanced vpn client\ncpmon.exe
FirewallRules: [{8DF8D55D-6B19-4635-925B-20BD592ED8AB}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{D497B358-AEA8-4F9D-A1F1-43E755633DC6}C:\program files\itunes\itunes.exe] => (Block) C:\program files\itunes\itunes.exe
FirewallRules: [{A35272B5-48D0-41DC-9894-B7FFC62AC937}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{1526B63F-04F3-4844-A008-2D5906E181C0}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{23BEB9F9-B2C2-42D5-88B2-ADF1AE7EA835}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{C27D7843-EE0C-415F-A5C9-F74870BFC3AA}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{958DE50F-8FB0-4C3E-A1E1-98C027654282}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2389A4C2-7698-4DDE-AA40-E60D568740F1}] => (Allow) LPort=2869
FirewallRules: [{93E9F9FE-1463-4036-833F-B0CC95280471}] => (Allow) LPort=1900
FirewallRules: [{15279C77-74B9-4698-988B-DB0505D25755}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5106BB96-8F63-4A42-812A-DA53647C1540}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{DD9B30AD-D54A-4052-B884-831923B6B53D}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{7A81F545-EF43-4F8F-9509-CA2DAF1C51A2}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{BA80BEE1-CBFF-4AC8-88EA-DAFC800C6746}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{25A500DF-23D8-4850-9BDD-196B3F63225F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8B9E5812-CD6E-49C3-BF05-077CBA30F93C}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{9A25D5D8-E2BB-48E4-8935-000D41146CE3}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [TCP Query User{F5F3C801-FC7B-4422-A690-1000E33BEC35}C:\program files\wolterskluwer\gug\server\apache\bin\lexpro_uan_nv_1802.exe] => (Allow) C:\program files\wolterskluwer\gug\server\apache\bin\lexpro_uan_nv_1802.exe
FirewallRules: [UDP Query User{3B8D5BDD-2261-4379-A719-E659959D1625}C:\program files\wolterskluwer\gug\server\apache\bin\lexpro_uan_nv_1802.exe] => (Allow) C:\program files\wolterskluwer\gug\server\apache\bin\lexpro_uan_nv_1802.exe
FirewallRules: [{F5B755D7-55CD-41F7-90A6-96EF6B5F5E9B}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe
FirewallRules: [{4238D6AA-03AB-43CB-8456-8CEE60CA706E}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe
FirewallRules: [{A3C6D047-0852-4BDF-82AA-FF0699459619}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{9EB85B0C-96E1-4E8E-B03B-CBE7356E9E05}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{F902673F-689A-4576-9ECB-885FADA7EC37}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe
FirewallRules: [{554E9F2F-A3ED-41A9-8E74-55DC7D9E827A}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe
FirewallRules: [{AAA61FCC-BEFB-47E5-BD15-343E68EFA096}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{42485109-5CF5-4DD0-8321-080B68CE2948}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\uusee\UUSeePlayer.exe] => Enabled:UUPlayer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2015 04:26:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (05/20/2015 04:26:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (05/20/2015 04:26:29 PM) (Source: ESENT) (EventID: 474) (User: )
Description: wuaueng.dll (1320) SUS20ClientDataStore: The database page read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 35278848 (0x00000000021a5000) (database page wuaueng.dll0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was 344660851405807555 (0x04c87b37e006dfc3) and the actual checksum was 349727323683544980 (0x04da7b25e067df94).  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (05/20/2015 04:25:53 PM) (Source: ESENT) (EventID: 474) (User: )
Description: wuaueng.dll (1320) SUS20ClientDataStore: The database page read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 35278848 (0x00000000021a5000) (database page wuaueng.dll0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was 344660851405807555 (0x04c87b37e006dfc3) and the actual checksum was 349727323683544980 (0x04da7b25e067df94).  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (05/20/2015 04:25:47 PM) (Source: ESENT) (EventID: 474) (User: )
Description: wuaueng.dll (1320) SUS20ClientDataStore: The database page read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 35278848 (0x00000000021a5000) (database page wuaueng.dll0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was 344660851405807555 (0x04c87b37e006dfc3) and the actual checksum was 349727323683544980 (0x04da7b25e067df94).  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (05/20/2015 04:23:10 PM) (Source: ESENT) (EventID: 474) (User: )
Description: wuaueng.dll (1320) SUS20ClientDataStore: The database page read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 35278848 (0x00000000021a5000) (database page wuaueng.dll0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was 344660851405807555 (0x04c87b37e006dfc3) and the actual checksum was 349727323683544980 (0x04da7b25e067df94).  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (05/20/2015 04:22:31 PM) (Source: ESENT) (EventID: 474) (User: )
Description: wuaueng.dll (1320) SUS20ClientDataStore: The database page read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 35278848 (0x00000000021a5000) (database page wuaueng.dll0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was 344660851405807555 (0x04c87b37e006dfc3) and the actual checksum was 349727323683544980 (0x04da7b25e067df94).  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (05/20/2015 04:22:26 PM) (Source: ESENT) (EventID: 474) (User: )
Description: wuaueng.dll (1320) SUS20ClientDataStore: The database page read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 35278848 (0x00000000021a5000) (database page wuaueng.dll0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was 344660851405807555 (0x04c87b37e006dfc3) and the actual checksum was 349727323683544980 (0x04da7b25e067df94).  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (05/20/2015 04:19:36 PM) (Source: ESENT) (EventID: 474) (User: )
Description: wuaueng.dll (1320) SUS20ClientDataStore: The database page read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 35278848 (0x00000000021a5000) (database page wuaueng.dll0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was 344660851405807555 (0x04c87b37e006dfc3) and the actual checksum was 349727323683544980 (0x04da7b25e067df94).  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (05/20/2015 04:19:08 PM) (Source: ESENT) (EventID: 474) (User: )
Description: wuaueng.dll (1320) SUS20ClientDataStore: The database page read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 35278848 (0x00000000021a5000) (database page wuaueng.dll0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was 344660851405807555 (0x04c87b37e006dfc3) and the actual checksum was 349727323683544980 (0x04da7b25e067df94).  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.


System errors:
=============
Error: (05/20/2015 01:06:18 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

        New Signature Version:

        Previous Signature Version: 0.0.0.0

        Update Source: %NT AUTHORITY59

        Update Stage: 4.4.0304.00

        Source Path: 4.4.0304.01

        Signature Type: %NT AUTHORITY602

        Update Type: %NT AUTHORITY604

        User: NT AUTHORITY\SYSTEM

        Current Engine Version: %NT AUTHORITY605

        Previous Engine Version: %NT AUTHORITY606

        Error code: %NT AUTHORITY607

        Error description: %NT AUTHORITY608

Error: (05/20/2015 01:06:18 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

        New Signature Version:

        Previous Signature Version: 0.0.0.0

        Update Source: %NT AUTHORITY59

        Update Stage: 4.4.0304.00

        Source Path: 4.4.0304.01

        Signature Type: %NT AUTHORITY602

        Update Type: %NT AUTHORITY604

        User: NT AUTHORITY\SYSTEM

        Current Engine Version: %NT AUTHORITY605

        Previous Engine Version: %NT AUTHORITY606

        Error code: %NT AUTHORITY607

        Error description: %NT AUTHORITY608

Error: (05/20/2015 00:55:04 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

        New Signature Version:

        Previous Signature Version: 0.0.0.0

        Update Source: %NT AUTHORITY51

        Update Stage: 4.4.0304.00

        Source Path: 4.4.0304.01

        Signature Type: %NT AUTHORITY602

        Update Type: %NT AUTHORITY604

        User: NT AUTHORITY\NETWORK SERVICE

        Current Engine Version: %NT AUTHORITY605

        Previous Engine Version: %NT AUTHORITY606

        Error code: %NT AUTHORITY607

        Error description: %NT AUTHORITY608

Error: (05/20/2015 00:55:04 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

        New Signature Version:

        Previous Signature Version: 0.0.0.0

        Update Source: %NT AUTHORITY51

        Update Stage: 4.4.0304.00

        Source Path: 4.4.0304.01

        Signature Type: %NT AUTHORITY602

        Update Type: %NT AUTHORITY604

        User: NT AUTHORITY\NETWORK SERVICE

        Current Engine Version: %NT AUTHORITY605

        Previous Engine Version: %NT AUTHORITY606

        Error code: %NT AUTHORITY607

        Error description: %NT AUTHORITY608

Error: (05/20/2015 00:54:58 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

        New Signature Version:

        Previous Signature Version: 0.0.0.0

        Update Source: %NT AUTHORITY51

        Update Stage: 4.4.0304.00

        Source Path: 4.4.0304.01

        Signature Type: %NT AUTHORITY602

        Update Type: %NT AUTHORITY604

        User: NT AUTHORITY\NETWORK SERVICE

        Current Engine Version: %NT AUTHORITY605

        Previous Engine Version: %NT AUTHORITY606

        Error code: %NT AUTHORITY607

        Error description: %NT AUTHORITY608

Error: (05/20/2015 00:54:58 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

        New Signature Version:

        Previous Signature Version: 0.0.0.0

        Update Source: %NT AUTHORITY51

        Update Stage: 4.4.0304.00

        Source Path: 4.4.0304.01

        Signature Type: %NT AUTHORITY602

        Update Type: %NT AUTHORITY604

        User: NT AUTHORITY\NETWORK SERVICE

        Current Engine Version: %NT AUTHORITY605

        Previous Engine Version: %NT AUTHORITY606

        Error code: %NT AUTHORITY607

        Error description: %NT AUTHORITY608

Error: (05/20/2015 00:54:58 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

        New Signature Version:

        Previous Signature Version: 0.0.0.0

        Update Source: %NT AUTHORITY51

        Update Stage: 4.4.0304.00

        Source Path: 4.4.0304.01

        Signature Type: %NT AUTHORITY602

        Update Type: %NT AUTHORITY604

        User: NT AUTHORITY\NETWORK SERVICE

        Current Engine Version: %NT AUTHORITY605

        Previous Engine Version: %NT AUTHORITY606

        Error code: %NT AUTHORITY607

        Error description: %NT AUTHORITY608

Error: (05/20/2015 00:49:45 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

        New Signature Version:

        Previous Signature Version: 0.0.0.0

        Update Source: %NT AUTHORITY59

        Update Stage: 4.4.0304.00

        Source Path: 4.4.0304.01

        Signature Type: %NT AUTHORITY602

        Update Type: %NT AUTHORITY604

        User: NT AUTHORITY\SYSTEM

        Current Engine Version: %NT AUTHORITY605

        Previous Engine Version: %NT AUTHORITY606

        Error code: %NT AUTHORITY607

        Error description: %NT AUTHORITY608

Error: (05/20/2015 00:49:45 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

        New Signature Version:

        Previous Signature Version: 0.0.0.0

        Update Source: %NT AUTHORITY59

        Update Stage: 4.4.0304.00

        Source Path: 4.4.0304.01

        Signature Type: %NT AUTHORITY602

        Update Type: %NT AUTHORITY604

        User: NT AUTHORITY\SYSTEM

        Current Engine Version: %NT AUTHORITY605

        Previous Engine Version: %NT AUTHORITY606

        Error code: %NT AUTHORITY607

        Error description: %NT AUTHORITY608

Error: (05/20/2015 00:46:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Microsoft Security Essentials - 4.8.204.0 (KB3063822){1FA705FA-4023-4445-B2CA-A9B19F8A4C22}200


Microsoft Office Sessions:
=========================
Error: (01/05/2013 10:34:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 28971 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (08/15/2012 06:18:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 48 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/02/2008 10:07:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 114 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/15/2007 08:42:20 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 22 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-05-20 19:14:56.194
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-20 19:14:55.436
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-20 19:14:54.663
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-20 19:14:53.852
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-20 19:14:52.918
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-20 19:14:52.074
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-20 19:14:51.283
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-20 19:14:50.480
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-14 07:31:20.309
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG2014\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-14 07:31:19.553
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG2014\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz
Percentage of memory in use: 76%
Total physical RAM: 2549.69 MB
Available physical RAM: 590.39 MB
Total Pagefile: 5320.18 MB
Available Pagefile: 2516.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.49 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:141.61 GB) (Free:25.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 3DE4A73D)
Partition 1: (Not Active) - (Size=7.4 GB) - (Type=27)
Partition 2: (Active) - (Size=141.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================
gmer
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-20 21:35:13
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.DL03 149,05GB
Running: Gmer-19357.exe; Driver: C:\Users\Lexy\AppData\Local\Temp\kxldapob.sys


---- System - GMER 2.1 ----

SSDT            90D4754E                                                                                                          ZwCreateSection
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                      ZwNotifyChangeKey [0x927E46E0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                      ZwNotifyChangeMultipleKeys [0x927E4800]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                      ZwOpenProcess [0x927E4010]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                      ZwOpenThread [0x927E44D0]
SSDT            90D47558                                                                                                          ZwRequestWaitReplyPort
SSDT            90D47553                                                                                                          ZwSetContextThread
SSDT            90D4755D                                                                                                          ZwSetSecurityObject
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                      ZwSuspendProcess [0x927E4300]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                      ZwSuspendThread [0x927E43E0]
SSDT            90D47562                                                                                                          ZwSystemDebugControl
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                      ZwTerminateProcess [0x927E4120]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                      ZwTerminateThread [0x927E4210]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                      ZwWriteVirtualMemory [0x927E45E0]

---- Kernel code sections - GMER 2.1 ----

.text          ntkrnlpa.exe!KeSetEvent + 215                                                                                    836C67D8 4 Bytes  [4E, 75, D4, 90] {DEC ESI; JNZ 0xffffffd7; NOP }
.text          ntkrnlpa.exe!KeSetEvent + 3BD                                                                                    836C6980 8 Bytes  [E0, 46, 7E, 92, 00, 48, 7E, ...] {LOOPNZ 0x48; JLE 0xffffff96; ADD [EAX+0x7e], CL; XCHG EDX, EAX}
.text          ntkrnlpa.exe!KeSetEvent + 3F1                                                                                    836C69B4 4 Bytes  [10, 40, 7E, 92] {ADC [EAX+0x7e], AL; XCHG EDX, EAX}
.text          ntkrnlpa.exe!KeSetEvent + 40D                                                                                    836C69D0 4 Bytes  [D0, 44, 7E, 92] {ROL BYTE [ESI+EDI*2-0x6e], 0x1}
.text          ntkrnlpa.exe!KeSetEvent + 539                                                                                    836C6AFC 4 Bytes  [58, 75, D4, 90] {POP EAX; JNZ 0xffffffd7; NOP }
.text          ...                                                                                                             

---- User code sections - GMER 2.1 ----

.text          C:\Program Files\Real\RealPlayer\Update\realsched.exe[2716] kernel32.dll!SetUnhandledExceptionFilter              7534A9BD 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text          C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[6300] kernel32.dll!SetUnhandledExceptionFilter  7534A9BD 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                          avgtdix.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                                          avgtdix.sys
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                        avgtdix.sys

---- EOF - GMER 2.1 ----

cosinus 20.05.2015 22:01
Hi und :hallo:

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    IObit Apps Toolbar v7.3

    IObit Toolbar Removal Tool

    IObit Toolbar v7.3

    RamBooster

    vShare.tv plugin 1.3

  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 



Gib mir bitte Bescheid wenn das erledigt ist oder Probleme aufreten sollten.

alexbk 20.05.2015 22:47
Hallo Cosinus habe jetzt alle genannten Programme gelöscht. Ich hoffe, dass jetzt erst einmal alle Probleme weg sind. Brauchst du noch etwas von mir? Welches kostenlosen Schutzprogamm würdest du denn empfehlen?

Vielen Dank und Viele Grüße
Alexbk

cosinus 21.05.2015 10:43
Adware/Junkware/Toolbars entfernen

1. Schritt: Malwarebytes

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

2. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



3. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




4. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


alexbk 21.05.2015 23:50
Hallo cosinus, wie empfohlen habe ich deine Ratschläge umgesetzt. Hier wie gewünscht die logs. Wie soll ich weiter vorgehe???

Code:
# AdwCleaner v4.205 - Logfile created 22/05/2015 at 00:09:16
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Local]
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Username : Lexy - LEXY-PC
# Running from : C:\Users\Lexy\Downloads\AdwCleaner_4.205.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : Application Updater
[#] Service Deleted : Yontoo Desktop Updater

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Uniblue
Folder Deleted : C:\Program Files\ATDheNetTVApp.com
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Uniblue
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\Program Files\Common Files\Spigot
Folder Deleted : C:\Users\Lexy\AppData\Local\iLivid
Folder Deleted : C:\Users\Lexy\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Lexy\AppData\Local\PackageAware
Folder Deleted : C:\Users\Lexy\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Lexy\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Lexy\AppData\Roaming\DSite
Folder Deleted : C:\Users\Lexy\AppData\Roaming\Funmoods
Folder Deleted : C:\Users\Lexy\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Lexy\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Lexy\AppData\Roaming\Uniblue
Folder Deleted : C:\Users\Lexy\AppData\Roaming\Yontoo
Folder Deleted : C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\plugin@yontoo.com
Folder Deleted : C:\Users\Lexy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgnhgbflngpggpmpfdkhmhmfdophhepe
Folder Deleted : C:\Users\Lexy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd
File Deleted : C:\END
File Deleted : C:\Users\Lexy\AppData\Roaming\AVSDVDPlayer.m3u
File Deleted : C:\Program Files\Mozilla Firefox\components\AskSearch.js
File Deleted : C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\invalidprefs.js
File Deleted : C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\user.js
File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js
File Deleted : C:\Users\Lexy\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.softonic.de_0.localstorage
File Deleted : C:\Users\Lexy\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.softonic.de_0.localstorage-journal

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
Key Deleted : HKCU\Software\9e8fd8bd38ed13
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{539F31C0-3B74-40B9-A47D-9655DDEBB7EC}
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\qtrax
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\vShare.tv
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\IObit Apps
Key Deleted : HKCU\Software\AppDataLow\Software\YTKaraoke
Key Deleted : HKCU\Software\AppDataLow\Software\IObit Apps
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : HKLM\SOFTWARE\eRightSoft\OpenCandy
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\IObit Apps
Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
Key Deleted : HKU\.DEFAULT\Software\vShare.tv
Key Deleted : HKU\.DEFAULT\Software\IObit Apps
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\loadtbs-3.0
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vShare.tv plugin
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchgol.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*.local

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16644


-\\ Mozilla Firefox v38.0.1 (x86 de)

[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.aflt", "nv2");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.appId", "{EA28B360-05E0-4F93-8150-02891F1D8D3C}");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.cntry", "DE");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.cv", "cv5");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.dfltlng", "en");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.dfltsrch", true);
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.dnsErr", true);
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.excTlbr", false);
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.hdrMd5", "A3E32C601D918AEDC10978A82B56D232");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.hmpg", true);
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=nv2&cd=2XzuyEtN2Y1L1QzutDtBtDtD0ByEzzyDzztA0F0CzyyEtC0BtN0D0Tzu0CyEyCyDtN1L2XzutBtFtBtFtCtFyDyByBtN1L1Czu1G2XtB&cr=1258449019[...]
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.hrdid", "0200B48583FC941B");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.id", "0200B48583FC941B");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.instlday", "15804");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.instlref", "");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", "false");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.keywordurl", "");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.monitorreport", true);
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.newtab", "false");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://searchfunmoods.com/?f=2&a=nv2&cd=2XzuyEtN2Y1L1QzutDtBtDtD0ByEzzyDzztA0F0CzyyEtC0BtN0D0Tzu0CyEyCyDtN1L2XzutBtFtBtFtCtFyDyByBtN1L1Czu1G2XtB&cr=12584490[...]
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.pnu_base", "{\"newVrsn\":\"252\",\"lastVrsn\":\"252\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.savedVrsnTs", "1");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.sg", "none");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.smplgrp", "free");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.srch", "");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.srchprvdr", "Funmoods");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.tlbrid", "base");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://searchfunmoods.com/?f=3&a=nv2&cd=2XzuyEtN2Y1L1QzutDtBtDtD0ByEzzyDzztA0F0CzyyEtC0BtN0D0Tzu0CyEyCyDtN1L2XzutBtFtBtFtCtFyDyByBtN1L1Czu1G2XtB&cr=125844[...]
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.vrsn", "1.8.11.0");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.vrsni", "1.8.11.0");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.vrsnts", "");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods.xpestat\\xpereportdata", "9-3-2013");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.hmpg", true);
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.newTab", false);
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.8.11.021:31:7");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
[xft0vk8n.default-1363947649468\prefs.js] - Line Deleted : user_pref("extentions.y2layers.installId", "3d326580-6768-4b9e-a190-63ce44f8ee32");

-\\ Google Chrome v


-\\ Opera v29.0.1795.60


*************************

AdwCleaner[R0].txt - [14111 bytes] - [22/05/2015 00:05:13]
AdwCleaner[S0].txt - [14730 bytes] - [22/05/2015 00:09:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14790  bytes] ##########
mbam

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 21.05.2015
Suchlauf-Zeit: 23:04:09
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.21.03
Rootkit Datenbank: v2015.05.16.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: Lexy

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 390043
Verstrichene Zeit: 51 Min, 43 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
JRT

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.6 (05.21.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Lexy on 22.05.2015 at  0:38:16,11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Users\Lexy\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Lexy\appdata\local\{6C36B345-85D2-439C-B66E-260A225967C5}
Successfully deleted: [Empty Folder] C:\Users\Lexy\appdata\local\{E185B054-FF46-4788-A670-7C7072AEEE8F}



~~~ FireFox

Successfully deleted the following from C:\Users\Lexy\AppData\Roaming\mozilla\firefox\profiles\xft0vk8n.default-1363947649468\prefs.js

user_pref(extensions.delta.admin, false);
user_pref(extensions.delta.aflt, babsst);
user_pref(extensions.delta.appId, {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3});
user_pref(extensions.delta.autoRvrt, false);
user_pref(extensions.delta.bbDpng, 26);
user_pref(extensions.delta.cntry, DE);
user_pref(extensions.delta.dfltLng, de);
user_pref(extensions.delta.excTlbr, false);
user_pref(extensions.delta.ffxUnstlRst, true);
user_pref(extensions.delta.hdrMd5, 6B3B346821B9C75694BFB3B4A352212D);
user_pref(extensions.delta.id, b8a1941b0000000000000200b48583fc);
user_pref(extensions.delta.instlDay, 15973);
user_pref(extensions.delta.instlRef, sst);
user_pref(extensions.delta.lastVrsnTs, 1.8.24.615:03:24);
user_pref(extensions.delta.newTab, false);
user_pref(extensions.delta.prdct, delta);
user_pref(extensions.delta.prtnrId, delta);
user_pref(extensions.delta.rvrt, false);
user_pref(extensions.delta.sg, er);
user_pref(extensions.delta.smplGrp, none);
user_pref(extensions.delta.tlbrId, base);
user_pref(extensions.delta.tlbrSrchUrl, );
user_pref(extensions.delta.vrsn, 1.8.24.6);
user_pref(extensions.delta.vrsnTs, 1.8.24.615:03:24);
user_pref(extensions.delta.vrsni, 1.8.24.6);
user_pref(extensions.delta_i.babExt, );
user_pref(extensions.delta_i.babTrack, affID=119357&tt=240913_246&tsp=5016);
user_pref(extensions.delta_i.srcExt, ss);
Emptied folder: C:\Users\Lexy\AppData\Roaming\mozilla\firefox\profiles\xft0vk8n.default-1363947649468\minidumps [190 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.05.2015 at  0:42:04,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Frst

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-05-2015
Ran by Lexy (administrator) on LEXY-PC on 22-05-2015 00:44:57
Running from C:\Users\Lexy\Desktop
Loaded Profiles: Lexy (Available profiles: Lexy)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
() C:\Program Files\LANCOM\Advanced VPN Client\NCPSEC.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Memeo) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NcpBudgetGui] => C:\Program Files\LANCOM\Advanced VPN Client\NcpBudgetGui.exe [999424 2013-11-13] (NCP engineering GmbH)
HKLM-x32\...\Run: [NcpPopup] => C:\Program Files\LANCOM\Advanced VPN Client\ncppopup.exe [1011280 2012-03-20] (NCP engineering GmbH)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-04-02] (RealNetworks, Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\VESWinlogon: C:\Windows\SYSTEM32\VESWinlogon.dll [2007-07-25] (Sony Corporation)
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {11b66750-b5e2-11de-9df8-001bfb57dcd1} - explorer .\Start.htm
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {39296a35-1998-11e1-b200-001e101f1838} - F:\AutoRun.exe
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {858936fd-2a7a-11e1-9f04-001a804a3ef4} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {8bdb5a25-1eb6-11dd-a0f9-001bfb57dcd1} - G:\InstallTomTomHOME.exe
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {90147ad3-cb2b-11e0-a807-001a804a3ef4} - F:\AutoRun.exe
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {90147b0c-cb2b-11e0-a807-001e101f82a0} - F:\AutoRun.exe
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {f83f8188-d23d-11e0-9eab-001e101f4da1} - F:\AutoRun.exe
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> none
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => "C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe"
HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-03-23]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {539F31C0-3B74-40B9-A47D-9655DDEBB7EC} URL =
SearchScopes: HKU\.DEFAULT -> {76D942BC-59C4-4034-B456-48CE494193B8} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {0E8310AC-7BDC-4C45-8159-319CC44B4E9A} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {539F31C0-3B74-40B9-A47D-9655DDEBB7EC} URL =
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {559EBC72-CCE9-42AE-8E31-119F867AC22D} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {5AFA46B7-57B8-4318-BC64-44C5A7F12DDE} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {76D942BC-59C4-4034-B456-48CE494193B8} URL = https://www.google.com/search?q={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-21] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-21] (Oracle Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://navigram.com/engine/v1140/Navigram.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-07-12] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-02-18] (DivX, LLC)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-02-18] (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @innoplus.de/ino3DViewer -> C:\Program Files\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll [2008-11-26] (INNOVA-engineering GmbH Dresden)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files\Virtual Earth 3D\ [2010-04-26] ()
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-09-27] (Google)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-04-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2009-04-15] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-04-02] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3626444559-52657498-4274862289-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Lexy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-11-13] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2008-06-02] (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-04-02] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-04-02] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012-06-20] (Nullsoft, Inc.)
FF Extension: Bitdefender QuickScan - C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2015-05-20]
FF Extension: Ghostery - C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\firefox@ghostery.com.xpi [2015-05-15]
FF Extension: NoScript - C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-12-15]
FF Extension: Adblock Plus - C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-22]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-16]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-16]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord [2009-04-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-25]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-02]

Chrome:
=======
CHR Profile: C:\Users\Lexy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Lexy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-05-27]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2011-12-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2011-12-15] (Avira Operations GmbH & Co. KG)
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2009-07-20] (Logitech, Inc.)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S2 ncpclcfg; C:\Program Files\LANCOM\Advanced VPN Client\ncpclcfg.exe [150800 2013-10-28] (NCP engineering GmbH)
S2 ncprwsnt; C:\Program Files\LANCOM\Advanced VPN Client\ncprwsnt.exe [1400584 2014-02-28] (NCP Engineering GmbH)
R2 NcpSec; C:\Program Files\LANCOM\Advanced VPN Client\NCPSEC.EXE [119808 2011-04-21] () [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [File not signed]
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S4 serviceIEConfig; C:\Windows\System32\ieconfig_1und1_svc.exe [662416 2009-04-15] (mquadr.at softwareengineering und consulting gmbh)
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S4 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [File not signed]
S2 STacSV; C:\Windows\system32\stacsv.exe [94208 2007-06-12] (SigmaTel, Inc.)
S4 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [104960 2007-11-09] (ArcSoft, Inc.)
S4 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2007-06-28] (Sony Corporation) [File not signed]
S4 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182392 2007-07-25] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2523136 2007-06-21] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-IntegratedServer-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-06-21] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-06-21] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-Mobile-Gateway; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [499712 2007-06-21] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-11] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-UCLS-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-06-21] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-06-21] (Sony Corporation) [File not signed]
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [333088 2008-03-03] (Sony Corporation)
S3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2007-06-28] (Sony Corporation) [File not signed]
S3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1228336 2014-02-28] (Sony Corporation)
S2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [188416 2007-06-28] (Sony Corporation) [File not signed]
S2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [184320 2007-06-28] (Sony Corporation) [File not signed]
S2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2009-11-13] (WDC) [File not signed]
R2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [74640 2011-12-15] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137416 2012-02-15] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-12-15] (Avira GmbH)
R1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [9072 2008-07-04] (Sonic Solutions)
R1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [9200 2008-07-04] (Sonic Solutions)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
S3 GigasetGenericUSB; C:\Windows\System32\DRIVERS\GigasetGenericUSB.sys [44032 2012-10-08] (Siemens Home and Office Communication Devices GmbH & Co. KG) [File not signed]
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
S3 ncpfilt; C:\Windows\System32\DRIVERS\ncplelhp.sys [87888 2014-02-28] (NCP Engineering GmbH)
R3 ncplelhp; C:\Windows\System32\DRIVERS\ncplelhp.sys [87888 2014-02-28] (NCP Engineering GmbH)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
S3 SonyImgF; C:\Windows\System32\DRIVERS\SonyImgF.sys [31104 2007-04-05] (Sony Corporation) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2010-02-25] () [File not signed]
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-06-12] (SigmaTel, Inc.)
R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2007-06-05] (Texas Instruments)
S3 w800bus; C:\Windows\System32\DRIVERS\w800bus.sys [60768 2005-06-13] (MCCI)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 ivusb; system32\DRIVERS\ivusb.sys [X]
S3 nmwcdnsu; system32\drivers\nmwcdnsu.sys [X]
S3 nmwcdnsuc; system32\drivers\nmwcdnsuc.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
U5 usbser; C:\Windows\System32\Drivers\usbser.sys [27648 2009-04-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 00:44 - 2015-05-22 00:44 - 00000000 ____D () C:\Users\Lexy\Desktop\FRST-OlderVersion
2015-05-22 00:42 - 2015-05-22 00:42 - 00002586 _____ () C:\Users\Lexy\Desktop\JRT.txt
2015-05-22 00:39 - 2015-05-22 00:39 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LEXY-PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2015-05-22 00:38 - 2015-05-22 00:38 - 00000000 ____D () C:\RegBackup
2015-05-22 00:36 - 2015-05-22 00:37 - 02720009 _____ (Thisisu) C:\Users\Lexy\Desktop\JRT.exe
2015-05-22 00:30 - 2015-05-22 00:30 - 00014871 _____ () C:\Users\Lexy\Desktop\AdwCleaner[S0].txt
2015-05-22 00:05 - 2015-05-22 00:23 - 00000000 ____D () C:\AdwCleaner
2015-05-22 00:00 - 2015-05-22 00:01 - 00001212 _____ () C:\Users\Lexy\Desktop\mbam.txt
2015-05-21 23:07 - 2015-05-21 23:07 - 02222592 _____ () C:\Users\Lexy\Downloads\AdwCleaner_4.205.exe
2015-05-21 22:57 - 2015-05-22 00:29 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-21 22:56 - 2015-05-21 22:56 - 00000915 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-21 22:56 - 2015-05-21 22:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-21 22:56 - 2015-05-21 22:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-21 22:56 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-21 22:56 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-21 22:56 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-21 22:37 - 2015-05-21 22:37 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Lexy\Downloads\mbam-setup-2.1.6.1022(2).exe
2015-05-21 22:20 - 2015-05-21 22:21 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Lexy\Downloads\mbam-setup-2.1.6.1022(1).exe
2015-05-21 22:14 - 2015-05-21 22:15 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Lexy\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-21 11:49 - 2015-05-21 11:49 - 00000000 ____D () C:\Program Files\ESET
2015-05-21 11:48 - 2015-05-21 11:48 - 02347384 _____ (ESET) C:\Users\Lexy\Downloads\esetsmartinstaller_deu.exe
2015-05-21 11:35 - 2015-05-21 11:35 - 00001880 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-05-21 11:35 - 2015-05-21 11:35 - 00000000 ___RD () C:\Program Files\Skype
2015-05-21 11:35 - 2015-05-21 11:35 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-05-21 11:24 - 2015-05-21 11:19 - 00096352 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-05-21 11:23 - 2015-05-21 11:23 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-05-21 10:31 - 2015-05-21 10:33 - 13662720 _____ (Sony Corporation ) C:\Users\Lexy\Downloads\VEC5_0_01_14040(2).exe
2015-05-21 10:27 - 2015-05-21 10:28 - 08343552 _____ () C:\Users\Lexy\Downloads\vec4_2.exe
2015-05-21 10:24 - 2015-05-21 10:25 - 13662720 _____ (Sony Corporation ) C:\Users\Lexy\Downloads\VEC5_0_01_14040(1).exe
2015-05-21 10:23 - 2015-05-21 10:24 - 13662720 _____ (Sony Corporation ) C:\Users\Lexy\Downloads\VEC5_0_01_14040.exe
2015-05-21 07:28 - 2015-05-21 07:28 - 00000978 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2015-05-20 23:09 - 2015-05-20 23:09 - 00001075 _____ () C:\Users\Lexy\Desktop\Revo Uninstaller.lnk
2015-05-20 23:09 - 2015-05-20 23:09 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-05-20 23:08 - 2015-05-20 23:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Lexy\Downloads\revosetup95.exe
2015-05-20 21:35 - 2015-05-20 21:35 - 00004664 _____ () C:\Users\Lexy\Desktop\Gmer.log
2015-05-20 20:43 - 2015-05-20 20:43 - 00000803 _____ () C:\Users\Lexy\Desktop\ESET online scanner.txt
2015-05-20 20:04 - 2015-05-20 20:04 - 00380416 _____ () C:\Users\Lexy\Desktop\Gmer-19357.exe
2015-05-20 19:16 - 2015-05-20 19:19 - 00075764 _____ () C:\Users\Lexy\Desktop\Addition.txt
2015-05-20 19:12 - 2015-05-22 00:44 - 00026282 _____ () C:\Users\Lexy\Desktop\FRST.txt
2015-05-20 19:11 - 2015-05-22 00:45 - 00000000 ____D () C:\FRST
2015-05-20 19:07 - 2015-05-20 19:08 - 00000470 _____ () C:\Users\Lexy\Desktop\defogger_disable.log
2015-05-20 19:07 - 2015-05-20 19:07 - 00000000 _____ () C:\Users\Lexy\defogger_reenable
2015-05-20 19:04 - 2015-05-20 19:04 - 00050477 _____ () C:\Users\Lexy\Desktop\Defogger.exe
2015-05-20 18:59 - 2015-05-22 00:44 - 01147392 _____ (Farbar) C:\Users\Lexy\Desktop\FRST.exe
2015-05-20 15:51 - 2015-05-20 15:51 - 02347384 _____ (ESET) C:\Users\Lexy\Downloads\esetsmartinstaller_enu.exe
2015-05-20 12:44 - 2015-05-21 10:33 - 00001842 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-20 12:43 - 2015-05-21 10:31 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-18 20:43 - 2015-05-18 20:43 - 01046430 _____ () C:\Users\Lexy\Downloads\STANDING.pdf.part
2015-05-18 00:21 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-05-18 00:21 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-05-18 00:21 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-05-18 00:21 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-05-18 00:21 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-18 00:21 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-05-18 00:21 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-18 00:21 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-18 00:21 - 2015-04-19 22:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-18 00:21 - 2015-04-19 06:59 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-17 23:27 - 2015-05-17 23:27 - 00000852 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-17 23:24 - 2015-05-17 23:25 - 00243656 _____ () C:\Users\Lexy\Downloads\Firefox Setup Stub 38.0.1(1).exe
2015-05-17 23:24 - 2015-05-17 23:24 - 00243656 _____ () C:\Users\Lexy\Downloads\Firefox Setup Stub 38.0.1.exe
2015-05-17 19:52 - 2015-04-10 17:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-17 19:52 - 2015-04-10 17:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-17 19:52 - 2015-04-10 17:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-17 19:52 - 2015-04-10 17:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-17 19:52 - 2015-04-10 17:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-17 19:52 - 2015-04-10 17:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-17 19:52 - 2015-04-10 17:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-17 19:52 - 2015-04-10 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-17 19:52 - 2015-04-10 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-17 19:52 - 2015-04-10 17:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-17 19:52 - 2015-04-10 17:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-17 19:52 - 2015-04-10 17:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-17 19:52 - 2015-04-10 17:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-17 19:52 - 2015-04-10 17:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-17 19:51 - 2015-04-10 17:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-17 19:07 - 2015-01-29 03:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-05-17 19:06 - 2015-01-29 03:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-05-17 19:04 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-05-17 19:04 - 2014-08-27 02:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-05-17 19:02 - 2014-06-16 00:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-05-17 19:02 - 2014-06-13 20:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-05-17 19:02 - 2014-06-13 20:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-05-17 19:00 - 2014-12-19 02:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-05-17 19:00 - 2014-10-10 03:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-05-17 19:00 - 2014-10-10 03:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-17 19:00 - 2014-10-10 01:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-17 18:58 - 2014-11-04 02:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-05-17 18:56 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-17 18:56 - 2015-03-05 04:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-17 18:56 - 2015-01-15 06:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-17 18:56 - 2014-10-10 03:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-17 18:47 - 2014-10-24 03:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-17 18:46 - 2015-03-05 04:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-05-17 18:46 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-17 18:45 - 2015-03-14 04:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-17 18:45 - 2015-03-13 03:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-05-17 18:45 - 2015-03-13 03:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-17 18:45 - 2015-01-09 04:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-17 18:45 - 2015-01-09 02:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-17 18:45 - 2014-10-24 03:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-05-17 18:31 - 2014-11-26 04:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-05-17 18:30 - 2015-02-20 04:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-05-17 18:30 - 2015-02-20 02:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-05-17 18:26 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-17 18:19 - 2015-05-17 18:21 - 00000000 ____D () C:\Users\Lexy\AppData\Local\PDFCreator
2015-05-17 18:18 - 2015-01-21 04:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-05-17 18:17 - 2014-08-12 04:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-05-17 18:11 - 2015-05-17 18:11 - 00000832 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2015-05-17 18:11 - 2015-05-17 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-05-17 18:10 - 2014-10-13 03:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-05-16 10:28 - 2014-12-06 05:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-05-16 10:28 - 2014-10-03 03:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-05-16 10:28 - 2014-10-03 03:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-05-16 10:28 - 2014-10-03 03:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-05-16 10:28 - 2014-10-03 03:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-05-16 10:27 - 2015-02-18 04:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-05-16 10:27 - 2014-12-06 05:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-05-16 10:27 - 2014-12-06 05:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-05-16 10:24 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-16 10:19 - 2014-09-05 01:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2015-05-16 10:15 - 2014-12-08 03:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-05-16 10:14 - 2014-12-06 05:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-05-15 18:05 - 2015-05-15 18:07 - 00000000 ____D () C:\Users\Lexy\Desktop\STICK
2015-05-14 07:29 - 2015-05-14 07:29 - 00000000 ____D () C:\Users\Lexy\AppData\Local\Avg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 00:43 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-22 00:43 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-22 00:39 - 2014-02-22 18:47 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-22 00:37 - 2012-03-02 22:04 - 01132409 _____ () C:\Windows\WindowsUpdate.log
2015-05-22 00:29 - 2012-01-26 23:16 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-05-22 00:27 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-22 00:25 - 2014-04-09 23:33 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-22 00:25 - 2014-04-07 21:35 - 00000000 ____D () C:\Program Files\Opera
2015-05-22 00:25 - 2013-12-29 11:59 - 00513720 _____ () C:\Windows\PFRO.log
2015-05-22 00:24 - 2007-08-02 04:03 - 00003204 _____ () C:\Windows\bthservsdp.dat
2015-05-22 00:24 - 2006-11-02 15:01 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-21 23:57 - 2014-01-11 23:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-21 22:18 - 2013-07-22 21:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-21 14:05 - 2013-12-15 11:33 - 00000820 _____ () C:\Windows\Tasks\Google Software Updater.job
2015-05-21 11:35 - 2014-02-19 01:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-21 11:35 - 2007-12-04 00:38 - 00000000 ____D () C:\ProgramData\Skype
2015-05-21 11:30 - 2013-09-21 09:51 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-21 11:17 - 2007-08-02 04:48 - 00000000 ____D () C:\Program Files\Java
2015-05-21 10:56 - 2007-12-04 00:42 - 00000000 ____D () C:\Users\Lexy\AppData\Roaming\Skype
2015-05-21 10:51 - 2009-02-01 22:21 - 00000000 ____D () C:\Update
2015-05-21 10:46 - 2014-03-20 21:18 - 00000000 ____D () C:\ProgramData\ProductData
2015-05-21 10:42 - 2011-05-22 11:30 - 00000000 ____D () C:\Program Files\IObit
2015-05-21 10:33 - 2011-01-26 23:43 - 00002155 _____ () C:\Windows\epplauncher.mif
2015-05-21 10:20 - 2014-04-14 23:31 - 00000000 _____ () C:\Windows\Model.log
2015-05-21 10:20 - 2009-02-01 22:27 - 00000023 _____ () C:\Windows\Model.txt
2015-05-21 07:28 - 2007-08-02 04:42 - 00000000 ____D () C:\ProgramData\Sony Corporation
2015-05-21 07:28 - 2007-08-02 04:40 - 00000000 ____D () C:\Program Files\Sony
2015-05-21 00:03 - 2008-01-04 21:51 - 00000000 ____D () C:\Program Files\Buhl finance
2015-05-21 00:03 - 2007-08-02 04:27 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-05-20 23:54 - 2012-12-21 00:21 - 00000000 ____D () C:\ProgramData\Gigaset QuickSync
2015-05-20 23:50 - 2012-04-04 07:06 - 00000000 ____D () C:\Users\Lexy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi
2015-05-20 23:45 - 2009-12-12 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Picture Utility
2015-05-20 19:07 - 2007-11-24 16:31 - 00000000 ____D () C:\Users\Lexy
2015-05-20 15:45 - 2014-01-27 23:15 - 00000000 ____D () C:\Users\Lexy\AppData\Roaming\QuickScan
2015-05-19 23:02 - 2012-07-17 20:24 - 00001752 ____H () C:\Users\Lexy\Documents\Default.rdp
2015-05-18 21:32 - 2014-02-22 18:47 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-18 21:18 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-18 20:10 - 2013-07-16 10:40 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-18 16:25 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2015-05-18 16:14 - 2006-11-02 12:33 - 00006798 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-18 16:06 - 2006-11-02 14:47 - 00442120 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-18 16:03 - 2014-02-16 21:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-18 16:03 - 2013-03-21 23:53 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-18 00:23 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2015-05-18 00:23 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-17 23:27 - 2011-03-26 17:44 - 00000864 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-17 19:06 - 2007-10-10 05:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-17 18:12 - 2012-10-14 20:20 - 00000000 ____D () C:\Program Files\PDFCreator
2015-05-17 17:57 - 2011-06-16 19:53 - 00002455 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-16 10:21 - 2010-06-07 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-16 10:20 - 2008-06-01 14:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-15 18:57 - 2012-05-17 08:07 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-15 18:57 - 2011-08-02 18:24 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-30 10:07 - 2006-11-02 12:24 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Files in the root of some directories =======

2007-03-12 18:59 - 2007-03-12 18:59 - 0299008 _____ () C:\Program Files\navigram_register.exe
2011-08-02 18:27 - 2011-07-14 10:31 - 1456640 _____ () C:\Program Files\Common Files\Falk Navi-Manager.msi
2012-07-11 22:12 - 2012-07-11 22:15 - 0002415 _____ () C:\Users\Lexy\AppData\Roaming\hamster_installer_log.txt
2008-10-04 13:13 - 2011-06-12 21:19 - 0027657 _____ () C:\Users\Lexy\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2008-12-29 20:38 - 2011-04-11 22:20 - 0009521 _____ () C:\Users\Lexy\AppData\Roaming\mdbu.bin
2009-10-04 12:02 - 2009-10-04 12:02 - 0000760 _____ () C:\Users\Lexy\AppData\Roaming\setup_ldm.iss
2014-06-19 08:11 - 2014-06-19 08:11 - 0000024 _____ () C:\Users\Lexy\AppData\Roaming\temp.ini
2012-01-26 23:34 - 2012-01-26 23:34 - 0020289 _____ () C:\Users\Lexy\AppData\Roaming\UserTile.png
2007-11-25 02:26 - 2007-12-05 21:36 - 0000572 _____ () C:\Users\Lexy\AppData\Roaming\wklnhst.dat
2010-11-20 22:11 - 2012-06-11 01:14 - 0001188 _____ () C:\Users\Lexy\AppData\Local\crc32list11.txt
2007-12-04 00:39 - 2007-12-04 00:39 - 0000552 _____ () C:\Users\Lexy\AppData\Local\d3d8caps.dat
2008-02-22 20:02 - 2012-03-02 23:32 - 0001356 _____ () C:\Users\Lexy\AppData\Local\d3d9caps.dat
2007-11-24 16:39 - 2014-02-08 11:33 - 0154624 _____ () C:\Users\Lexy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-11 22:15 - 2012-07-11 22:15 - 0000393 _____ () C:\Users\Lexy\AppData\Local\HamsterVideoConverterSettings.cfg
2009-03-10 22:38 - 2009-04-15 09:29 - 0000089 _____ () C:\Users\Lexy\AppData\Local\qeymg.bat
2009-04-07 17:08 - 2009-04-10 08:44 - 0313413 _____ () C:\Users\Lexy\AppData\Local\ywwamqw_nav.dat
2014-01-27 23:49 - 2014-01-27 23:49 - 0764668 _____ () C:\ProgramData\1390858327.bdinstall.bin
2014-03-22 21:47 - 2014-03-22 21:47 - 0092109 _____ () C:\ProgramData\1395517664.bdinstall.bin
2014-03-22 21:50 - 2014-03-22 21:50 - 0250923 _____ () C:\ProgramData\1395517667.bdinstall.bin
2007-12-05 21:11 - 2007-12-05 21:11 - 0000032 _____ () C:\ProgramData\ezsid.dat
2008-06-01 14:36 - 2008-06-01 14:36 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-11-01 14:35 - 2011-05-20 18:00 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt
2007-10-10 05:18 - 2007-10-10 05:19 - 1132112 _____ () C:\ProgramData\pswi_preloaded.exe

Files to move or delete:
====================
C:\ProgramData\ezsid.dat
C:\ProgramData\pswi_preloaded.exe


Some files in TEMP:
====================
C:\Users\Lexy\AppData\Local\Temp\DivXSetup.exe
C:\Users\Lexy\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Lexy\AppData\Local\Temp\GLF20FD.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF3105.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF3A3F.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF4AE.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF5263.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF5EED.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF6219.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF6756.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF6802.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF6FA0.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF7A24.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF878C.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF8801.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF936A.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF9BC8.EXE
C:\Users\Lexy\AppData\Local\Temp\GLFA9D3.EXE
C:\Users\Lexy\AppData\Local\Temp\GLFD436.EXE
C:\Users\Lexy\AppData\Local\Temp\GLFE24B.EXE
C:\Users\Lexy\AppData\Local\Temp\GLFE8BE.EXE
C:\Users\Lexy\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Lexy\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Lexy\AppData\Local\Temp\lowproc.exe
C:\Users\Lexy\AppData\Local\Temp\promote-upx.exe
C:\Users\Lexy\AppData\Local\Temp\Quarantine.exe
C:\Users\Lexy\AppData\Local\Temp\SHSetup.exe
C:\Users\Lexy\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Lexy\AppData\Local\Temp\sqlite3.dll
C:\Users\Lexy\AppData\Local\Temp\stubhelper.dll
C:\Users\Lexy\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Lexy\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Lexy\AppData\Local\Temp\_is6F6D.exe
C:\Users\Lexy\AppData\Local\Temp\_is98DD.exe
C:\Users\Lexy\AppData\Local\Temp\_isA466.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-22 00:32

==================== End of log ============================

cosinus 22.05.2015 10:01
Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

alexbk 22.05.2015 11:26
frst
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-05-2015
Ran by Lexy (administrator) on LEXY-PC on 22-05-2015 11:08:35
Running from C:\Users\Lexy\Desktop
Loaded Profiles: Lexy (Available profiles: Lexy)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Sony Corporation) C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
(NCP engineering GmbH) C:\Program Files\LANCOM\Advanced VPN Client\NcpBudgetGui.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(NCP engineering GmbH) C:\Program Files\LANCOM\Advanced VPN Client\ncpclcfg.exe
(NCP Engineering GmbH) C:\Program Files\LANCOM\Advanced VPN Client\ncprwsnt.exe
() C:\Program Files\LANCOM\Advanced VPN Client\NCPSEC.EXE
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(SigmaTel, Inc.) C:\Windows\System32\stacsv.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Expert System S.p.A.) C:\Program Files\Duden\Duden Korrektor\DKCore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NcpBudgetGui] => C:\Program Files\LANCOM\Advanced VPN Client\NcpBudgetGui.exe [999424 2013-11-13] (NCP engineering GmbH)
HKLM-x32\...\Run: [NcpPopup] => C:\Program Files\LANCOM\Advanced VPN Client\ncppopup.exe [1011280 2012-03-20] (NCP engineering GmbH)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-04-02] (RealNetworks, Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\VESWinlogon: C:\Windows\SYSTEM32\VESWinlogon.dll [2007-07-25] (Sony Corporation)
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {11b66750-b5e2-11de-9df8-001bfb57dcd1} - explorer .\Start.htm
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {39296a35-1998-11e1-b200-001e101f1838} - F:\AutoRun.exe
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {858936fd-2a7a-11e1-9f04-001a804a3ef4} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {8bdb5a25-1eb6-11dd-a0f9-001bfb57dcd1} - G:\InstallTomTomHOME.exe
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {90147ad3-cb2b-11e0-a807-001a804a3ef4} - F:\AutoRun.exe
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {90147b0c-cb2b-11e0-a807-001e101f82a0} - F:\AutoRun.exe
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\MountPoints2: {f83f8188-d23d-11e0-9eab-001e101f4da1} - F:\AutoRun.exe
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> none
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => "C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe"
HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-03-23]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {539F31C0-3B74-40B9-A47D-9655DDEBB7EC} URL =
SearchScopes: HKU\.DEFAULT -> {76D942BC-59C4-4034-B456-48CE494193B8} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {0E8310AC-7BDC-4C45-8159-319CC44B4E9A} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {539F31C0-3B74-40B9-A47D-9655DDEBB7EC} URL =
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {559EBC72-CCE9-42AE-8E31-119F867AC22D} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {5AFA46B7-57B8-4318-BC64-44C5A7F12DDE} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> {76D942BC-59C4-4034-B456-48CE494193B8} URL = https://www.google.com/search?q={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-21] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-21] (Oracle Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://navigram.com/engine/v1140/Navigram.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-07-12] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-02-18] (DivX, LLC)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-02-18] (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @innoplus.de/ino3DViewer -> C:\Program Files\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll [2008-11-26] (INNOVA-engineering GmbH Dresden)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files\Virtual Earth 3D\ [2010-04-26] ()
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-09-27] (Google)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-04-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2009-04-15] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-04-02] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3626444559-52657498-4274862289-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Lexy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-11-13] (Citrix Online)
FF Extension: Bitdefender QuickScan - C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2015-05-20]
FF Extension: Ghostery - C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\firefox@ghostery.com.xpi [2015-05-15]
FF Extension: NoScript - C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-12-15]
FF Extension: Adblock Plus - C:\Users\Lexy\AppData\Roaming\Mozilla\Firefox\Profiles\xft0vk8n.default-1363947649468\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-22]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord [2009-04-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-25]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-02]

Chrome:
=======
CHR Profile: C:\Users\Lexy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Lexy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-05-27]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2011-12-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2011-12-15] (Avira Operations GmbH & Co. KG)
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2009-07-20] (Logitech, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R2 ncpclcfg; C:\Program Files\LANCOM\Advanced VPN Client\ncpclcfg.exe [150800 2013-10-28] (NCP engineering GmbH)
R2 ncprwsnt; C:\Program Files\LANCOM\Advanced VPN Client\ncprwsnt.exe [1400584 2014-02-28] (NCP Engineering GmbH)
R2 NcpSec; C:\Program Files\LANCOM\Advanced VPN Client\NCPSEC.EXE [119808 2011-04-21] () [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S4 serviceIEConfig; C:\Windows\System32\ieconfig_1und1_svc.exe [662416 2009-04-15] (mquadr.at softwareengineering und consulting gmbh)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S4 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [File not signed]
R2 STacSV; C:\Windows\system32\stacsv.exe [94208 2007-06-12] (SigmaTel, Inc.)
S4 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [104960 2007-11-09] (ArcSoft, Inc.)
S4 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2007-06-28] (Sony Corporation) [File not signed]
S4 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182392 2007-07-25] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2523136 2007-06-21] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-IntegratedServer-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-06-21] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-06-21] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-Mobile-Gateway; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [499712 2007-06-21] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-11] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-UCLS-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-06-21] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-06-21] (Sony Corporation) [File not signed]
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [333088 2008-03-03] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2007-06-28] (Sony Corporation) [File not signed]
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1228336 2014-02-28] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [188416 2007-06-28] (Sony Corporation) [File not signed]
R2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [184320 2007-06-28] (Sony Corporation) [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2009-11-13] (WDC) [File not signed]
R2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [74640 2011-12-15] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137416 2012-02-15] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-12-15] (Avira GmbH)
R1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [9072 2008-07-04] (Sonic Solutions)
R1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [9200 2008-07-04] (Sonic Solutions)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
S3 GigasetGenericUSB; C:\Windows\System32\DRIVERS\GigasetGenericUSB.sys [44032 2012-10-08] (Siemens Home and Office Communication Devices GmbH & Co. KG) [File not signed]
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
S3 ncpfilt; C:\Windows\System32\DRIVERS\ncplelhp.sys [87888 2014-02-28] (NCP Engineering GmbH)
R3 ncplelhp; C:\Windows\System32\DRIVERS\ncplelhp.sys [87888 2014-02-28] (NCP Engineering GmbH)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
S3 SonyImgF; C:\Windows\System32\DRIVERS\SonyImgF.sys [31104 2007-04-05] (Sony Corporation) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2010-02-25] () [File not signed]
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-06-12] (SigmaTel, Inc.)
R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2007-06-05] (Texas Instruments)
S3 w800bus; C:\Windows\System32\DRIVERS\w800bus.sys [60768 2005-06-13] (MCCI)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 ivusb; system32\DRIVERS\ivusb.sys [X]
S3 nmwcdnsu; system32\drivers\nmwcdnsu.sys [X]
S3 nmwcdnsuc; system32\drivers\nmwcdnsuc.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
U5 usbser; C:\Windows\System32\Drivers\usbser.sys [27648 2009-04-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 10:31 - 2015-05-22 10:31 - 00000864 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-22 10:31 - 2015-05-22 10:31 - 00000852 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-22 10:31 - 2015-05-22 10:31 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-22 10:14 - 2015-05-22 10:14 - 00243656 _____ () C:\Users\Lexy\Downloads\Firefox Setup Stub 38.0.1 (1).exe
2015-05-22 00:44 - 2015-05-22 00:44 - 00000000 ____D () C:\Users\Lexy\Desktop\FRST-OlderVersion
2015-05-22 00:42 - 2015-05-22 00:42 - 00002586 _____ () C:\Users\Lexy\Desktop\JRT.txt
2015-05-22 00:39 - 2015-05-22 00:39 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LEXY-PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2015-05-22 00:38 - 2015-05-22 00:38 - 00000000 ____D () C:\RegBackup
2015-05-22 00:36 - 2015-05-22 00:37 - 02720009 _____ (Thisisu) C:\Users\Lexy\Desktop\JRT.exe
2015-05-22 00:30 - 2015-05-22 00:30 - 00014871 _____ () C:\Users\Lexy\Desktop\AdwCleaner[S0].txt
2015-05-22 00:05 - 2015-05-22 00:23 - 00000000 ____D () C:\AdwCleaner
2015-05-22 00:00 - 2015-05-22 00:01 - 00001212 _____ () C:\Users\Lexy\Desktop\mbam.txt
2015-05-21 23:07 - 2015-05-21 23:07 - 02222592 _____ () C:\Users\Lexy\Downloads\AdwCleaner_4.205.exe
2015-05-21 22:57 - 2015-05-22 10:19 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-21 22:56 - 2015-05-21 22:56 - 00000915 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-21 22:56 - 2015-05-21 22:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-21 22:56 - 2015-05-21 22:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-21 22:56 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-21 22:56 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-21 22:56 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-21 22:37 - 2015-05-21 22:37 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Lexy\Downloads\mbam-setup-2.1.6.1022(2).exe
2015-05-21 22:20 - 2015-05-21 22:21 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Lexy\Downloads\mbam-setup-2.1.6.1022(1).exe
2015-05-21 22:14 - 2015-05-21 22:15 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Lexy\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-21 11:49 - 2015-05-21 11:49 - 00000000 ____D () C:\Program Files\ESET
2015-05-21 11:48 - 2015-05-21 11:48 - 02347384 _____ (ESET) C:\Users\Lexy\Downloads\esetsmartinstaller_deu.exe
2015-05-21 11:35 - 2015-05-21 11:35 - 00001880 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-05-21 11:35 - 2015-05-21 11:35 - 00000000 ___RD () C:\Program Files\Skype
2015-05-21 11:35 - 2015-05-21 11:35 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-05-21 11:24 - 2015-05-21 11:19 - 00096352 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-05-21 11:23 - 2015-05-21 11:23 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-05-21 10:31 - 2015-05-21 10:33 - 13662720 _____ (Sony Corporation ) C:\Users\Lexy\Downloads\VEC5_0_01_14040(2).exe
2015-05-21 10:27 - 2015-05-21 10:28 - 08343552 _____ () C:\Users\Lexy\Downloads\vec4_2.exe
2015-05-21 10:24 - 2015-05-21 10:25 - 13662720 _____ (Sony Corporation ) C:\Users\Lexy\Downloads\VEC5_0_01_14040(1).exe
2015-05-21 10:23 - 2015-05-21 10:24 - 13662720 _____ (Sony Corporation ) C:\Users\Lexy\Downloads\VEC5_0_01_14040.exe
2015-05-21 07:28 - 2015-05-21 07:28 - 00000978 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2015-05-20 23:09 - 2015-05-20 23:09 - 00001075 _____ () C:\Users\Lexy\Desktop\Revo Uninstaller.lnk
2015-05-20 23:09 - 2015-05-20 23:09 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-05-20 23:08 - 2015-05-20 23:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Lexy\Downloads\revosetup95.exe
2015-05-20 21:35 - 2015-05-20 21:35 - 00004664 _____ () C:\Users\Lexy\Desktop\Gmer.log
2015-05-20 20:43 - 2015-05-20 20:43 - 00000803 _____ () C:\Users\Lexy\Desktop\ESET online scanner.txt
2015-05-20 20:04 - 2015-05-20 20:04 - 00380416 _____ () C:\Users\Lexy\Desktop\Gmer-19357.exe
2015-05-20 19:16 - 2015-05-20 19:19 - 00075764 _____ () C:\Users\Lexy\Desktop\Addition.txt
2015-05-20 19:12 - 2015-05-22 11:08 - 00027160 _____ () C:\Users\Lexy\Desktop\FRST.txt
2015-05-20 19:11 - 2015-05-22 11:08 - 00000000 ____D () C:\FRST
2015-05-20 19:07 - 2015-05-20 19:08 - 00000470 _____ () C:\Users\Lexy\Desktop\defogger_disable.log
2015-05-20 19:07 - 2015-05-20 19:07 - 00000000 _____ () C:\Users\Lexy\defogger_reenable
2015-05-20 19:04 - 2015-05-20 19:04 - 00050477 _____ () C:\Users\Lexy\Desktop\Defogger.exe
2015-05-20 18:59 - 2015-05-22 00:44 - 01147392 _____ (Farbar) C:\Users\Lexy\Desktop\FRST.exe
2015-05-20 15:51 - 2015-05-20 15:51 - 02347384 _____ (ESET) C:\Users\Lexy\Downloads\esetsmartinstaller_enu.exe
2015-05-20 12:44 - 2015-05-21 10:33 - 00001842 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-20 12:43 - 2015-05-21 10:31 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-18 20:43 - 2015-05-18 20:43 - 01046430 _____ () C:\Users\Lexy\Downloads\STANDING.pdf.part
2015-05-18 00:21 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-05-18 00:21 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-05-18 00:21 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-05-18 00:21 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-05-18 00:21 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-18 00:21 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-05-18 00:21 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-18 00:21 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-18 00:21 - 2015-04-19 22:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-18 00:21 - 2015-04-19 06:59 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-17 23:24 - 2015-05-17 23:25 - 00243656 _____ () C:\Users\Lexy\Downloads\Firefox Setup Stub 38.0.1(1).exe
2015-05-17 23:24 - 2015-05-17 23:24 - 00243656 _____ () C:\Users\Lexy\Downloads\Firefox Setup Stub 38.0.1.exe
2015-05-17 19:52 - 2015-04-10 17:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-17 19:52 - 2015-04-10 17:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-17 19:52 - 2015-04-10 17:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-17 19:52 - 2015-04-10 17:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-17 19:52 - 2015-04-10 17:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-17 19:52 - 2015-04-10 17:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-17 19:52 - 2015-04-10 17:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-17 19:52 - 2015-04-10 17:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-17 19:52 - 2015-04-10 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-17 19:52 - 2015-04-10 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-17 19:52 - 2015-04-10 17:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-17 19:52 - 2015-04-10 17:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-17 19:52 - 2015-04-10 17:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-17 19:52 - 2015-04-10 17:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-17 19:52 - 2015-04-10 17:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-17 19:51 - 2015-04-10 17:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-17 19:07 - 2015-01-29 03:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-05-17 19:06 - 2015-01-29 03:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-05-17 19:04 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-05-17 19:04 - 2014-08-27 02:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-05-17 19:02 - 2014-06-16 00:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-05-17 19:02 - 2014-06-13 20:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-05-17 19:02 - 2014-06-13 20:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-05-17 19:00 - 2014-12-19 02:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-05-17 19:00 - 2014-10-10 03:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-05-17 19:00 - 2014-10-10 03:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-17 19:00 - 2014-10-10 01:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-17 18:58 - 2014-11-04 02:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-05-17 18:56 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-17 18:56 - 2015-03-05 04:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-17 18:56 - 2015-01-15 06:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-17 18:56 - 2014-10-10 03:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-17 18:47 - 2014-10-24 03:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-17 18:46 - 2015-03-05 04:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-05-17 18:46 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-17 18:45 - 2015-03-14 04:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-17 18:45 - 2015-03-13 03:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-05-17 18:45 - 2015-03-13 03:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-17 18:45 - 2015-01-09 04:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-17 18:45 - 2015-01-09 02:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-17 18:45 - 2014-10-24 03:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-05-17 18:31 - 2014-11-26 04:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-05-17 18:30 - 2015-02-20 04:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-05-17 18:30 - 2015-02-20 02:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-05-17 18:26 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-17 18:19 - 2015-05-17 18:21 - 00000000 ____D () C:\Users\Lexy\AppData\Local\PDFCreator
2015-05-17 18:18 - 2015-01-21 04:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-05-17 18:17 - 2014-08-12 04:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-05-17 18:11 - 2015-05-17 18:11 - 00000832 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2015-05-17 18:11 - 2015-05-17 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-05-17 18:10 - 2014-10-13 03:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-05-16 10:28 - 2014-12-06 05:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-05-16 10:28 - 2014-10-03 03:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-05-16 10:28 - 2014-10-03 03:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-05-16 10:28 - 2014-10-03 03:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-05-16 10:28 - 2014-10-03 03:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-05-16 10:27 - 2015-02-18 04:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-05-16 10:27 - 2014-12-06 05:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-05-16 10:27 - 2014-12-06 05:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-05-16 10:24 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-16 10:19 - 2014-09-05 01:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2015-05-16 10:15 - 2014-12-08 03:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-05-16 10:14 - 2014-12-06 05:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-05-15 18:05 - 2015-05-15 18:07 - 00000000 ____D () C:\Users\Lexy\Desktop\STICK
2015-05-14 07:29 - 2015-05-14 07:29 - 00000000 ____D () C:\Users\Lexy\AppData\Local\Avg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 10:57 - 2014-01-11 23:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-22 10:32 - 2014-02-16 21:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-22 10:27 - 2007-12-04 23:12 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-05-22 10:14 - 2014-04-07 21:35 - 00000000 ____D () C:\Program Files\Opera
2015-05-22 10:12 - 2012-03-02 22:04 - 01289324 _____ () C:\Windows\WindowsUpdate.log
2015-05-22 10:10 - 2012-01-26 23:16 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-05-22 10:08 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-22 10:08 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-22 10:07 - 2014-02-22 18:47 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-22 10:07 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-22 01:28 - 2007-08-02 04:03 - 00003204 _____ () C:\Windows\bthservsdp.dat
2015-05-22 01:28 - 2006-11-02 15:01 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-22 01:27 - 2014-01-27 23:15 - 00000000 ____D () C:\Users\Lexy\AppData\Roaming\QuickScan
2015-05-22 00:25 - 2014-04-09 23:33 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-22 00:25 - 2013-12-29 11:59 - 00513720 _____ () C:\Windows\PFRO.log
2015-05-21 22:18 - 2013-07-22 21:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-21 14:05 - 2013-12-15 11:33 - 00000820 _____ () C:\Windows\Tasks\Google Software Updater.job
2015-05-21 11:35 - 2014-02-19 01:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-21 11:35 - 2007-12-04 00:38 - 00000000 ____D () C:\ProgramData\Skype
2015-05-21 11:30 - 2013-09-21 09:51 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-21 11:17 - 2007-08-02 04:48 - 00000000 ____D () C:\Program Files\Java
2015-05-21 10:56 - 2007-12-04 00:42 - 00000000 ____D () C:\Users\Lexy\AppData\Roaming\Skype
2015-05-21 10:51 - 2009-02-01 22:21 - 00000000 ____D () C:\Update
2015-05-21 10:46 - 2014-03-20 21:18 - 00000000 ____D () C:\ProgramData\ProductData
2015-05-21 10:42 - 2011-05-22 11:30 - 00000000 ____D () C:\Program Files\IObit
2015-05-21 10:33 - 2011-01-26 23:43 - 00002155 _____ () C:\Windows\epplauncher.mif
2015-05-21 10:20 - 2014-04-14 23:31 - 00000000 _____ () C:\Windows\Model.log
2015-05-21 10:20 - 2009-02-01 22:27 - 00000023 _____ () C:\Windows\Model.txt
2015-05-21 07:28 - 2007-08-02 04:42 - 00000000 ____D () C:\ProgramData\Sony Corporation
2015-05-21 07:28 - 2007-08-02 04:40 - 00000000 ____D () C:\Program Files\Sony
2015-05-21 00:03 - 2008-01-04 21:51 - 00000000 ____D () C:\Program Files\Buhl finance
2015-05-21 00:03 - 2007-08-02 04:27 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-05-20 23:54 - 2012-12-21 00:21 - 00000000 ____D () C:\ProgramData\Gigaset QuickSync
2015-05-20 23:50 - 2012-04-04 07:06 - 00000000 ____D () C:\Users\Lexy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi
2015-05-20 23:45 - 2009-12-12 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Picture Utility
2015-05-20 19:07 - 2007-11-24 16:31 - 00000000 ____D () C:\Users\Lexy
2015-05-19 23:02 - 2012-07-17 20:24 - 00001752 ____H () C:\Users\Lexy\Documents\Default.rdp
2015-05-18 21:32 - 2014-02-22 18:47 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-18 21:18 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-18 20:10 - 2013-07-16 10:40 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-18 16:25 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2015-05-18 16:14 - 2006-11-02 12:33 - 00006798 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-18 16:06 - 2006-11-02 14:47 - 00442120 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-18 00:23 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2015-05-18 00:23 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-17 19:06 - 2007-10-10 05:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-17 18:12 - 2012-10-14 20:20 - 00000000 ____D () C:\Program Files\PDFCreator
2015-05-17 17:57 - 2011-06-16 19:53 - 00002455 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-16 10:21 - 2010-06-07 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-16 10:20 - 2008-06-01 14:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-15 18:57 - 2012-05-17 08:07 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-15 18:57 - 2011-08-02 18:24 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-30 10:07 - 2006-11-02 12:24 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Files in the root of some directories =======

2007-03-12 18:59 - 2007-03-12 18:59 - 0299008 _____ () C:\Program Files\navigram_register.exe
2011-08-02 18:27 - 2011-07-14 10:31 - 1456640 _____ () C:\Program Files\Common Files\Falk Navi-Manager.msi
2012-07-11 22:12 - 2012-07-11 22:15 - 0002415 _____ () C:\Users\Lexy\AppData\Roaming\hamster_installer_log.txt
2008-10-04 13:13 - 2011-06-12 21:19 - 0027657 _____ () C:\Users\Lexy\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2008-12-29 20:38 - 2011-04-11 22:20 - 0009521 _____ () C:\Users\Lexy\AppData\Roaming\mdbu.bin
2009-10-04 12:02 - 2009-10-04 12:02 - 0000760 _____ () C:\Users\Lexy\AppData\Roaming\setup_ldm.iss
2014-06-19 08:11 - 2014-06-19 08:11 - 0000024 _____ () C:\Users\Lexy\AppData\Roaming\temp.ini
2012-01-26 23:34 - 2012-01-26 23:34 - 0020289 _____ () C:\Users\Lexy\AppData\Roaming\UserTile.png
2007-11-25 02:26 - 2007-12-05 21:36 - 0000572 _____ () C:\Users\Lexy\AppData\Roaming\wklnhst.dat
2010-11-20 22:11 - 2012-06-11 01:14 - 0001188 _____ () C:\Users\Lexy\AppData\Local\crc32list11.txt
2007-12-04 00:39 - 2007-12-04 00:39 - 0000552 _____ () C:\Users\Lexy\AppData\Local\d3d8caps.dat
2008-02-22 20:02 - 2012-03-02 23:32 - 0001356 _____ () C:\Users\Lexy\AppData\Local\d3d9caps.dat
2007-11-24 16:39 - 2014-02-08 11:33 - 0154624 _____ () C:\Users\Lexy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-11 22:15 - 2012-07-11 22:15 - 0000393 _____ () C:\Users\Lexy\AppData\Local\HamsterVideoConverterSettings.cfg
2009-03-10 22:38 - 2009-04-15 09:29 - 0000089 _____ () C:\Users\Lexy\AppData\Local\qeymg.bat
2009-04-07 17:08 - 2009-04-10 08:44 - 0313413 _____ () C:\Users\Lexy\AppData\Local\ywwamqw_nav.dat
2014-01-27 23:49 - 2014-01-27 23:49 - 0764668 _____ () C:\ProgramData\1390858327.bdinstall.bin
2014-03-22 21:47 - 2014-03-22 21:47 - 0092109 _____ () C:\ProgramData\1395517664.bdinstall.bin
2014-03-22 21:50 - 2014-03-22 21:50 - 0250923 _____ () C:\ProgramData\1395517667.bdinstall.bin
2007-12-05 21:11 - 2007-12-05 21:11 - 0000032 _____ () C:\ProgramData\ezsid.dat
2008-06-01 14:36 - 2008-06-01 14:36 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-11-01 14:35 - 2011-05-20 18:00 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt
2007-10-10 05:18 - 2007-10-10 05:19 - 1132112 _____ () C:\ProgramData\pswi_preloaded.exe

Files to move or delete:
====================
C:\ProgramData\ezsid.dat
C:\ProgramData\pswi_preloaded.exe


Some files in TEMP:
====================
C:\Users\Lexy\AppData\Local\Temp\DivXSetup.exe
C:\Users\Lexy\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Lexy\AppData\Local\Temp\GLF20FD.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF3105.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF3A3F.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF4AE.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF5263.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF5EED.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF6219.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF6756.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF6802.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF6FA0.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF7A24.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF878C.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF8801.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF936A.EXE
C:\Users\Lexy\AppData\Local\Temp\GLF9BC8.EXE
C:\Users\Lexy\AppData\Local\Temp\GLFA9D3.EXE
C:\Users\Lexy\AppData\Local\Temp\GLFD436.EXE
C:\Users\Lexy\AppData\Local\Temp\GLFE24B.EXE
C:\Users\Lexy\AppData\Local\Temp\GLFE8BE.EXE
C:\Users\Lexy\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Lexy\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Lexy\AppData\Local\Temp\lowproc.exe
C:\Users\Lexy\AppData\Local\Temp\promote-upx.exe
C:\Users\Lexy\AppData\Local\Temp\Quarantine.exe
C:\Users\Lexy\AppData\Local\Temp\SHSetup.exe
C:\Users\Lexy\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Lexy\AppData\Local\Temp\sqlite3.dll
C:\Users\Lexy\AppData\Local\Temp\stubhelper.dll
C:\Users\Lexy\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Lexy\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Lexy\AppData\Local\Temp\_is6F6D.exe
C:\Users\Lexy\AppData\Local\Temp\_is98DD.exe
C:\Users\Lexy\AppData\Local\Temp\_isA466.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-22 10:15

==================== End of log ============================
addition
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-05-2015
Ran by Lexy at 2015-05-22 11:10:35
Running from C:\Users\Lexy\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3626444559-52657498-4274862289-500 - Administrator - Disabled)
Guest (S-1-5-21-3626444559-52657498-4274862289-501 - Limited - Disabled)
Lexy (S-1-5-21-3626444559-52657498-4274862289-1002 - Administrator - Enabled) => C:\Users\Lexy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: LANCOM Advanced VPN Client (Disabled) {BEB21647-135A-7893-42A0-BBC3960C218D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D-Viewer-innoPlus (HKLM\...\{B96DB037-DBEA-4186-9081-9CBD537F82E8}) (Version: 10.00.0119 - INNOVA-engineering GmbH)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Adobe SVG Viewer (HKLM\...\Adobe SVG Viewer) (Version: 1.0 - Adobe Systems, Inc.)
AFPL Ghostscript 8.54 (HKLM\...\AFPL Ghostscript 8.54) (Version:  - )
AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version:  - )
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
ArcSoft Magic-i Visual Effects Installer (HKLM\...\{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}) (Version:  - ArcSoft)
AVS DVD Player version 2.4 (HKLM\...\AVS DVD Player_is1) (Version:  - Online Media Technologies Ltd.)
Bing Maps 3D (HKLM\...\{2D87E961-577B-492B-AD54-1368680FB9A7}) (Version: 4.0.903.16005 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CadStd (HKLM\...\CadStd) (Version: 3.7.4 - Apperson & Daughters)
CanoScan Toolbox Ver4.1 (HKLM\...\{BCE46757-7674-4416-BEDB-68205A60409E}) (Version:  - )
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Citrix Online Launcher (HKLM\...\{307ECD26-43D7-4AD4-82CF-794B63EDF096}) (Version: 1.0.141 - Citrix)
Click to DVD 2.0.05 Menu Data (HKLM\...\{9E407618-D9CD-4F39-9490-9ED45294073D}) (Version: 2.0.05 - Sony Corporation)
Click to DVD 2.6.00 (HKLM\...\{E809063C-51A3-4269-8984-D1EB742F2151}) (Version: 2.6.00 - Sony Corporation)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
DSD Direct (HKLM\...\{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}) (Version: 2.0.01 - Sony Corporation)
DSD Playback Plug-in (HKLM\...\{009E7FB7-1775-4D89-8956-F5C9A1C019FC}) (Version: 1.1 - Sony Corporation)
DSL Connection Manager (Version: 2.0.0.17 - Telefónica o2 Germany GmbH & Co. OHG) Hidden
Duden Korrektor PLUS (HKLM\...\InstallShield_{541E5E15-7186-4395-9593-16D02765FF27}) (Version: 5.00.1507.00 - Duden)
Duden Korrektor PLUS (Version: 5.00.1507.00 - Duden) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Falk Navi-Manager (Version: 2.1.0.0 - Falk Marcopolo Interactive GmbH) Hidden
Falk Navi-Manager (Version: 2.7.0 - Falk Navigation GmbH) Hidden
Favorit (HKLM\...\qeymg) (Version:  - )
GearDrvs (Version: 1 - Symantec Corporation) Hidden
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GoToMeeting 5.9.0.1207 (HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)
GPL Ghostscript 9.00 (HKLM\...\GPL Ghostscript 9.00) (Version:  - )
GuG - Grundstücksmarkt und Grundstückswert (HKLM\...\{B4ACF448-765F-45B0-9C2A-05E426600A4C}) (Version: 1.0 - Wolters Kluwer Deutschland Information Services GmbH)
HDAUDIO SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200) (Version:  - )
Instant Mode (HKLM\...\{E6707034-D7A4-49B1-94D0-F5AACE46F06C}) (Version: 1.0.2 - InterVideo)
iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JiveX DICOM Viewer Light 4.4.2 (HKLM\...\JiveX DICOM Viewer Light 4.4.2) (Version:  - VISUS Technology Transfer GmbH)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
LANCOM Advanced VPN Client (HKLM\...\NCP RWS/GA) (Version: 2.32 Build 218 - LANCOM Systems GmbH)
LocationFree Player (HKLM\...\{D937DD80-3928-4617-876F-538A25AECB17}) (Version: 3.02.0000 - Sony Corporation)
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 16.002.03.02.511 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 38.0.1 (x86 de) (HKLM\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.2 - F.J. Wechselberger)
NAVIGON Fresh 3.4.1 (HKLM\...\NAVIGON Fresh) (Version: 3.4.1 - NAVIGON)
Norton 360 (Version: 1.2.0.10 - Symantec Corporation) Hidden
Office-Bibliothek (HKLM\...\{5C81B189-5456-40C4-9313-7FE6FA6DD64C}) (Version: 5.00.3 - Bibliographisches Institut & F.A. Brockhaus AG)
OpenMG Limited Patch 4.7-07-15-19-01 (HKLM\...\OpenMG HotFix4.7-07-13-22-01) (Version:  - )
OpenMG Secure Module 4.7.00 (HKLM\...\InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation)
OpenMG Secure Module 4.7.00 (Version: 4.7.00.12140 - Sony Corporation) Hidden
Opera Stable 29.0.1795.60 (HKLM\...\Opera 29.0.1795.60) (Version: 29.0.1795.60 - Opera Software ASA)
PDF Blender (HKLM\...\PDF Blender) (Version:  - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.1 - pdfforge)
Primo (Version: 1.00.0000 - Your Company Name) Hidden
QuickBooks Product Listing Service (HKLM\...\{91208A47-5D08-4C79-986F-1931940F51BB}) (Version: 2.0.148 - Intuit)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Regel 7.0 Standard Demo (HKLM\...\Regel 7.0 Standard Demo) (Version: 7.01 - HPW-Software)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Runtime (Version: 1.00.0000 - Your Company Name) Hidden
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Samsung New PC Studio USB Driver Installer (HKLM\...\InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio USB Driver Installer (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Samsung PC Studio 3 USB Driver Installer (HKLM\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Samsung Samples Installer (HKLM\...\{7AC15160-A49B-4A89-B181-D4619C025FFF}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
SAMSUNG SYMBIAN USB Download Driver (HKLM\...\{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}) (Version: 1.1.808.7165 - SAMSUNG Electronics CO,.LTD)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.103.0 - SAMSUNG Electronics Co., Ltd.)
SamsungConnectivityCableDriver (HKLM\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung)
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Setting Utility Series (HKLM\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 3.0.00.07240 - Sony Corporation)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SlimDX Redistributable (June 2010) (HKLM\...\{354D00E0-C7C9-4BC1-BC12-08C4977AA827}) (Version: 2.0.10.43 - SlimDX Group)
SonicStage Mastering Studio Audio Filter (HKLM\...\{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}) (Version: 2.3.01 - Sony Corporation)
SonicStage Mastering Studio Audio Filter Custom Preset (HKLM\...\{EC37A846-53AC-4DA7-98FA-76A4E74AA900}) (Version: 2.3 - Sony Corporation)
SonicStage Mastering Studio Plugins (HKLM\...\{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}) (Version: 2.4 - Sony Corporation)
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 4.2.11.14260 - Sony Corporation)
Sony Video Shared Library (HKLM\...\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}) (Version: 3.2.00 - Sony Corporation)
Sublight (HKLM\...\Sublight_is1) (Version: 4.0.0 - Sublight Labs)
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.16642 - TeamViewer)
TVUPlayer 2.5.2.2 (HKLM\...\TVUPlayer) (Version: 2.5.2.2 - TVU networks)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
UUSEE(ÓÆÊÓÍøÂçµçÊÓ) 4.3.6.5 (HKLM\...\UUSEE(ÓÆÊÓÍøÂçµçÊÓ)) (Version: 4.3.6.5 - UUSee company, Inc.)
VAIO Azure Float Wallpaper (HKLM\...\{0312BD0D-A1FE-4E1A-9208-D436F566D867}) (Version: 1.0.00.10100 - Sony Corporation)
VAIO Camera Capture Utility (HKLM\...\{6D2576EC-A0E9-418A-A09A-409933A3B6F4}) (Version: 2.7.01.08030 - Sony Corporation)
VAIO Center Access Bar (HKLM\...\{C299F969-AE3D-4679-ADF5-682A186CE62E}) (Version: 1.00.0622 - Sony)
VAIO Content Folder Setting (HKLM\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 1.0.00.07170 - Sony Corporation)
VAIO Content Importer  VAIO Content Exporter (Version: 1.4.73.04270 - Sony Corporation) Hidden
VAIO Content Importer / VAIO Content Exporter (HKLM\...\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}) (Version: 1.4.73.04270 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (HKLM\...\{DEBA60A3-7CDE-48D7-993D-7C68663AEE68}) (Version: 3.0.01.03032 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (Version: 3.0.01.03032 - Sony Corporation) Hidden
VAIO Content Metadata Manager Settings (HKLM\...\{12D0BE8D-538C-4AB1-86DE-C540308F50DA}) (Version: 3.6.0.09240 - Sony Corporation)
VAIO Content Metadata Manager Settings (Version: 3.6.0.09240 - Sony Corporation) Hidden
VAIO Content Metadata XML Interface Library (HKLM\...\{AEBB1D78-EB8C-4F8B-B57E-459958979C3B}) (Version: 3.1.00.03103 - Sony Corporation)
VAIO Content Metadata XML Interface Library (Version: 3.1.00.03103 - Sony Corporation) Hidden
VAIO Control Center (HKLM\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 2.1.00.07110 - Sony Corporation)
VAIO Entertainment Center (HKLM\...\{E74F7423-77CB-4F6A-A44D-604E1010FE50}) (Version: 2.00.0711 - Sony)
VAIO Entertainment Platform (HKLM\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.0.00.06280 - Sony Corporation)
VAIO Event Service (HKLM\...\{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}) (Version: 3.2.00.07240 - Sony Corporation)
VAIO Floral Dusk Wallpaper (HKLM\...\{B59B3DA8-06F8-4B4C-AE94-5180753EF108}) (Version: 1.0.00.10100 - Sony Corporation)
VAIO Help And Support (HKLM\...\{7D716354-2C08-48DC-9AC5-957348048817}) (Version: 3.10.0724.FZVP - Sony Corporation)
VAIO Launcher (HKLM\...\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}) (Version: 1.0.00.07090 - Sony Corporation)
VAIO Media (Version: 6.0.10 - Sony Corporation) Hidden
VAIO Media 6.0 (HKLM\...\{560F6B2E-F0DF-44E5-8190-A4A161F0E205}) (Version: 6.0.10 - Sony Corporation)
VAIO Media AC3 Decoder 1.0 (HKLM\...\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}) (Version:  - )
VAIO Media Content Collection 6.0 (HKLM\...\{500162A0-4DD5-460A-BAFD-895AAE48C532}) (Version:  - Sony Corporation)
VAIO Media Integrated Server 6.1 (HKLM\...\{785EB1D4-ECEC-4195-99B4-73C47E187721}) (Version:  - Sony Corporation)
VAIO Media Redistribution 6.0 (HKLM\...\{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}) (Version: 6.0.10 - Sony Corporation)
VAIO Media Registration Tool (Version: 6.0.10 - Sony Corporation) Hidden
VAIO Media Registration Tool 6.0 (HKLM\...\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}) (Version: 6.0.10 - Sony Corporation)
VAIO Movie Story (HKLM\...\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 1.3.02.09240 - Sony Corporation)
VAIO Movie Story (Version: 1.0.00.18280 - Sony Corporation) Hidden
VAIO Movie Story 1.3 Upgrade (Version: 1.3.02.09240 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM\...\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 1.3.00.06120 - Sony Corporation)
VAIO MusicBox (HKLM\...\{4EA55D20-27FB-45D7-8726-147E8A5F6C62}) (Version: 1.0.00.07090 - Sony Corporation)
VAIO MusicBox Sample Music (HKLM\...\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}) (Version: 1.0.00.07030 - Sony Corporation)
VAIO OOBE (HKLM\...\{1B500D37-E7CF-480B-8054-8A563594EC4E}) (Version: 3.00.0710 - Sony Corporation)
VAIO Original Function Settings (Version: 2.0.2.02240 - Sony Corporation) Hidden
VAIO Original Funktion Einstellungen (HKLM\...\{7C404084-C5A6-42FF-B731-0BAC79A6E134}) (Version: 2.0.2.02240 - Sony Corporation)
VAIO PC Wireless LAN Wizard (HKLM\...\{BCED773C-99EE-48DD-8915-25733F69F0A8}) (Version: 1.00.0716 - Sony)
VAIO Power Management (HKLM\...\{802889F8-6AF5-45A5-9764-CA5B999E50FC}) (Version: 2.2.00.06130 - Sony Corporation)
VAIO Productivity Center (HKLM\...\{BABC878D-BB64-4688-9A88-1D9E88F339A9}) (Version: 2.00.0702 - Sony)
VAIO Security Center (HKLM\...\{CFED0AE3-6D93-4745-B8A0-F3410B493CC4}) (Version: 5.00.0716 - Sony Corporation)
VAIO Service Utility (HKLM\...\VAIO Service Utility) (Version: 1.1.1.3 - Sony)
VAIO Survey (HKLM\...\{34B37A74-125E-4406-87BA-E4BD3D097AE5}) (Version: 5.00.7207 - Sony)
VAIO Teal Whisper Wallpaper (HKLM\...\{235915A8-1C0D-4920-95EA-FE8B773E5F57}) (Version: 1.0.00.10100 - Sony Corporation)
VAIO Update (HKLM\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VU5x86 (Version: 1.1.0 - Sony Corporation ) Hidden
WD SmartWare (HKLM\...\{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}) (Version: 1.2.0.8 - Western Digital)
WIDCOMM Bluetooth Software 6.1.0.1203 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.1.0.1203 - Broadcom Corporation)
Winamp (HKLM\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live OneCare safety scanner (HKLM\...\Windows Live OneCare safety scanner) (Version:  - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinDVD for VAIO (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B8.384 - InterVideo Inc.)
WinDVD for VAIO (Version: 8.0-B8.384 - InterVideo Inc.) Hidden
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Wireless Switch Setting Utility (HKLM\...\{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}) (Version: 3.6.00.18210 - Sony Corporation)
WISO Mein Geld 2012 Professional (HKLM\...\WISO Mein Geld 2012 Professional) (Version:  - Buhl Data Service GmbH)
WISO Mein Geld 2012 Professional (Version: 14.0.1.18 - Buhl Data Service GmbH) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3626444559-52657498-4274862289-1002_Classes\CLSID\{16569F81-76A4-4339-8745-BE295A404D9B}\InprocServer32 -> C:\Users\Lexy\appdata\local\microsoft\Windows Sidebar\Gadgets\Video.Gadget\dll\AOLVideoGadgetHelper.dll (AOL)
CustomCLSID: HKU\S-1-5-21-3626444559-52657498-4274862289-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1207\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================

21-05-2015 16:02:39 Scheduled Checkpoint
21-05-2015 22:11:10 Revo Uninstaller's restore point - AVG 2014
21-05-2015 22:26:33 AVG 2014 wurde entfernt
21-05-2015 22:32:53 Removed AVG 2014
22-05-2015 10:15:24 Revo Uninstaller's restore point - Mozilla Firefox 38.0.1 (x86 de)
22-05-2015 10:20:03 Revo Uninstaller's restore point - Apple Software Update
22-05-2015 10:23:01 Revo Uninstaller's restore point - Apple Mobile Device Support

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1            localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00BB28EE-F330-4C8F-8DD9-51380D2DE6A6} - System32\Tasks\{DB02960D-3E88-4F50-80B9-90C6A3F5CF76} => Firefox.exe hxxp://www.skype.com/go/downloading?source=installer&amp;ver=7.4.85.102&amp;LastError=-9
Task: {13184BE2-ECFA-4607-B38F-4A677FEC7DCE} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3626444559-52657498-4274862289-1002 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {1BA0811D-9E53-421B-9380-FBB3084F8A92} - System32\Tasks\Opera scheduled Autoupdate 1398549131 => c:\program files\opera\launcher.exe [2015-05-18] (Opera Software)
Task: {1DEFA22E-F22F-4D7B-8992-59D93FD16AAC} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {1E423AF4-5D61-47F1-9659-80E740800CC8} - System32\Tasks\{C926E061-3CD6-4605-AD6D-51FB41686C06} => pcalua.exe -a C:\Users\Lexy\AppData\Local\Temp\GLF6E1C\EP0000187620.exe -d C:\Users\Lexy\AppData\Local\Temp\GLF6E1C
Task: {1EF63912-26B9-45AB-9E78-51CE88ECAEDC} - System32\Tasks\{31D8B88E-6B28-4D94-B239-069674C107F0} => pcalua.exe -a "C:\Users\Lexy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7I81YI66\q816506.exe" -d C:\Users\Lexy\Desktop
Task: {3AFDB2BD-46B7-46E8-8DEC-7DE5A066D708} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-15] (Adobe Systems Incorporated)
Task: {3BA2BE2C-9925-49F1-A81C-B35EFCDA5B5A} - System32\Tasks\{D3E96DE9-9061-4E0D-99F4-11A89251A520} => Firefox.exe hxxp://ui.skype.com/ui/0/7.4.85.102/de/go/help.faq.installer?LastError=1603
Task: {41867401-B848-4F45-BEB8-4C04E3BA9BDA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-08] (Google Inc.)
Task: {4EFE2AA6-63D6-432A-A4DB-5E3D0DD282A1} - System32\Tasks\SONY\WSSU\WSSU => C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe [2007-06-15] (Sony Corporation)
Task: {750513BF-A40A-4FBC-837A-DA8D3395CF32} - System32\Tasks\{FEA3844A-A767-403F-A228-E4BC401617BC} => pcalua.exe -a "C:\Program Files\LANCOM\Advanced VPN Client\UNINST.EXE" -d "C:\Program Files\LANCOM\Advanced VPN Client"
Task: {7AE3B831-1023-4614-B006-0C4AD9A881AB} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {9D072985-EF80-4BCB-830F-889986F4C856} - System32\Tasks\{811984AA-D715-4EB8-B0D9-CCB0832052AF} => c:\program files\opera\launcher.exe [2015-05-18] (Opera Software)
Task: {A857E555-7A14-4F9C-8D7D-CC11FF1540D2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3626444559-52657498-4274862289-1002 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {AA3CEAC4-2784-470F-B81F-25A33017ACE8} - System32\Tasks\{6340DE61-6134-4A47-9B42-62C393E49845} => pcalua.exe -a C:\Users\Lexy\AppData\Local\Temp\GLF9F10\EP0000187620.exe -d C:\Users\Lexy\AppData\Local\Temp\GLF9F10
Task: {ABBC905E-631C-477F-828C-A604F6C54B04} - System32\Tasks\{7BD98EDA-7CFE-463B-8AA2-22D8DFF9C883} => pcalua.exe -a C:\Users\Lexy\AppData\Local\Temp\GLFB6B0\EP0000187620.exe -d C:\Users\Lexy\AppData\Local\Temp\GLFB6B0
Task: {B3063F29-D8EF-4B30-BEF9-D771E53362A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-08] (Google Inc.)
Task: {F3D0EA79-FE36-48D0-8D34-84BBDCBD6099} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-27] (Google)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2007-08-02 04:51 - 2007-06-29 14:56 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2014-04-21 22:02 - 2014-02-28 13:02 - 00108032 _____ () C:\Program Files\LANCOM\Advanced VPN Client\ncpmif32.dll
2012-07-17 14:55 - 2002-06-28 10:16 - 00151552 _____ () C:\Program Files\LANCOM\Advanced VPN Client\ncpcfg.dll
2012-07-17 14:55 - 2013-11-11 15:02 - 00199168 _____ () C:\Program Files\LANCOM\Advanced VPN Client\ncpdlg.dll
2012-07-17 14:55 - 2002-09-04 15:27 - 00102400 _____ () C:\Program Files\LANCOM\Advanced VPN Client\ncpcry.dll
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2012-07-17 14:55 - 2011-10-12 15:43 - 00148992 _____ () C:\Program Files\LANCOM\Advanced VPN Client\ncpbudget2008.dll
2014-04-21 22:02 - 2011-04-21 07:11 - 00119808 _____ () C:\Program Files\LANCOM\Advanced VPN Client\NCPSEC.EXE
2014-04-21 22:02 - 2014-02-18 12:51 - 01817088 _____ () C:\Program Files\LANCOM\Advanced VPN Client\ncpgacc.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2015-05-21 11:19 - 2015-05-21 11:19 - 00019040 _____ () C:\Program Files\Java\jre1.8.0_45\bin\jp2native.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2007-04-15 21:44 - 2007-04-15 21:44 - 00898560 _____ () C:\Program Files\Duden\Duden Korrektor\libxml2.dll
2007-04-15 21:44 - 2007-04-15 21:44 - 00073728 _____ () C:\Program Files\Duden\Duden Korrektor\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3626444559-52657498-4274862289-1002\...\100sexlinks.com -> 100sexlinks.com

There are 4791 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\img24.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Application Updater => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DfSdkS => 3
MSCONFIG\Services: FsUsbExService => 2
MSCONFIG\Services: gusvc => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: IMFservice => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: IviRegMgr => 2
MSCONFIG\Services: MSCSPTISRV => 3
MSCONFIG\Services: PDF Architect Helper Service => 2
MSCONFIG\Services: PDF Architect Service => 2
MSCONFIG\Services: SamsungAllShareV2.0 => 2
MSCONFIG\Services: serviceIEConfig => 2
MSCONFIG\Services: SimpleSlideShowServer => 3
MSCONFIG\Services: SPTISRV => 3
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: uCamMonitor => 2
MSCONFIG\Services: vToolbarUpdater15.3.0 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^t@x aktuell.lnk => C:\Windows\pss\t@x aktuell.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Advanced SystemCare 6 =>
MSCONFIG\startupreg: AllShareAgent =>
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service =>
MSCONFIG\startupreg: AutoStartNPSAgent => c:\program files\samsung\samsung new pc studio\npsagent.exe
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: Google Updater => "c:\program files\google\google updater\googleupdater.exe" -check_deprecation
MSCONFIG\startupreg: iTunesHelper => c:\program files\itunes\ituneshelper.exe
MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => khalmnpr.exe
MSCONFIG\startupreg: LifeCam => "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: NcpBudgetGui => "c:\program files\lancom\advanced vpn client\ncpbudgetgui.exe" -start
MSCONFIG\startupreg: NcpPopup => "C:\Program Files\LANCOM\Advanced VPN Client\ncppopup.exe" noerrmsg
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "c:\program files\skype\phone\skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TomTomHOME.exe =>
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: Windows Mobile-based device management => %windir%\WindowsMobile\wmdSync.exe
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\Lexy\AppData\Roaming\Yontoo\YontooDesktop.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{78E22DB7-B77B-4EC8-A7CD-2F34595FF90D}] => (Allow) C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe
FirewallRules: [{1B8CD137-BEAB-461F-9DF7-D29C96EFBBA4}] => (Allow) C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe
FirewallRules: [{49679896-5EA7-448F-A3CB-1CF1C5D5937A}] => (Allow) C:\Program Files\Sony\VAIO Media 6.0\Vc.exe
FirewallRules: [{FD6549A7-3B54-45E7-8485-87538CC01817}] => (Allow) C:\Program Files\Sony\VAIO Media 6.0\Vc.exe
FirewallRules: [TCP Query User{D8420B1C-4C69-476F-808D-41BF87E497CD}C:\program files\sopcast\sopcast.exe] => (Block) C:\program files\sopcast\sopcast.exe
FirewallRules: [UDP Query User{B58D82AB-5689-4D8B-B86A-4DCD8F237CD1}C:\program files\sopcast\sopcast.exe] => (Block) C:\program files\sopcast\sopcast.exe
FirewallRules: [TCP Query User{8ED12532-C267-416A-98F4-161B28A004E9}C:\program files\sopcast\adv\sopadver.exe] => (Block) C:\program files\sopcast\adv\sopadver.exe
FirewallRules: [UDP Query User{E0666EA3-E127-4089-A4B6-F3F67CB27086}C:\program files\sopcast\adv\sopadver.exe] => (Block) C:\program files\sopcast\adv\sopadver.exe
FirewallRules: [TCP Query User{17BBCC43-953A-40BB-AB6E-AAC2666E6877}C:\program files\sopcast\adv\sopadver.exe] => (Allow) C:\program files\sopcast\adv\sopadver.exe
FirewallRules: [UDP Query User{E44440C6-02FE-4003-B98F-66CE88E402EE}C:\program files\sopcast\adv\sopadver.exe] => (Allow) C:\program files\sopcast\adv\sopadver.exe
FirewallRules: [TCP Query User{4A2C1C82-6AC7-4090-B226-19E775DB8331}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
FirewallRules: [UDP Query User{FFCBC131-396A-4A12-8110-C2DB6DD8BFD4}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
FirewallRules: [{316B6993-98A7-49DC-A7A5-7511274368D6}] => (Allow) C:\Program Files\PPLive\PPLive.exe
FirewallRules: [{15D08214-15C6-411C-81CF-2E18E8DA7F47}] => (Allow) C:\Program Files\PPLive\PPLive.exe
FirewallRules: [TCP Query User{4527B42F-E487-4AA0-A7AE-117CBB0C272D}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{EFEA7E9B-4F87-401B-9AF1-8C6CD0ABC163}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{6513C40B-9BB1-4069-8246-A7B1B80DBF7B}C:\program files\surfmusik 3.1\surfmusik.exe] => (Allow) C:\program files\surfmusik 3.1\surfmusik.exe
FirewallRules: [UDP Query User{4672F9F9-1FA3-4C17-9CC6-F0977DD086D7}C:\program files\surfmusik 3.1\surfmusik.exe] => (Allow) C:\program files\surfmusik 3.1\surfmusik.exe
FirewallRules: [TCP Query User{FE4296B5-1FBF-4EAF-9400-6F50D267F1E9}C:\program files\zattoo\zattood.exe] => (Allow) C:\program files\zattoo\zattood.exe
FirewallRules: [UDP Query User{707F14F2-05AC-4F1D-9596-8DBA3F59A11C}C:\program files\zattoo\zattood.exe] => (Allow) C:\program files\zattoo\zattood.exe
FirewallRules: [TCP Query User{75A2F8B7-206C-40AA-971E-6CB10D2898DB}C:\program files\zattoo\zattoo.exe] => (Allow) C:\program files\zattoo\zattoo.exe
FirewallRules: [UDP Query User{C1264FB3-5303-4F90-AB1D-75BB37B47FBA}C:\program files\zattoo\zattoo.exe] => (Allow) C:\program files\zattoo\zattoo.exe
FirewallRules: [TCP Query User{052C97EE-670F-4899-81BA-9BFFD2FBB866}C:\program files\tvuplayer\tvuplayer.exe] => (Allow) C:\program files\tvuplayer\tvuplayer.exe
FirewallRules: [UDP Query User{CF0B7CE9-B954-42C8-B834-A2BA3CF406C7}C:\program files\tvuplayer\tvuplayer.exe] => (Allow) C:\program files\tvuplayer\tvuplayer.exe
FirewallRules: [TCP Query User{4F6E18A8-F82A-4534-9A53-58F6494017B6}C:\program files\real\realplayer\realplay.exe] => (Block) C:\program files\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{9CFF79C9-DF75-4936-B437-359127255740}C:\program files\real\realplayer\realplay.exe] => (Block) C:\program files\real\realplayer\realplay.exe
FirewallRules: [TCP Query User{5E8FBB86-6DC7-492F-A04A-844CB89365C0}C:\program files\nokia\nokia software updater\nsu_ui_client.exe] => (Allow) C:\program files\nokia\nokia software updater\nsu_ui_client.exe
FirewallRules: [UDP Query User{06CA3D3C-517B-418C-9E30-972AE849406E}C:\program files\nokia\nokia software updater\nsu_ui_client.exe] => (Allow) C:\program files\nokia\nokia software updater\nsu_ui_client.exe
FirewallRules: [TCP Query User{29FB5CDB-6B4D-4952-AF56-E9576C4B4738}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe] => (Allow) C:\program files\common files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [UDP Query User{BA3E48D0-F422-467C-9516-C95D0B81B38A}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe] => (Allow) C:\program files\common files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [TCP Query User{947ACEFE-56DC-4AB4-AB88-C738AEA2FBB1}C:\program files\simplecenter\home media server.exe] => (Allow) C:\program files\simplecenter\home media server.exe
FirewallRules: [UDP Query User{99EC694A-E76E-40DB-98CF-BEACE3F090EA}C:\program files\simplecenter\home media server.exe] => (Allow) C:\program files\simplecenter\home media server.exe
FirewallRules: [TCP Query User{BD13C577-8FBB-42B3-92ED-C83C200A03C5}C:\program files\uusee\uuseeplayer.exe] => (Allow) C:\program files\uusee\uuseeplayer.exe
FirewallRules: [UDP Query User{6368CC49-B230-4C5A-8F82-B812F4D33003}C:\program files\uusee\uuseeplayer.exe] => (Allow) C:\program files\uusee\uuseeplayer.exe
FirewallRules: [TCP Query User{0EF2971B-D528-4F9D-8F16-496B90C4CC5B}C:\program files\tvuplayer\tvuplayer.exe] => (Block) C:\program files\tvuplayer\tvuplayer.exe
FirewallRules: [UDP Query User{03C2BF4A-261D-46E4-94F4-D9B7873E0011}C:\program files\tvuplayer\tvuplayer.exe] => (Block) C:\program files\tvuplayer\tvuplayer.exe
FirewallRules: [{9CFB5ABB-FBC4-42BE-8239-038D8EECB1C5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{8B3B33CE-B8BC-41D7-AF1B-DFA60AD3B971}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{24CABB4B-93D0-4C44-A463-8900EBE5EDD1}C:\program files\surfmusik 3.1\surfmusik.exe] => (Allow) C:\program files\surfmusik 3.1\surfmusik.exe
FirewallRules: [UDP Query User{F4ED6E71-8A33-4359-9C8F-0C9B87ADEF6B}C:\program files\surfmusik 3.1\surfmusik.exe] => (Allow) C:\program files\surfmusik 3.1\surfmusik.exe
FirewallRules: [TCP Query User{088DAB27-BC1D-41D3-9D3A-E18FAE52F782}C:\program files\pplive\pplive.exe] => (Allow) C:\program files\pplive\pplive.exe
FirewallRules: [UDP Query User{8CB6BE55-97C9-4934-9E9F-5F6BE7CFF2E6}C:\program files\pplive\pplive.exe] => (Allow) C:\program files\pplive\pplive.exe
FirewallRules: [{A5A3AB99-EDA7-4674-8366-748883443D34}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{780BE9A6-F38D-4B7C-BAF1-F4D0EFC8FCEA}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{5A9F5D9B-3B12-4786-A7B2-27F6D9DD29D2}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{308AD548-AA6C-4DF5-A90C-436B6E60FAF8}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [TCP Query User{3C6FB0BA-87CE-433E-87BF-027D1741C07B}C:\program files\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{1A18033D-874F-4D7D-825E-465E148B754E}C:\program files\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files\google\google earth\plugin\geplugin.exe
FirewallRules: [{E753399B-0EB6-4E25-BB97-438C1E372876}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{A2668EDD-3310-46A2-95F7-6C94838F2AB5}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{FB2AF1DE-3FE1-400D-B6B7-DC0E919545E7}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{51F0B638-3A0F-4808-B3A2-25793FC9B270}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{F3CFC278-8F5F-4890-A32F-2495364EACD6}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{7A4696BC-0C66-4C61-A67F-B6129CF476AF}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{56D1FA41-4BCB-4B01-AF88-BCB4D4C809F1}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{D65F81F8-CA42-4061-B0E5-625DD0F5BBED}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{9F4645F3-5E13-4006-845C-1A87FA149E83}] => (Allow) LPort=80
FirewallRules: [{BC32EABE-D1BE-43EA-923B-60A0B398D914}] => (Allow) LPort=80
FirewallRules: [{5CB28410-B94A-469D-974D-6F05D2FFC43B}] => (Allow) LPort=80
FirewallRules: [{9F4BACB4-31F5-4BDD-AB40-E061783A63F3}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{023467E8-0BE5-493D-951F-0A16E7051871}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{BEAC78F8-C134-4503-9252-B01C97131481}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{BFFEF07C-CCC5-428D-AD79-11D65B0705DF}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{BF833142-F10C-4382-8F9F-6468D3CB1EC9}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{209F9465-39F1-4052-B15A-2759127B2FF7}C:\program files\jivexdvlight\jre\bin\javaw.exe] => (Allow) C:\program files\jivexdvlight\jre\bin\javaw.exe
FirewallRules: [UDP Query User{C11AB735-3BE2-4B32-80F8-D1573EAD4BEE}C:\program files\jivexdvlight\jre\bin\javaw.exe] => (Allow) C:\program files\jivexdvlight\jre\bin\javaw.exe
FirewallRules: [TCP Query User{8B6AB8B4-2DD2-4A23-812E-90075C822B0B}C:\program files\lancom\advanced vpn client\ncpmon.exe] => (Allow) C:\program files\lancom\advanced vpn client\ncpmon.exe
FirewallRules: [UDP Query User{E783ECEB-C97F-4E59-9224-4325520ACC87}C:\program files\lancom\advanced vpn client\ncpmon.exe] => (Allow) C:\program files\lancom\advanced vpn client\ncpmon.exe
FirewallRules: [TCP Query User{EE642530-844E-4700-AFD2-5F9CD6138942}C:\program files\lancom\advanced vpn client\ncpmon.exe] => (Allow) C:\program files\lancom\advanced vpn client\ncpmon.exe
FirewallRules: [UDP Query User{84443EAE-9CFF-4187-8ED0-28F3C4932916}C:\program files\lancom\advanced vpn client\ncpmon.exe] => (Allow) C:\program files\lancom\advanced vpn client\ncpmon.exe
FirewallRules: [{8DF8D55D-6B19-4635-925B-20BD592ED8AB}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{D497B358-AEA8-4F9D-A1F1-43E755633DC6}C:\program files\itunes\itunes.exe] => (Block) C:\program files\itunes\itunes.exe
FirewallRules: [{A35272B5-48D0-41DC-9894-B7FFC62AC937}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{1526B63F-04F3-4844-A008-2D5906E181C0}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{23BEB9F9-B2C2-42D5-88B2-ADF1AE7EA835}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{C27D7843-EE0C-415F-A5C9-F74870BFC3AA}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{958DE50F-8FB0-4C3E-A1E1-98C027654282}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2389A4C2-7698-4DDE-AA40-E60D568740F1}] => (Allow) LPort=2869
FirewallRules: [{93E9F9FE-1463-4036-833F-B0CC95280471}] => (Allow) LPort=1900
FirewallRules: [{15279C77-74B9-4698-988B-DB0505D25755}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5106BB96-8F63-4A42-812A-DA53647C1540}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{DD9B30AD-D54A-4052-B884-831923B6B53D}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{7A81F545-EF43-4F8F-9509-CA2DAF1C51A2}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{BA80BEE1-CBFF-4AC8-88EA-DAFC800C6746}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{25A500DF-23D8-4850-9BDD-196B3F63225F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{F5F3C801-FC7B-4422-A690-1000E33BEC35}C:\program files\wolterskluwer\gug\server\apache\bin\lexpro_uan_nv_1802.exe] => (Allow) C:\program files\wolterskluwer\gug\server\apache\bin\lexpro_uan_nv_1802.exe
FirewallRules: [UDP Query User{3B8D5BDD-2261-4379-A719-E659959D1625}C:\program files\wolterskluwer\gug\server\apache\bin\lexpro_uan_nv_1802.exe] => (Allow) C:\program files\wolterskluwer\gug\server\apache\bin\lexpro_uan_nv_1802.exe
FirewallRules: [{C598880B-323C-4582-A0D5-37BF730714F9}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\uusee\UUSeePlayer.exe] => Enabled:UUPlayer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/22/2015 10:32:13 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (05/22/2015 10:32:13 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (05/22/2015 10:32:03 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (05/22/2015 10:32:03 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (05/22/2015 10:22:59 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
  Gathering Writer Data

Context:
  Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
  Writer Name: System Writer
  Writer Instance ID: {47f768ff-fcb4-48a2-9776-13cbe41012cf}

Error: (05/22/2015 10:20:02 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
  Gathering Writer Data

Context:
  Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
  Writer Name: System Writer
  Writer Instance ID: {47f768ff-fcb4-48a2-9776-13cbe41012cf}

Error: (05/22/2015 10:16:44 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (05/22/2015 10:16:44 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (05/22/2015 10:15:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CreateVssExamineWriterMetadata.  hr = 0x80042311.


Operation:
  Writer Exposing its Metadata

Context:
  Execution Context: Requestor
  Writer Instance ID: {47F768FF-FCB4-48A2-9776-13CBE41012CF}
  Writer Class Id: {E8132975-6F93-4464-A53E-1050253AE220}
  Writer Name: System Writer

Error: (05/22/2015 10:15:44 AM) (Source: VSS) (EventID: 8228) (User: )
Description: Fail to parse XML file.

Reason A name contained an invalid character.


Line 0x00000174

Position 0x0000078a

Errorcode 0xc00ce505

Problem text <FILE_LIST path="c:\windows\microsoft.net\framework\v4.0.30319" filespec="system.diagnostics.debug.dll" filespecBackupType="3855"/><FILE_LIST path="c:\windows\microsoft.net\framework\v4.0.30319" filespec="system.web.services.dll" filespecBackupType="3855"/><FILE_LIST path="c:\windows\microsoft.net\framework\v4.0.30319\wpf" filespec="presentationui.dll" filespecBackupType="3855"/><FILE_LIST path="c:\windows\microsoft.net\framework\v4.0.30319\wpf" filespec="system.windows.input.manipulations.dll" filespecBackupType="3855"/><FILE_LIST path="c:\windows\system32\drivers" filespec="mcd.sys" filespecBackupType="3855"/><FILE_LIST path="c:\windows\system32\en-us" filespec="compcln.exe.mui" filespecBackupType="3855"/><FILE_LIST path="c:\windows\system32\en-us" filespec="extrac32.exe.mui" filespecBackupType="3855"/><FILE_LIST path="c:\windows\system32\en-us" filespec="hpojwia.dll.mui" filespecBackupType="3855"/><FILE_LIST path="c:\windows\system32\en-us" filespec="inetcpl.cpl.mui" filespecBackupType="3855"/><FILE_LIST path="c:\windows\system32\en-us" filespec="msdtcvsp1res.dll.mui" filespecBackupType="3855"/><FILE_LIST path="c:\windows\system32\en-us" filespec="winethc.dll.mui" filespecBackupType="3855"/><FILE_LIST path="c:\windows\system32\en-us" filespec="wpdshextautoplay.exe.mui" filespecBackupType="3855"/><FILE_LIST path="c:\windows\system32" filespec="migautoplay.exe" filespecBackupType="3855"/><FILE_LIST path="c:\windows\system32" filespec="system.drv" filespecBackupType="3855"/><FILE_LIST path="c:\windows\system32\wbem" filespec="system.mof" filespecBackupType="3855"/><FILE_LIST path="c:\program files\movie maker\shared\dvdstyles\specialoccasion" filespec="navigationup_selectionsubpicture.png" filespecBackupType="3855"/><FILE_LIST path="c:\windows\ehome\createdisc" filespec="sonicmceburnengineicon.png" filespecBackupType="3855"/><FILE_LIST path="c:\windows\inf" filespec="mdmgsm.inf" filespecBackupTyp</root>



Operation:
  Writer Exposing its Metadata

Context:
  Execution Context: Requestor
  Writer Instance ID: {47F768FF-FCB4-48A2-9776-13CBE41012CF}
  Writer Class Id: {E8132975-6F93-4464-A53E-1050253AE220}
  Writer Name: System Writer


System errors:
=============
Error: (05/22/2015 10:27:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Apple Mobile Device1600001Restart the service

Error: (05/22/2015 10:14:36 AM) (Source: Schannel) (EventID: 4108) (User: )
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80096004. The SSL connection request has failed. The attached data contains the server certificate.

Error: (05/22/2015 10:08:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Avira Echtzeit Scanner%%1053

Error: (05/22/2015 10:08:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Avira Echtzeit Scanner

Error: (05/22/2015 10:08:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (05/22/2015 10:08:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Avira Planer%%1053

Error: (05/22/2015 10:08:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Avira Planer

Error: (05/22/2015 01:28:37 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000NcpSec

Error: (05/22/2015 00:40:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Software Licensing11200001Restart the service

Error: (05/22/2015 00:39:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Modules Installer23000001Restart the service


Microsoft Office:
=========================
Error: (01/05/2013 10:34:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 28971 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (08/15/2012 06:18:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 48 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/02/2008 10:07:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 114 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/15/2007 08:42:20 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 22 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-05-22 11:10:05.628
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-22 11:10:05.043
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-22 11:10:04.455
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-22 11:10:03.866
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-22 11:10:03.033
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-22 11:10:02.418
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-22 11:10:01.833
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-22 11:10:01.218
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-22 11:09:12.009
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-22 11:09:11.398
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz
Percentage of memory in use: 66%
Total physical RAM: 2549.69 MB
Available physical RAM: 852.42 MB
Total Pagefile: 5320.19 MB
Available Pagefile: 3337.28 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:141.61 GB) (Free:28.51 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 3DE4A73D)
Partition 1: (Not Active) - (Size=7.4 GB) - (Type=27)
Partition 2: (Active) - (Size=141.6 GB) - (Type=07 NTFS)

==================== End of log ============================

cosinus 22.05.2015 12:47
FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {539F31C0-3B74-40B9-A47D-9655DDEBB7EC} URL =
SearchScopes: HKU\.DEFAULT -> {76D942BC-59C4-4034-B456-48CE494193B8} URL =
Toolbar: HKU\.DEFAULT -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
C:\ProgramData\ezsid.dat
C:\ProgramData\pswi_preloaded.exe
EmptyTemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


alexbk 22.05.2015 18:11
hier wie gewünscht ie fixlog.txt

Code:
Fix result of Farbar Recovery Scan Tool (x86) Version: 21-05-2015
Ran by Lexy at 2015-05-22 14:31:57 Run:2
Running from C:\Users\Lexy\Desktop
Loaded Profiles: Lexy (Available profiles: Lexy)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {539F31C0-3B74-40B9-A47D-9655DDEBB7EC} URL =
SearchScopes: HKU\.DEFAULT -> {76D942BC-59C4-4034-B456-48CE494193B8} URL =
Toolbar: HKU\.DEFAULT -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3626444559-52657498-4274862289-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
C:\ProgramData\ezsid.dat
C:\ProgramData\pswi_preloaded.exe
EmptyTemp:
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => Key not found.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{539F31C0-3B74-40B9-A47D-9655DDEBB7EC} => Key not found.
HKCR\CLSID\{539F31C0-3B74-40B9-A47D-9655DDEBB7EC} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{76D942BC-59C4-4034-B456-48CE494193B8} => Key not found.
HKCR\CLSID\{76D942BC-59C4-4034-B456-48CE494193B8} => Key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value not found.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
HKU\S-1-5-21-3626444559-52657498-4274862289-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value not found.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
"C:\ProgramData\ezsid.dat" => File/Directory not found.
"C:\ProgramData\pswi_preloaded.exe" => File/Directory not found.
EmptyTemp: => Removed 1.4 GB temporary data.


The system needed a reboot.

==== End of Fixlog 16:29:06 ====

cosinus 22.05.2015 21:32
Okay, dann Kontrollscans mit ESET und SC bitte:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

alexbk 23.05.2015 20:34
Hallo Cosinus,

hier die gewünschten Logs... und vielen Dank für die Tipps und Ratschläge.

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ddb4ffd6f730a547b5ffbe1493c91754
# engine=23951
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-05-21 12:43:44
# local_time=2015-05-21 02:43:44 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='AVG AntiVirus Free Edition 2014'
# compatibility_mode=1051 16777213 100 100 96682 119349808 0 0
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 15139 55196218 0 0
# scanned=243990
# found=2
# cleaned=2
# scan_time=9792
sh=FDC2005CED8ACF86C68FE1B86B0698D0539E8CE0 ft=1 fh=1aa6a68885750335 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung (gelöscht (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\Program Files\Avira\AntiVir Desktop\apnstub.exe"
sh=510F9ECCDEF59D5A22F78C368FF1C0782778DCF2 ft=1 fh=9084951344c01481 vn="Win32/OpenCandy potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Lexy\AppData\Local\Temp\60377607-a0fb-49b0-adba-9c435df33687\winamp563_full_emusic-7plus_de-de.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ddb4ffd6f730a547b5ffbe1493c91754
# engine=23978
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-22 09:59:39
# local_time=2015-05-22 11:59:39 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 134894 55315973 0 0
# scanned=70975
# found=0
# cleaned=0
# scan_time=4369
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ddb4ffd6f730a547b5ffbe1493c91754
# engine=23987
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-23 07:24:26
# local_time=2015-05-23 09:24:26 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 211980 55393059 0 0
# scanned=153609
# found=0
# cleaned=0
# scan_time=11860
Code:
Results of screen317's Security Check version 1.001 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 Windows Firewall Disabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.9016) 
 JavaFX 2.1.1   
 Java 8 Update 45 
 Adobe Flash Player        17.0.0.169 
 Adobe Reader 10.1.14 Adobe Reader out of Date! 
 Mozilla Firefox (38.0.1)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

cosinus 23.05.2015 20:40
Sieht gut aus....nur solltest du den Adobe Reader aktualisieren. Ich würde ja sagen, weg mit dem Ding. Das Teil ist Bloat. Lieber PDF-x-Change. Und um hier und da mal ne PDF anzuzeigen reicht der Firefox. Mehr dazu später.

Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) empfehle ich die Erweiterung Ghostery, diese verhindert weitgehend Usertracking bzw. das Anzeigen von Werbebannern.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

alexbk 23.05.2015 20:59
Ghostery habe ich mir die Tage schon besorgt. Aber Danke nochmals für den Tip.
Bzgl. Adobe pdf werde ich mich gleich einmal darum kümmern.

Lieder stürtzt mein firefox trotzdem immer noch ständig ab. Hier einmal die aktuelle Absturzmeldung:

Code:
AdapterDeviceID: 0x2a02
AdapterDriverVersion: 7.14.10.1244
AdapterSubsysID: 00000000
AdapterVendorID: 0x8086
Add-ons: %7BDF153AFF-6948-45d7-AC98-4FC4AF8A08E2%7D:1.3.3,%7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.142,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:38.0.1,%7Bd10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d%7D:2.6.9,firefox%40ghostery.com:5.4.5
AvailablePageFile: 3555729408
AvailablePhysicalMemory: 939393024
AvailableVirtualMemory: 1553313792
BIOS_Manufacturer: Phoenix Technologies LTD
BlockedDllList: rndlmainbrowserrecordplugin.dll;
BreakpadReserveAddress: 36765696
BreakpadReserveSize: 67108864
BuildID: 20150513174244
CrashTime: 1432410614
EMCheckCompatibility: true
FramePoisonBase: 00000000f0de0000
FramePoisonSize: 65536
InstallTime: 1431898094
Notes: DriverVersionMismatch
AdapterVendorID: 0x8086, AdapterDeviceID: 0x2a02, AdapterSubsysID: 00000000, AdapterDriverVersion: 7.14.10.1244
D3D11-WARP? D3D11-WARP+ D3D11 Layers? D3D11 Layers+
ProductID: {ec8030f7-c20a-464f-9b0e-13a3a9e97384}
ProductName: Firefox
ReleaseChannel: release
SecondsSinceLastCrash: 3486
StartupTime: 1432409035
SystemMemoryUsePercentage: 64
Theme: classic/1.0
Throttleable: 1
TotalPageFile: 5576523776
TotalPhysicalMemory: 2673545216
TotalVirtualMemory: 2147352576
URL: hxxp://www.chip.de/?icp2=DLer
Vendor: Mozilla
Version: 38.0.1
Winsock_LSP: MSAFD Tcpip [TCP/IPv6] : 2 : 1 : 
 MSAFD Tcpip [UDP/IPv6] : 2 : 2 : %SystemRoot%\system32\mswsock.dll
 MSAFD Tcpip [RAW/IPv6] : 2 : 3 : 
 MSAFD Tcpip [TCP/IP] : 2 : 1 : %SystemRoot%\system32\mswsock.dll
 MSAFD Tcpip [UDP/IP] : 2 : 2 : 
 MSAFD Tcpip [RAW/IP] : 2 : 3 : %SystemRoot%\system32\mswsock.dll
 RSVP TCPv6 Service Provider : 2 : 1 : 
 RSVP TCP Service Provider : 2 : 1 : %SystemRoot%\system32\mswsock.dll
 RSVP UDPv6 Service Provider : 2 : 2 : 
 RSVP UDP Service Provider : 2 : 2 : %SystemRoot%\system32\mswsock.dll
 MSAFD RfComm [Bluetooth] : 2 : 1 : 
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{90A6A6AD-AE64-455C-AFC9-4C9D72B92A7D}] SEQPACKET 18 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{90A6A6AD-AE64-455C-AFC9-4C9D72B92A7D}] DATAGRAM 18 : 2 : 2 : 
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B56EAEE0-77CE-4131-AEB8-131983966A68}] SEQPACKET 6 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B56EAEE0-77CE-4131-AEB8-131983966A68}] DATAGRAM 6 : 2 : 2 : 
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{0D85F191-7A12-4FEB-BEA3-128C9EBA0793}] SEQPACKET 8 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{0D85F191-7A12-4FEB-BEA3-128C9EBA0793}] DATAGRAM 8 : 2 : 2 : 
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E0A57E45-E85A-4488-8C0B-0BC1B7364430}] SEQPACKET 17 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E0A57E45-E85A-4488-8C0B-0BC1B7364430}] DATAGRAM 17 : 2 : 2 : 
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9DC925EE-17C8-4C18-85B7-60C378526693}] SEQPACKET 14 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9DC925EE-17C8-4C18-85B7-60C378526693}] DATAGRAM 14 : 2 : 2 : 
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5C5F5950-F976-45A8-9D86-97A85CBD9DFB}] SEQPACKET 15 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5C5F5950-F976-45A8-9D86-97A85CBD9DFB}] DATAGRAM 15 : 2 : 2 : 
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B9719C19-4AB7-42D5-B668-F66B22BC7C26}] SEQPACKET 10 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B9719C19-4AB7-42D5-B668-F66B22BC7C26}] DATAGRAM 10 : 2 : 2 : 
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{2FDD8618-E419-4324-9845-AAA998F2FCAD}] SEQPACKET 11 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{2FDD8618-E419-4324-9845-AAA998F2FCAD}] DATAGRAM 11 : 2 : 2 : 
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{526788DF-EE70-432B-9FCD-AD8C90BB6FAA}] SEQPACKET 7 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{526788DF-EE70-432B-9FCD-AD8C90BB6FAA}] DATAGRAM 7 : 2 : 2 : 
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E6389605-1D1B-420C-BD38-2C4BCF9FCA35}] SEQPACKET 3 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E6389605-1D1B-420C-BD38-2C4BCF9FCA35}] DATAGRAM 3 : 2 : 2 : 
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{A00CC1C0-F7F1-40C1-AEC6-13DE7BF8C499}] SEQPACKET 1 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{A00CC1C0-F7F1-40C1-AEC6-13DE7BF8C499}] DATAGRAM 1 : 2 : 2 : 
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F3190096-33E1-494F-8233-2FE9ECE13E18}] SEQPACKET 5 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F3190096-33E1-494F-8233-2FE9ECE13E18}] DATAGRAM 5 : 2 : 2 : 
 MSAFD NetBIOS [\Device\NetBT_Tcpip_{5C5F5950-F976-45A8-9D86-97A85CBD9DFB}] SEQPACKET 16 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
 MSAFD NetBIOS [\Device\NetBT_Tcpip_{5C5F5950-F976-45A8-9D86-97A85CBD9DFB}] DATAGRAM 16 : 2 : 2 : 
 MSAFD NetBIOS [\Device\NetBT_Tcpip_{B9719C19-4AB7-42D5-B668-F66B22BC7C26}] SEQPACKET 13 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
 MSAFD NetBIOS [\Device\NetBT_Tcpip_{B9719C19-4AB7-42D5-B668-F66B22BC7C26}] DATAGRAM 13 : 2 : 2 : 
 MSAFD NetBIOS [\Device\NetBT_Tcpip_{2FDD8618-E419-4324-9845-AAA998F2FCAD}] SEQPACKET 12 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
 MSAFD NetBIOS [\Device\NetBT_Tcpip_{2FDD8618-E419-4324-9845-AAA998F2FCAD}] DATAGRAM 12 : 2 : 2 : 
 MSAFD NetBIOS [\Device\NetBT_Tcpip_{526788DF-EE70-432B-9FCD-AD8C90BB6FAA}] SEQPACKET 9 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
 MSAFD NetBIOS [\Device\NetBT_Tcpip_{526788DF-EE70-432B-9FCD-AD8C90BB6FAA}] DATAGRAM 9 : 2 : 2 : 
 MSAFD NetBIOS [\Device\NetBT_Tcpip_{E6389605-1D1B-420C-BD38-2C4BCF9FCA35}] SEQPACKET 2 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
 MSAFD NetBIOS [\Device\NetBT_Tcpip_{E6389605-1D1B-420C-BD38-2C4BCF9FCA35}] DATAGRAM 2 : 2 : 2 : 
 MSAFD NetBIOS [\Device\NetBT_Tcpip_{A00CC1C0-F7F1-40C1-AEC6-13DE7BF8C499}] SEQPACKET 0 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
 MSAFD NetBIOS [\Device\NetBT_Tcpip_{A00CC1C0-F7F1-40C1-AEC6-13DE7BF8C499}] DATAGRAM 0 : 2 : 2 : 
 MSAFD NetBIOS [\Device\NetBT_Tcpip_{F3190096-33E1-494F-8233-2FE9ECE13E18}] SEQPACKET 4 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
 MSAFD NetBIOS [\Device\NetBT_Tcpip_{F3190096-33E1-494F-8233-2FE9ECE13E18}] DATAGRAM 4 : 2 : 2 :
useragent_locale: de

Diese Meldung enthält Informationen über den Status der Anwendung zum Zeitpunkt des Absturzes.
Kennst du dich damit ggf. auch mit aus und kannst mit diesbezüglich noch einen weiteren Rat geben? Für alles schon einmal ein dickes Merci...

cosinus 23.05.2015 21:13
Erstell dir mal ein neues Profil und teste:

Firefox => http://support.mozilla.com/de/kb/Profile%20verwalten
Chrome => https://support.google.com/chrome/answer/3296214?hl=de


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:52 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19