Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 07.10.2014, 08:22   #1
chic
 
Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz - Standard

Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz



Guten Tag.

Auf meinem Laptop (Lenovo t420i) verwendet explorer.exe nach dem start ~ 25.000 K, was dann beim standardmässigen Arbeiten (installierte Programme ANTIVIR, FIREFOX, THUNDERBIRD, LIBRE OFFICE, ACROBAT) langsam auf bis zu 380.000 K ansteigt. Irgendwann funktionieren dann Doppelklicks auf dem Desktop nicht mehr. Abhilfe: Prozess im Taskmanager löschen und explorer.exe neu starten, dann fängt das Ganze von vorne an.

ANTIVIR zeigt KEINE Funde.

Ich habe DEFOGGER, FIRST64 und GMER installiert und nach trojaner-board-Anweisung laufen lassen.

DEFOGGER bringt KEINE Fehlermeldung.

FRST.txt:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by admin (administrator) on ZI_PORTABLE on 06-10-2014 21:21:50
Running from C:\Users\admin\Desktop
Loaded Profiles: UpdatusUser & admin (Available profiles: UpdatusUser & admin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(BUFFALO INC.) C:\Windows\System32\TC2Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
(Health Info Net AG) C:\Program Files (x86)\HIN Client\hinclient.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(FileZilla Project) F:\Programme\FileZillaPortable\FileZilla FTP Client\filezilla.exe
(The Document Foundation) F:\Programme\LibreOfficePortable\program\scalc.exe
(The Document Foundation) F:\Programme\LibreOfficePortable\program\soffice.exe
(The Document Foundation) F:\Programme\LibreOfficePortable\program\soffice.bin
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(FileZilla Project) F:\Programme\FileZillaPortable\FileZilla FTP Client\fzsftp.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Users\admin\Desktop\Defogger.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TpShocks] => C:\Windows\SYSTEM32\TpShocks.exe [384344 2014-02-17] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281448 2010-12-17] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [tpcexTray] => C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe [77368 2013-09-25] (BUFFALO INC.)
HKLM\...\Run: [TC2Tray] => C:\Windows\system32\TC2Tray.exe [629656 2012-07-18] (BUFFALO INC.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [X-Rite Legacy Device] => C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe [105984 2010-09-28] (X-Rite Inc.)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-31] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-07-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
HKLM-x32\...\Run: [HIN Client] => C:\Program Files (x86)\HIN Client\hinclient.exe [243432 2013-11-28] (Health Info Net AG)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ACTray] => C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe [432472 2014-03-14] (Lenovo)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [759712 2014-09-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\MountPoints2: {3a304c2d-d836-11e3-8d5f-402cf4fee0d8} - E:\AutoRun.exe
HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\MountPoints2: {884b5e2a-da7b-11e3-84e8-402cf4fee0d8} - E:\AutoRun.exe
HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\MountPoints2: {bb8ee080-e7b8-11e3-9149-dcde8e4fc27e} - E:\AutoRun.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [241472 2012-03-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202560 2012-03-05] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk
ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!Fernzugang.lnk
ShortcutTarget: FRITZ!Fernzugang.lnk -> C:\Program Files\FRITZ!Fernzugang\FRITZVPN.exe (AVM Berlin)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk
ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk
ShortcutTarget: Tintenwarnungen überwachen - .lnk -> C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\nadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8100 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8100 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
SSODL: EldosMountNotificator-cbfs4 - {1894063F-D990-48F1-9E09-1B7337AF5955} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {1894063F-D990-48F1-9E09-1B7337AF5955} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {E524A5A6-F0DD-48EA-8BB0-5DC00ECA5388} => C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {E524A5A6-F0DD-48EA-8BB0-5DC00ECA5388} => C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {CE403DA5-2AB4-462D-B794-220F15EDD0F4} URL = 
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - {CE403DA5-2AB4-462D-B794-220F15EDD0F4} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.19

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default
FF SearchEngineOrder.1: Ask Search
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 5016
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1,192.168.1.19,hxxp://swissmedap.ch/,hxxp://postfinance.ch, hxxp://www.swiss.ch, hxxp://www.sbb.ch, hxxp://switchplus.ch, https://www.typmed.eu, hxxp://ga1.dyndns-remote.com/,hxxp://www.dyndns.org/,hxxp://www.swisscom.ch, https://www.yahoo.com/,http:dict.leo.org:80/*.*"
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF user.js: detected! => C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\user.js
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-eng-deu-v20.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-fra-deu.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-ita-deu.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-por-deu.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-spa-deu.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: HP Smart Print - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\Extensions\hpwebprint@hpwebprint.com [2013-11-27]
FF Extension: Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-05]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-11-27]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-02-16]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1043024 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [802384 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [337824 2012-11-28] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143776 2012-11-28] (AVM Berlin)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-03-07] (Lenovo.)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
S4 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [251760 2012-03-29] (BUFFALO INC.)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [191328 2013-06-10] (AVM Berlin)
R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2012-03-05] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 TC2Service; C:\Windows\system32\TC2Service.exe [308120 2012-07-18] (BUFFALO INC.)
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-12-11] (Lenovo Group Limited) [File not signed]
S4 tpcexdccs; C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe [134712 2013-09-25] (BUFFALO INC.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
S4 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-12-11] (Lenovo Group Limited)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [648744 2011-08-12] (Ericsson AB)
R2 xritedeviced; C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe [142848 2010-09-28] (X-Rite Inc.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-09-11] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-09-11] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-04-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R0 bftpdskc; C:\Windows\System32\drivers\bftpdskc64.sys [72016 2011-07-13] (BUFFALO INC.)
S3 bftpusbx; C:\Windows\System32\drivers\bftpusbx64.sys [20608 2010-10-21] (BUFFALO INC.)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [385728 2013-07-03] (EldoS Corporation)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-03-03] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-03-03] (Ericsson AB)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation)
S3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2011-07-01] (Ericsson AB)
S3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-04-29] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-04-29] (MCCI Corporation)
S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-04-29] (MCCI Corporation)
S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-04-29] (MCCI Corporation)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2011-07-05] (AVM Berlin)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-04-16] ()
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)
S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [30088 2008-06-18] ()
S3 SWNC8U80; C:\Windows\System32\DRIVERS\swnc8u80.sys [196608 2008-06-24] (Sierra Wireless Inc.)
S3 SWUMX80; C:\Windows\System32\DRIVERS\swumx80.sys [191744 2008-06-24] (Sierra Wireless Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-03-26] (TuneUp Software)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2013-07-03] (EldoS Corporation)
S3 wtsmpadap; C:\Windows\System32\DRIVERS\wtsmpadap.sys [56104 2008-04-29] (Swisscom)
S3 WtSmpFlt; C:\Windows\System32\DRIVERS\wtsmpflt.sys [378664 2008-04-29] (Swisscom)
S3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [268840 2011-08-12] (Ericsson AB)
S3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-06 21:21 - 2014-10-06 21:22 - 00027838 _____ () C:\Users\admin\Desktop\FRST.txt
2014-10-06 21:18 - 2014-10-06 21:21 - 00000000 ____D () C:\FRST
2014-10-06 21:16 - 2014-10-06 21:16 - 02109952 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-10-06 21:14 - 2014-10-06 21:14 - 00000472 _____ () C:\Users\admin\Desktop\defogger_disable.log
2014-10-06 21:14 - 2014-10-06 21:14 - 00000000 _____ () C:\Users\admin\defogger_reenable
2014-10-06 21:12 - 2014-10-06 21:13 - 00050477 _____ () C:\Users\admin\Desktop\Defogger.exe
2014-10-05 14:54 - 2014-10-05 14:54 - 05582481 _____ (Swearware) C:\Users\admin\Downloads\ComboFix.exe
2014-10-04 09:46 - 2014-10-04 09:46 - 00000000 _____ () C:\Windows\Minidump\100414-15568-01.dmp
2014-10-01 17:19 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 17:19 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-26 19:35 - 2014-09-26 19:35 - 00001697 _____ () C:\Users\Public\Desktop\ShakeHands Kontor 2014.lnk
2014-09-26 19:35 - 2014-09-26 19:35 - 00000000 ____D () C:\Users\admin\AppData\Local\ProSaldo
2014-09-26 19:35 - 2014-09-26 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShakeHands
2014-09-26 19:34 - 2014-09-26 19:34 - 00000000 ____D () C:\Users\admin\Documents\ProSaldo
2014-09-26 19:34 - 2014-09-26 19:34 - 00000000 ____D () C:\Programme
2014-09-25 17:43 - 2014-09-25 17:43 - 43868392 _____ (Health Info Net AG) C:\Users\admin\Downloads\hin_client_windows.exe
2014-09-25 11:33 - 2014-09-25 11:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 01:14 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 01:14 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 19:21 - 2014-09-23 19:21 - 00000082 _____ () C:\Windows\odbc_merge.INI
2014-09-23 19:17 - 2014-09-23 19:22 - 00000000 ____D () C:\Users\admin\Documents\Taxpool-Buchhalter
2014-09-23 19:07 - 2014-09-23 19:07 - 00003186 _____ () C:\Windows\System32\Tasks\{56643D1F-761C-478F-A31F-24E83B3880B1}
2014-09-23 19:01 - 2014-09-23 19:01 - 63249048 _____ () C:\Users\admin\Downloads\taxpool_buchhalter_mini_installation.exe
2014-09-23 19:00 - 2014-09-23 19:00 - 11721744 _____ () C:\Users\admin\Downloads\FreeFileSync_6.9_Windows_Setup.exe
2014-09-23 18:59 - 2014-09-23 18:59 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-23 18:59 - 2014-09-23 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-21 10:55 - 2014-09-21 10:55 - 00000000 _____ () C:\Windows\Minidump\092114-15210-01.dmp
2014-09-17 15:07 - 2014-09-17 15:07 - 00000000 ____D () C:\Users\admin\.jfreereport
2014-09-16 18:55 - 2014-10-04 09:49 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-09-16 12:54 - 2014-09-23 19:04 - 00001972 _____ () C:\Users\admin\Documents\SyncSettings_F_DESKTOP_FUER_ARCHIV.ffs_gui
2014-09-16 12:38 - 2014-09-16 12:38 - 00000000 _____ () C:\Windows\Minidump\091614-15022-01.dmp
2014-09-14 04:39 - 2014-09-23 19:04 - 00001942 _____ () C:\Users\admin\Documents\SyncSettings_F_NAS2.ffs_gui
2014-09-13 18:10 - 2014-09-13 18:10 - 00000000 ____D () C:\Users\admin\Documents\2XPDFStore
2014-09-12 10:38 - 2014-09-12 10:41 - 224940032 _____ () C:\Users\admin\Downloads\LibreOffice_4.3.1_Win_x86.msi
2014-09-12 10:38 - 2014-09-12 10:38 - 07393280 _____ () C:\Users\admin\Downloads\LibreOffice_4.3.1_Win_x86_helppack_de.msi
2014-09-11 09:45 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 09:45 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 09:45 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 09:45 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 09:45 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 09:45 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 09:45 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 09:45 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 09:45 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 09:45 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 09:45 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 09:45 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 09:45 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 09:45 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 09:45 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 09:45 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 09:45 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 09:45 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 09:45 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 09:45 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 09:45 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 09:45 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 09:45 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 09:45 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 09:45 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 09:45 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 09:45 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 09:45 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 09:45 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 09:45 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 09:45 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 09:45 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 09:45 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 09:45 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 09:44 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 09:44 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 09:44 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 09:44 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 09:44 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 09:44 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 09:44 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 09:44 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 09:44 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 09:44 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 09:44 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 09:44 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 09:44 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 09:44 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 09:44 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 09:44 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 09:44 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 09:44 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 09:44 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 09:44 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 09:44 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 09:44 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 09:42 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 09:42 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 09:17 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 09:17 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 09:13 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 09:13 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-11 09:12 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 09:12 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 09:12 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 09:12 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 09:12 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 17:35 - 2014-09-10 17:35 - 00000962 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-09-10 16:15 - 2014-09-10 16:15 - 06057862 _____ (Tim Kosse) C:\Users\admin\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2014-09-09 22:04 - 2014-09-09 22:04 - 00000112 _____ () C:\Windows\system32\snetcfg.log
2014-09-09 22:00 - 2014-09-09 22:00 - 03784904 _____ (WiseCleaner.com ) C:\Users\admin\Downloads\WPCASetup.exe
2014-09-09 21:17 - 2014-09-13 18:21 - 00000000 ____D () C:\Users\admin\AppData\Roaming\2XClient
2014-09-09 21:17 - 2014-09-09 21:17 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2X
2014-09-09 21:08 - 2014-09-09 21:08 - 00003062 _____ () C:\Windows\System32\Tasks\{9C1E5AC2-E0C0-4B42-8618-219886BB0EA1}
2014-09-09 21:04 - 2014-09-09 21:04 - 00003062 _____ () C:\Windows\System32\Tasks\{DB6587ED-4C05-4A0C-BE9B-8DEF9BE88B98}
2014-09-09 21:04 - 2014-09-09 21:04 - 00003062 _____ () C:\Windows\System32\Tasks\{4A81435E-D2E9-4F92-B4A5-C3C08F938B8B}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-06 21:22 - 2011-04-16 09:42 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-10-06 21:20 - 2009-07-14 06:45 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-06 21:20 - 2009-07-14 06:45 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-06 21:17 - 2011-04-16 09:42 - 00000382 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-10-06 21:14 - 2013-08-19 13:51 - 00000000 ____D () C:\Users\admin
2014-10-06 20:56 - 2014-05-12 10:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-06 20:37 - 2014-06-12 09:34 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-10-06 17:17 - 2011-04-16 09:19 - 01646166 _____ () C:\Windows\WindowsUpdate.log
2014-10-06 15:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-10-06 10:06 - 2013-11-27 17:16 - 00000000 ____D () C:\Users\admin\AppData\Roaming\HpUpdate
2014-10-06 09:58 - 2009-07-14 06:51 - 00171565 _____ () C:\Windows\setupact.log
2014-10-06 09:52 - 2014-02-10 19:55 - 00000000 ____D () C:\Users\admin\AppData\Roaming\FileZilla
2014-10-04 13:38 - 2014-05-07 23:35 - 00001863 _____ () C:\Users\admin\Desktop\20140512_RA_007_SVA_Bern_11341.lnk
2014-10-04 12:48 - 2013-09-11 08:12 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Skype
2014-10-04 10:52 - 2014-02-19 07:56 - 00000600 _____ () C:\Users\admin\AppData\Local\PUTTY.RND
2014-10-04 09:46 - 2014-09-05 18:51 - 500728971 _____ () C:\Windows\MEMORY.DMP
2014-10-04 09:46 - 2013-12-22 21:07 - 00000000 ____D () C:\Windows\Minidump
2014-10-04 09:46 - 2011-04-16 09:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-04 09:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-01 17:47 - 2014-06-10 19:12 - 00000000 ____D () C:\Users\admin\AppData\Roaming\NCH Software
2014-10-01 17:12 - 2011-04-16 09:36 - 00189552 _____ () C:\Windows\PFRO.log
2014-09-29 18:16 - 2013-09-29 17:26 - 00002282 ____H () C:\Users\admin\Documents\Default.rdp
2014-09-29 17:25 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-29 11:46 - 2014-05-05 14:34 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-09-29 10:10 - 2014-04-20 10:37 - 00000000 ____D () C:\Users\admin\Desktop\verwaltung
2014-09-27 14:34 - 2014-06-12 11:34 - 00000098 _____ () C:\Users\admin\AppData\Roaming\WB.CFG
2014-09-26 11:06 - 2011-04-16 09:31 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-09-26 11:06 - 2011-04-16 09:31 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-09-26 11:06 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-25 19:02 - 2013-08-19 14:12 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Adobe
2014-09-25 17:58 - 2013-10-27 11:41 - 00001937 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HIN Client.lnk
2014-09-25 17:58 - 2013-10-27 11:41 - 00001937 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HIN Client Deinstallationsprogramm.lnk
2014-09-25 17:58 - 2013-10-27 11:40 - 00000000 ____D () C:\Program Files (x86)\HIN Client
2014-09-25 16:42 - 2013-08-19 15:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 18:26 - 2014-02-16 15:37 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2014-09-24 18:26 - 2014-02-16 15:37 - 00002221 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2014-09-24 18:26 - 2014-02-16 15:37 - 00002060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-09-24 15:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-23 19:04 - 2014-08-20 16:42 - 00001945 _____ () C:\Users\admin\Documents\SyncSettings_F_ZENTRALE.ffs_gui
2014-09-23 19:03 - 2014-06-20 10:34 - 00000943 _____ () C:\Users\Public\Desktop\FreeFileSync.lnk
2014-09-23 19:03 - 2014-06-20 10:34 - 00000933 _____ () C:\Users\Public\Desktop\RealtimeSync.lnk
2014-09-23 19:03 - 2014-04-17 18:11 - 00000955 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
2014-09-23 19:03 - 2014-04-17 18:11 - 00000945 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealtimeSync.lnk
2014-09-23 18:59 - 2014-04-01 18:31 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-23 18:59 - 2013-09-11 08:12 - 00000000 ____D () C:\ProgramData\Skype
2014-09-21 15:15 - 2014-08-28 18:03 - 00000000 ____D () C:\Users\admin\Desktop\für POSTBOX
2014-09-21 14:43 - 2013-08-23 20:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 22:07 - 2013-10-18 14:59 - 00000000 ____D () C:\ProgramData\32nd America's Cup
2014-09-16 18:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-16 12:53 - 2013-11-25 16:35 - 00000000 ____D () C:\Users\admin\Desktop\für ARCHIVDATA
2014-09-15 08:27 - 2013-08-19 18:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-15 08:21 - 2012-07-17 14:00 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-12 12:45 - 2014-05-05 14:34 - 00003676 _____ () C:\Windows\System32\Tasks\HP-Online-Aktualisierungsprogramm
2014-09-11 09:53 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-11 09:43 - 2013-12-22 11:40 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 13:57 - 2014-05-12 10:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 13:56 - 2013-08-23 20:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 13:56 - 2013-08-23 20:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-09 22:18 - 2014-09-05 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Fernzugang
2014-09-09 22:18 - 2014-09-05 13:23 - 00000000 ____D () C:\Program Files\FRITZ!Fernzugang
2014-09-09 22:02 - 2014-06-13 10:13 - 00000000 ____D () C:\Users\admin\AppData\Roaming\WiseUpdate

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\avgnt.exe
C:\Users\admin\AppData\Local\Temp\ffmpeg15.exe
C:\Users\cz\AppData\Local\Temp\avgnt.exe
C:\Users\nadmin\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-06 00:51

==================== End Of Log ============================
         
--- --- ---


ADDITION.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by admin at 2014-10-06 21:22:57
Running from C:\Users\admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32nd America's Cup Patch1 (HKLM-x32\...\VskAC32_is1) (Version:  - Nadeo)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.73.00 - )
Avira Internet Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Boxcryptor Classic 1.6 (HKLM-x32\...\{8978A896-993E-451B-81FB-D11CAC402F91}) (Version: 1.6.400.65 - Secomba GmbH)
BUFFALO NAS Navigator2 (HKLM-x32\...\UN060501) (Version:  - )
BUFFALO TeraStation(WS-VL Series) Setup Guide (HKLM-x32\...\UN110308) (Version:  - )
BUFFALO TurboPC EX Series (HKLM-x32\...\UN110613) (Version:  - )
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon CanoScan Toolbox 5.0 (HKLM-x32\...\CanoScan Toolbox 5.0) (Version:  - )
CanoScan LiDE 70 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411) (Version:  - )
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.808 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DDS Viewer (HKLM-x32\...\{707333E0-C796-4E2D-B0DA-5A429706C361}_is1) (Version:  - IdeaMK)
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
DPM Player (HKLM-x32\...\{BA495217-1475-47A8-AB83-B7DC2A59B49E}) (Version: 1.00.0000 - Philips Speech Processing)
DPMCtrl.dll 2009.3 (HKLM-x32\...\DMPCTRL_is1) (Version: 2009.3 - James M. Voelker)
Driver Whiz (HKLM-x32\...\{0B540DA4-41AE-4B79-BEAB-0F07E09669AB}) (Version: 8.1 - Driver Whiz)
DSS to Wave Converter 2011.1 (HKLM-x32\...\DSS2Wave_is1) (Version: 2011.1 - James M. Voelker)
ELO Pdf Drucker (HKLM-x32\...\{C7ACA1FD-E1A7-42D1-93C2-6EBD868584E9}) (Version: 8.0 - ELO Digital Office GmbH)
ELOoffice (HKLM-x32\...\{C08EF2EB-27C6-4E99-B5C3-15AE8210B614}) (Version: 9.0 - ELO Digital Office GmbH)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
FreeFileSync 6.9 (HKLM-x32\...\FreeFileSync) (Version: 6.9 - Zenju)
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FRITZ!Fernzugang (HKLM\...\{DD57CC22-8864-4CCA-94D4-600D024C1207}) (Version: 1.3.1 - AVM Berlin)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
HIN Client (HKLM-x32\...\6993-3411-2195-6139) (Version: 1.4.0 - Health Info Net AG)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8100 - Grundlegende Software für das Gerät (HKLM\...\{312A65D1-64B1-4E81-85C0-85BE743A6550}) (Version: 25.0.617.0 - Hewlett-Packard Co.)
HP Officejet Pro 8100 Hilfe (HKLM-x32\...\{65038824-6DC7-4A44-828A-D7A7F04CD61B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB7A}) (Version: 1.0.16.0 - Hewlett Packard)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)
Intel(R) Identity Protection Technology 1.2.28.0 (HKLM-x32\...\{A87263E8-26CB-1016-8F2F-C04708B17CE2}) (Version: 1.2.28.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) PRO/Wireless Driver (Version: 16.10.0000.1228 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.6.0.0128 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{728985C5-A04B-457C-9D62-15360F3EAF85}) (Version: 3.1.29.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{86b86e21-7c9b-4baa-b284-69ce4a918661}) (Version: 16.10.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.10.0.0307 - Intel Corporation) Hidden
Java 7 Update 10 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217010FF}) (Version: 7.0.100 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Mobile Broadband Activation (HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.2.1003.00 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.3.2.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Screen Reading Optimizer (HKLM-x32\...\{91A29166-4E1B-4664-B70B-4C4A3B6B3372}) (Version: 1.16 - Lenovo)
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.4.0 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5717.39 - PC-Doctor, Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)
LibreOffice 4.2 Help Pack (German) (HKLM-x32\...\{2EC623B7-3559-4058-B4AC-14DC018FC0B7}) (Version: 4.2.6.3 - The Document Foundation)
LibreOffice 4.2.6.3 (HKLM-x32\...\{14DB1822-00B5-4820-86B5-EF893CA46B53}) (Version: 4.2.6.3 - The Document Foundation)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (HKLM\...\{BBBE35B2-9349-3C48-BD3D-F574B17C7924}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 6.5.1.5 - Ericsson AB)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 11.030.01.02.51 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Northspace VSK Courses 1.0 (HKLM-x32\...\{9F4281A5-75F2-43C4-839E-511A715F58CB}_is1) (Version:  - Northspace)
NVIDIA 3D Vision Driver 276.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 276.58 - NVIDIA Corporation)
NVIDIA Control Panel 276.58 (Version: 276.58 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 276.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 276.58 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.24.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.24.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.275.82.0 - NVIDIA Corporation) Hidden
NVIDIA nView 135.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.64 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (Version: 6.14.10.13564 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.3.12 (Version: 1.3.12 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.7658 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.3.12 - NVIDIA Corporation) Hidden
Philips DPM Player Hot Fix (HKLM-x32\...\Philips DPM Player Hot Fix_is1) (Version:  - )
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.64.4 - Lenovo Group Limited)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RapidBoot (HKLM-x32\...\InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}) (Version: 1.00 - Lenovo)
RapidBoot (x32 Version: 1.00 - Lenovo) Hidden
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.31.0010.00 - Lenovo Group Limited)
RICOH Media Driver v2.10.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.10.18.02 - RICOH)
ScanSoft OmniPage SE 4.0 (HKLM-x32\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
ShakeHands Kontor 2014 Release 11.2.1 (HKLM-x32\...\{868EDAD1-2C43-4E0B-972A-55BFAB0E56E0}}_is1) (Version:  - ShakeHands Software Ltd)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.60 - NCH Software)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 6.5.38.0 - 2BrightSparks)
Taxpool-Buchhalter Mini 8.20 (HKLM-x32\...\Taxpool-Buchhalter Mini) (Version: 8.20 - psynetic® Software)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.41 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.13 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.21 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.05 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version: 2.80 - Lenovo)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
Update for Audio Converter (HKCU\...\Digital Sites) (Version:  - Update for Audio Converter) <==== ATTENTION
VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
Windows Driver Package - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Windows Driver Package - Intel (MEIx64) System  (10/19/2010 7.0.0.1144) (HKLM\...\90FD26A77B849AE03FF5F07A1CDA7F950406A8D8) (Version: 10/19/2010 7.0.0.1144 - Intel)
Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\A513FC5E5A08D4EF27F234E91E0E942A0234210B) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System  (10/04/2010 9.2.0.1015) (HKLM\...\FE1BEBFD475BB832AAF104F5C63348E98A9286DF) (Version: 10/04/2010 9.2.0.1015 - Intel)
Windows Driver Package - Intel USB  (09/16/2010 9.2.0.1013) (HKLM\...\D97688B8E3830BF9820E15EB8D9552DCBF988CFD) (Version: 09/16/2010 9.2.0.1013 - Intel)
Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse  (02/17/2011 15.2.14.0) (HKLM\...\77A943AB876C131591E0EA5DB6AB08D89EE2EA9E) (Version: 02/17/2011 15.2.14.0 - Synaptics)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Wise Registry Cleaner 8.23 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.23 - WiseCleaner.com, Inc.)
X-Rite Device Manager (HKLM-x32\...\{9ACEA9CD-63B9-4784-807B-EA295E96A7C3}_is1) (Version: 1.0 - X-Rite Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2727355821-1189829001-2483972847-1001_Classes\CLSID\{F5DF8D65-559D-4b75-8562-5302BD2F5F20}\InprocServer32 -> C:\Users\admin\AppData\Roaming\2XClient\TuxClientSystem.dll (2X Software Ltd.)

==================== Restore Points  =========================

22-09-2014 04:00:11 Windows-Sicherung
23-09-2014 04:00:10 Windows-Sicherung
24-09-2014 06:57:08 Windows Update
24-09-2014 06:57:26 Windows-Sicherung
25-09-2014 07:21:16 Windows-Sicherung
26-09-2014 08:56:39 Windows-Sicherung
01-10-2014 15:23:33 Windows-Sicherung
02-10-2014 01:00:12 Windows Update
06-10-2014 04:00:14 Windows-Sicherung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {016EDBE6-7142-48BE-B625-2E27458372BA} - System32\Tasks\{C4C7140F-FA99-42CF-8CFA-8C91D3A43985} => C:\Program Files (x86)\LibreOffice 4\program\soffice.exe
Task: {08A4438C-B0FF-4CA7-ACBB-1372E95ACD9B} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {098BBB6E-C9BE-4B51-AE21-042880E6C468} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-10] ()
Task: {162C5A7F-52FB-48B6-9145-A198BE6FEAF1} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-05-06] ()
Task: {255FDC70-F297-4E67-AB0E-562B2D75519C} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: {45A6DF59-FFC9-4CD8-B3E1-8AC820456C01} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {47E8C257-BC97-41D7-935E-C584358276B5} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\pcdrcui.exe [2010-12-10] (PC-Doctor, Inc.)
Task: {4E825668-3EC3-4118-B503-EECBDB5421CF} - System32\Tasks\Driver Whiz-RTMScan => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe [2013-09-19] (PC Drivers Headquarters)
Task: {5AF432A6-7863-498A-A247-889BE6D7D92E} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {622D35A6-C21E-4D89-BF66-7C71B3BC42D1} - System32\Tasks\ScanSoft Background Update => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28] (Nuance Communications, Inc.)
Task: {65E72476-F31C-436E-95D0-A67DFDD66AB6} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {6675D8CF-9B28-4CEB-ABA3-4BDCD777285E} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {80B53E5E-7FFE-44D6-9979-E42E591BF8AF} - System32\Tasks\Driver Whiz-RTMRules => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe [2013-09-19] (PC Drivers Headquarters)
Task: {96E0118B-8B97-403B-95D2-F2E05DCF5A84} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {9E381594-8B29-4EAF-B0F6-54F91AFA725B} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {A20B1E84-E43E-48D3-8B49-CC39983003D7} - System32\Tasks\{9C1E5AC2-E0C0-4B42-8618-219886BB0EA1} => C:\Windows\SYSTEM32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {A2343AFA-0720-4AD1-9F70-EE2620821137} - System32\Tasks\Driver Whiz-RTMScanRunOnce => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe [2013-09-19] (PC Drivers Headquarters)
Task: {B2089EDE-154D-41FF-B014-8AD072A51D18} - System32\Tasks\Lenovo\SROptimizer => %TRPATH%\SRORest.exe
Task: {B27C9916-1D0D-43E6-9719-FDF1C4DFFA11} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {B41FE74A-40FF-4F59-A7CA-A8246B9BA408} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {C4886425-9EC2-40D9-94D7-8299C6AFD210} - System32\Tasks\TVT\LaunchRnR => C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrcmd.exe [2010-12-11] (Lenovo Limited Group Corporation)
Task: {C644179C-EF57-4C69-B214-B24967A287A8} - System32\Tasks\Driver Whiz-RTMUpdater => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe [2013-09-19] (PC Drivers Headquarters)
Task: {C948B737-2ABE-433D-B0FF-B55CA0141858} - System32\Tasks\Digital Sites => C:\Users\admin\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {CAC2D343-46CA-41B7-A4DE-D596DFDA6BEE} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2010-12-10] ()
Task: {CC24DBE3-F751-462A-B1F4-0B24A5FD4AF3} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {CE9301A4-8DA2-4FC1-B1E5-1F2227BC968D} - System32\Tasks\{DB6587ED-4C05-4A0C-BE9B-8DEF9BE88B98} => C:\Windows\SYSTEM32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {DD020A19-F1CF-40A6-8A52-71FBC30B2CDD} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {E07505AC-1D38-4B60-A771-0419931A1158} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-05-06] (Lenovo)
Task: {EBA0FC2C-7CDB-4CBA-B5B4-67FD4437D7A1} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-03-07] (Lenovo Group Limited)
Task: {F25DF6A3-E502-4DEA-B35B-6A8B9A8516F1} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
Task: {F4082DC2-0577-4574-B104-567B6C5BEB98} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-05-27] (Lenovo)
Task: {F417C958-E224-46CE-869F-6681179C0ECA} - System32\Tasks\{4A81435E-D2E9-4F92-B4A5-C3C08F938B8B} => C:\Windows\SYSTEM32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {F802ACC2-3676-4D5F-9574-EE6557A78A5C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2010-12-10] (PC-Doctor, Inc.)
Task: {FB5F56B2-7B62-4C68-AD89-2BC74C07F52D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {FD30C93A-C399-4C61-A929-8FACA6ACE19F} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\admin\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\pcdrcui.exe

==================== Loaded Modules (whitelisted) =============

2014-07-16 10:24 - 2014-07-16 10:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2011-04-16 09:37 - 2014-03-07 06:04 - 00117248 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2009-05-28 07:09 - 2009-05-28 07:09 - 00049976 ____N () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2013-09-19 10:00 - 2013-09-19 10:00 - 00684416 ____N () C:\Program Files (x86)\Driver Whiz\Driver Whiz\ThemePack.DriverWhiz.dll
2013-09-19 09:31 - 2013-09-19 09:31 - 00412064 ____N () C:\Program Files (x86)\Driver Whiz\Driver Whiz\Agent.Communication.XmlSerializers.dll
2026-04-19 14:06 - 2014-05-01 21:29 - 00098304 _____ () F:\Programme\FileZillaPortable\FileZilla FTP Client\fzshellext_64.dll
2012-07-17 14:22 - 2011-01-26 21:31 - 00615016 ____N () C:\Program Files\NVIDIA Corporation\nView\nvshell.dll
2014-10-06 21:12 - 2014-10-06 21:13 - 00050477 _____ () C:\Users\admin\Desktop\Defogger.exe
2014-03-14 17:47 - 2014-03-14 17:47 - 00092504 ____N () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2011-04-16 09:33 - 2011-05-27 02:17 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-23 21:43 - 2012-09-23 21:43 - 00010240 ____N () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 ____N () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2026-04-19 16:51 - 2014-05-24 18:41 - 00091648 _____ () F:\Programme\FileZillaPortable\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2026-04-19 16:51 - 2014-05-24 18:41 - 00892416 _____ () F:\Programme\FileZillaPortable\FileZilla FTP Client\libstdc++-6.dll
2026-04-20 04:17 - 2014-08-27 23:02 - 01042232 _____ () F:\Programme\LibreOfficePortable\program\libxml2.dll
2026-04-20 04:17 - 2014-08-27 23:02 - 00183096 _____ () F:\Programme\LibreOfficePortable\program\libxslt.dll
2026-04-20 04:17 - 2014-08-27 23:03 - 00080696 _____ () F:\Programme\LibreOfficePortable\program\python3.dll
2026-04-20 04:16 - 2014-08-27 20:17 - 00049152 _____ () F:\Programme\LibreOfficePortable\program\python-core-3.3.3\lib\_socket.pyd
2014-09-25 11:33 - 2014-09-25 11:33 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-03-04 22:16 - 2012-03-04 22:16 - 00249664 ____N () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
2014-09-10 13:56 - 2014-09-10 13:56 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

admin (S-1-5-21-2727355821-1189829001-2483972847-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-2727355821-1189829001-2483972847-500 - Administrator - Disabled)
Gast (S-1-5-21-2727355821-1189829001-2483972847-501 - Limited - Disabled)
nadmin (S-1-5-21-2727355821-1189829001-2483972847-1003 - Administrator - Enabled)
UpdatusUser (S-1-5-21-2727355821-1189829001-2483972847-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/05/2014 06:00:22 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "\\Zentrale\data\backups\backup_zi_portable\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (10/04/2014 02:50:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: lpu_lib.dll, Version: 1.4.0.1, Zeitstempel: 0x51f0e093
Ausnahmecode: 0x40000015
Fehleroffset: 0x000000000001f67e
ID des fehlerhaften Prozesses: 0x1b08
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3

Error: (10/03/2014 03:45:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avfwsvc.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec7f9
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000222d2
ID des fehlerhaften Prozesses: 0x474
Startzeit der fehlerhaften Anwendung: 0xavfwsvc.exe0
Pfad der fehlerhaften Anwendung: avfwsvc.exe1
Pfad des fehlerhaften Moduls: avfwsvc.exe2
Berichtskennung: avfwsvc.exe3

Error: (10/03/2014 08:27:55 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "\\Zentrale\data\backups\backup_zi_portable\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (10/02/2014 09:51:58 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "\\Zentrale\data\backups\backup_zi_portable\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (10/01/2014 05:13:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avfwsvc.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec7f9
Name des fehlerhaften Moduls: avfwsvc.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec7f9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ce14
ID des fehlerhaften Prozesses: 0x758
Startzeit der fehlerhaften Anwendung: 0xavfwsvc.exe0
Pfad der fehlerhaften Anwendung: avfwsvc.exe1
Pfad des fehlerhaften Moduls: avfwsvc.exe2
Berichtskennung: avfwsvc.exe3

Error: (09/29/2014 06:00:22 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "\\Zentrale\data\backups\backup_zi_portable\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (09/28/2014 00:51:29 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "\\Zentrale\data\backups\backup_zi_portable\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (09/27/2014 02:33:42 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "\\Zentrale\data\backups\backup_zi_portable\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (09/26/2014 07:33:01 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.


System errors:
=============
Error: (10/04/2014 09:46:45 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎03.‎10.‎2014 um 17:40:04 unerwartet heruntergefahren.

Error: (10/03/2014 05:41:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ZeroConfigService erreicht.

Error: (10/03/2014 05:41:04 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ZeroConfigService erreicht.

Error: (10/03/2014 03:47:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ZeroConfigService erreicht.

Error: (10/03/2014 03:46:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ZeroConfigService erreicht.

Error: (10/03/2014 03:45:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira FireWall" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (10/01/2014 05:13:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira FireWall" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/27/2014 02:22:42 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (09/26/2014 10:32:24 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers,
der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an
der Eingabeaufforderung, um den doppelten Namen zu bestimmen.

Error: (09/26/2014 10:16:58 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers,
der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an
der Eingabeaufforderung, um den doppelten Namen zu bestimmen.


Microsoft Office Sessions:
=========================
Error: (10/05/2014 06:00:22 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: \\Zentrale\data\backups\backup_zi_portable\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (10/04/2014 02:50:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7601.175674d672ee4lpu_lib.dll1.4.0.151f0e09340000015000000000001f67e1b0801cfdfc57fced127C:\Windows\explorer.exeC:\Program Files\Common Files\Lenovo\lpu\lpu_lib.dllf996e42a-4bc4-11e4-811f-d158c8705188

Error: (10/03/2014 03:45:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avfwsvc.exe14.0.6.52253bec7f9ntdll.dll6.1.7601.18247521ea8e7c0000005000222d247401cfdf1045439099C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exeC:\Windows\SysWOW64\ntdll.dll956b4942-4b03-11e4-b13c-c5168adeea84

Error: (10/03/2014 08:27:55 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: \\Zentrale\data\backups\backup_zi_portable\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (10/02/2014 09:51:58 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: \\Zentrale\data\backups\backup_zi_portable\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (10/01/2014 05:13:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avfwsvc.exe14.0.6.52253bec7f9avfwsvc.exe14.0.6.52253bec7f9c00000050000ce1475801cfdd8a3674ffc4C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe87228278-497d-11e4-b8ca-fd0ae5dde382

Error: (09/29/2014 06:00:22 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: \\Zentrale\data\backups\backup_zi_portable\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (09/28/2014 00:51:29 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: \\Zentrale\data\backups\backup_zi_portable\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (09/27/2014 02:33:42 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: \\Zentrale\data\backups\backup_zi_portable\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (09/26/2014 07:33:01 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: \\Zentrale\data\downloads\FileZilla_3.8.0_win32-setup.exe\\Zentrale\data\downloads\FileZilla_3.8.0_win32-setup.exe0


CodeIntegrity Errors:
===================================
  Date: 2014-09-26 15:47:14.696
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-05 18:21:39.027
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-20 19:14:17.895
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-06 19:56:56.218
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-04 14:20:29.577
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-03 19:08:09.864
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-03 18:54:27.128
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-03 18:25:25.378
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-03 17:17:47.606
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-20 20:53:48.089
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 55%
Total physical RAM: 3979.23 MB
Available physical RAM: 1780.66 MB
Total Pagefile: 7956.65 MB
Available Pagefile: 5331.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:281.29 GB) (Free:202.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (GA EINS) (Removable) (Total:29.5 GB) (Free:15.25 GB) FAT32
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.63 GB) (Free:2.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 80047904)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=281.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 29.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

GMER.log

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-06 23:34:43
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.GHBZ 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\admin\AppData\Local\Temp\fflyauog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                              fffff800035f7000 52 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 582                                                                                                                              fffff800035f7036 27 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
.text     C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                                                                                 fffff96000174200 7 bytes [40, A3, F3, FF, 01, B5, F0]
.text     C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                                                                                                             fffff96000174208 3 bytes [C0, 06, 02]

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f74a                                                                                                                     
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf4fee0d8                                                                                                                     
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf4fee0d8@544408ccf045                                                                                                        0x45 0x33 0xED 0x18 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f9f723f2                                                                                                                     
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f9fdaaf5                                                                                                                     
Reg       HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export                                                                                                                         ???U???????U#???? ???????U?????U???????,????????4?7?D???????????????????????????????????????????????srvnet?47F??????????????AP??????????????`????????????-????N??i????????D??1???1??????????? ???????U?????????????,??????????????#?????? &??????????????????????????????????????????????d???c?d?U??Microsoft???? ???????U?????U???????,????????4?8?D???????????????????????????????????????storflt??4???????????????????????????????d??os??t???? ???????U?????????????,??????????????#?????tcpipreg?0??????0???????????????????ta???????????`?`?Z????h??????W?gcf???????U???????????z?{???????U#???? ???????T ????????????,??????????V?&???????????????????????\\?\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_#12083000000278&0##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}???????????????????????????18?????????0???????????????????????????? ?????????????????????????????????????????????????????????? ??????????????????? ???????s?????oem??? *??b?????????l????USB?CD??????????????????????? 6??_???s?????D?????????????:?
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f74a (not active ControlSet)                                                                                                 
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf4fee0d8 (not active ControlSet)                                                                                                 
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf4fee0d8@544408ccf045                                                                                                            0x45 0x33 0xED 0x18 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f9f723f2 (not active ControlSet)                                                                                                 
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f9fdaaf5 (not active ControlSet)                                                                                                 
Reg       HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export                                                                                                                             ???n??????????????????????????????????`??v?????????e????Mausklassentreiber??????????????????????????.NTAMD64?????????????????????????????&??DiskDrive???Microsoft?????<??n????????????????B??r?????????e??????`???????????????&??n?????????e????1.9??>???????????????n?????t????????????????1-?????????????????????????????k???k??????8???????????h?????????te??system32\DRIVERS\HECIx64.sys???????????????g?????????????n??@%systemroot%\system32\drivers\luafv.sys,-101?????:??n???4????h???????N??????C????D1CB??NWIM?????????????????????i?????????e?????n???v????N?????????????????COM11???1???Extended base???system32\DRIVERS\mouclass.sys?ouclass.sys?????b??n?????????e????System Bus Extender?????????????????t???????????????t????????????????????n??????????????????9A??? ???????n???????? ????,?????? ????????S?'???????????????????????????n????????h??????????????4??4???????????????????????????????????t?????????????????????????????????????????P??n????????h??????n???n???????????????????????s??ep???o??????<??????????????n?????????????e?
Reg       HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\admin\AppData\Local\Logitech\xae Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe  1

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                                                                                           unknown MBR code

---- EOF - GMER 2.1 ----
         
Danke für die Mühe, mir auf die Sprünge zu helfen.

Alt 07.10.2014, 08:26   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz - Standard

Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz



hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Update for Audio Converter

    VO Package


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 






Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 07.10.2014, 11:32   #3
chic
 
Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz - Standard

Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz



Hi Schrauber.

Hier die Combofix.txt

Code:
ATTFilter
ComboFix 14-10-04.01 - admin 07.10.2014   9:59.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3979.1706 [GMT 2:00]
ausgeführt von:: c:\users\admin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Lenovo\Lenovo Solution Center\Microsoft Fix it\FixitUi\_desktop.ini
c:\programdata\Local
c:\programdata\Roaming
C:\root
c:\root\wpfdot.exe
c:\users\admin\AppData\Roaming\2XBasicClientLog.txt
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk
c:\windows\SysWow64\SET8F6C.tmp
Q:\AUTORUN.INF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-09-07 bis 2014-10-07  ))))))))))))))))))))))))))))))
.
.
2014-10-07 08:08 . 2014-10-07 08:08	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-10-07 08:08 . 2014-10-07 08:08	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-10-07 07:42 . 2014-10-07 07:42	--------	d-----w-	c:\program files (x86)\VS Revo Group
2014-10-06 19:18 . 2014-10-06 19:23	--------	d-----w-	C:\FRST
2014-10-01 15:19 . 2014-09-25 02:08	371712	----a-w-	c:\windows\system32\qdvd.dll
2014-10-01 15:19 . 2014-09-25 01:40	519680	----a-w-	c:\windows\SysWow64\qdvd.dll
2014-09-26 17:35 . 2014-09-26 17:35	--------	d-----w-	c:\users\admin\AppData\Local\ProSaldo
2014-09-26 17:34 . 2014-09-26 17:34	--------	d-----w-	C:\Programme
2014-09-23 23:14 . 2014-09-09 22:11	2048	----a-w-	c:\windows\system32\tzres.dll
2014-09-23 23:14 . 2014-09-09 21:47	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-09-23 16:59 . 2014-09-23 16:59	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2014-09-23 16:59 . 2014-09-23 16:59	--------	d-----r-	c:\program files (x86)\Skype
2014-09-17 13:07 . 2014-09-17 13:07	--------	d-----w-	c:\users\admin\.jfreereport
2014-09-11 07:44 . 2014-08-18 23:01	23591424	----a-w-	c:\windows\system32\mshtml.dll
2014-09-11 07:42 . 2014-06-27 02:08	2777088	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2014-09-11 07:42 . 2014-06-27 01:45	2285056	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-11 07:17 . 2014-08-01 11:53	1031168	----a-w-	c:\windows\system32\TSWorkspace.dll
2014-09-11 07:17 . 2014-08-01 11:35	793600	----a-w-	c:\windows\SysWow64\TSWorkspace.dll
2014-09-11 07:13 . 2014-06-24 03:29	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2014-09-11 07:13 . 2014-06-24 02:59	1987584	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2014-09-11 07:12 . 2014-07-07 02:06	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-09-11 07:12 . 2014-07-07 02:06	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-09-11 07:12 . 2014-07-07 01:40	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-09-11 07:12 . 2014-07-07 01:40	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-09-11 07:12 . 2014-07-07 01:39	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-09-09 19:17 . 2014-09-13 16:21	--------	d-----w-	c:\users\admin\AppData\Roaming\2XClient
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-15 06:21 . 2012-07-17 12:00	101694776	----a-w-	c:\windows\system32\MRT.exe
2014-09-10 11:56 . 2013-08-23 18:36	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 11:56 . 2013-08-23 18:36	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-30 19:21 . 2010-06-24 18:33	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-08-28 12:56	404480	----a-w-	c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 12:56	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-08-28 12:56	3163648	----a-w-	c:\windows\system32\win32k.sys
2014-07-25 00:35 . 2014-07-25 00:35	875688	----a-w-	c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47	869544	----a-w-	c:\windows\system32\msvcr120_clr0400.dll
2014-07-16 08:24 . 2014-05-05 12:22	40760	----a-w-	c:\windows\system32\TURegOpt.exe
2014-07-16 08:24 . 2014-06-25 05:50	43320	----a-w-	c:\windows\system32\uxtuneup.dll
2014-07-16 08:24 . 2014-05-05 12:22	29496	----a-w-	c:\windows\system32\authuitu.dll
2014-07-16 08:24 . 2014-05-05 12:22	25400	----a-w-	c:\windows\SysWow64\authuitu.dll
2014-07-16 08:24 . 2014-06-25 05:50	36152	----a-w-	c:\windows\SysWow64\uxtuneup.dll
2014-07-14 02:02 . 2014-08-14 08:14	1216000	----a-w-	c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-14 08:14	664064	----a-w-	c:\windows\SysWow64\rpcrt4.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay-cbfs4]
@="{E524A5A6-F0DD-48EA-8BB0-5DC00ECA5388}"
[HKEY_CLASSES_ROOT\CLSID\{E524A5A6-F0DD-48EA-8BB0-5DC00ECA5388}]
2013-07-03 10:21	156520	------w-	c:\windows\SysWOW64\cbfsMntNtf4.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe" [2014-09-12 759712]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-08-27 22041192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"PWMTRV"="c:\program files (x86)\ThinkPad\Utilities\PWMTR64V.DLL" [2014-03-07 6633304]
"X-Rite Legacy Device"="c:\program files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe" [2010-09-28 105984]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-07-30 751184]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"HIN Client"="c:\program files (x86)\HIN Client\hinclient.exe" [2013-11-28 243432]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2014-09-12 3499920]
"ACTray"="c:\program files (x86)\Lenovo\Access Connections\ACTray.exe" [2014-03-14 432472]
.
c:\users\nadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Tintenwarnungen überwachen - HP Officejet Pro 8100 (Netzwerk).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet Pro 8100\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2ADBVJCW05MX;CONNECTION=NW;MONITOR=1; [2009-7-14 45568]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BUFFALO NAS Navigator2.lnk - c:\program files (x86)\BUFFALO\NASNAVI\NasNavi.exe /startup [2013-3-29 1945700]
FRITZ!Fernzugang.lnk - c:\program files\FRITZ!Fernzugang\FRITZVPN.exe [2013-6-17 2700640]
NAS Scheduler.lnk - c:\program files (x86)\BUFFALO\NASNAVI\nassche.exe [2009-5-15 206128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2013-5-14 1395416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1894063F-D990-48F1-9E09-1B7337AF5955}"= "c:\windows\SysWOW64\cbfsMntNtf4.dll" [2013-07-03 156520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EldosMountNotificator-cbfs4"= {1894063F-D990-48F1-9E09-1B7337AF5955} - c:\windows\SysWOW64\cbfsMntNtf4.dll [2013-07-03 156520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll c:\program files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-484763869-1060284298-1114\Scripts\Logoff\0\0]
"Script"=ende.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-484763869-1060284298-1114\Scripts\Logon\0\0]
"Script"=start.bat
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
R3 AMPPALP;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 bftpusbx;BUFFALO TurboPC EX USB Filter Driver;c:\windows\system32\drivers\bftpusbx64.sys;c:\windows\SYSNATIVE\drivers\bftpusbx64.sys [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
R3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 l36wgps; Mobile Broadband GPS Port;c:\windows\system32\DRIVERS\l36wgps64.sys;c:\windows\SYSNATIVE\DRIVERS\l36wgps64.sys [x]
R3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;c:\program files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe;c:\program files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [x]
R3 LSCWinService;LSCWinService;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [x]
R3 Mbm3CBus;F5521gw Mobile Broadband Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3CBus.sys [x]
R3 Mbm3DevMt; Mobile Broadband Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3DevMt.sys [x]
R3 Mbm3mdfl; Mobile Broadband Modem Port Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3mdfl.sys [x]
R3 Mbm3Mdm; Mobile Broadband Modem Port Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3Mdm.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 PCDSRVC{127174DC-C366ED8B-06020101}_0;PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms;c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys;c:\windows\SYSNATIVE\drivers\pmxdrv.sys [x]
R3 Power Manager DBC Service;Power Manager Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\DRIVERS\swnc8u80.sys;c:\windows\SYSNATIVE\DRIVERS\swnc8u80.sys [x]
R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\DRIVERS\swumx80.sys;c:\windows\SYSNATIVE\DRIVERS\swumx80.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\DRIVERS\wtsmpadap.sys;c:\windows\SYSNATIVE\DRIVERS\wtsmpadap.sys [x]
R3 WtSmpFlt;Sesam Adapter;c:\windows\system32\DRIVERS\wtsmpflt.sys;c:\windows\SYSNATIVE\DRIVERS\wtsmpflt.sys [x]
R3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys;c:\windows\SYSNATIVE\DRIVERS\WwanUsbMp64.sys [x]
R4 NasPmService;NAS PM Service;c:\program files (x86)\BUFFALO\NASNAVI\nassvc.exe;c:\program files (x86)\BUFFALO\NASNAVI\nassvc.exe [x]
R4 tpcexdccs;TurboPC EX DiskCache Control Service;c:\program files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe;c:\program files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 bftpdskc;BUFFALO TurboPC EX Cache Filter Driver;c:\windows\system32\drivers\bftpdskc64.sys;c:\windows\SYSNATIVE\drivers\bftpdskc64.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys;c:\windows\SYSNATIVE\DRIVERS\avfwot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 cbfs4;cbfs4;c:\windows\system32\drivers\cbfs4.sys;c:\windows\SYSNATIVE\drivers\cbfs4.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [x]
S2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 avmike;AVM FRITZ!Fernzugang IKE Service;c:\program files\FRITZ!Fernzugang\avmike.exe;c:\program files\FRITZ!Fernzugang\avmike.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 certsrv;AVM FRITZ!Fernzugang Cert Service;c:\program files\FRITZ!Fernzugang\certsrv.exe;c:\program files\FRITZ!Fernzugang\certsrv.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 nwtsrv;AVM FRITZ!Fernzugang Client;c:\program files\FRITZ!Fernzugang\nwtsrv.exe;c:\program files\FRITZ!Fernzugang\nwtsrv.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TC2Service;TurboPC EX FileCopy Service;c:\windows\system32\TC2Service.exe;c:\windows\SYSNATIVE\TC2Service.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [x]
S2 xritedeviced;X-Rite Device Manager;c:\program files (x86)\X-Rite\Devices\Services\xritedeviced.exe;c:\program files (x86)\X-Rite\Devices\Services\xritedeviced.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys;c:\windows\SYSNATIVE\DRIVERS\avfwim.sys [x]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C525(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 NWIM;AVM VPN Miniport;c:\windows\system32\DRIVERS\avmnwim.sys;c:\windows\SYSNATIVE\DRIVERS\avmnwim.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
S3 vpnpbus;EldoS PnP Virtual Bus driver;c:\windows\system32\DRIVERS\vpnpbus.sys;c:\windows\SYSNATIVE\DRIVERS\vpnpbus.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-23 11:57]
.
2014-10-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-12-09 22:52]
.
2014-10-07 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-12-09 22:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay-cbfs4]
@="{E524A5A6-F0DD-48EA-8BB0-5DC00ECA5388}"
[HKEY_CLASSES_ROOT\CLSID\{E524A5A6-F0DD-48EA-8BB0-5DC00ECA5388}]
2013-07-03 10:22	182632	------w-	c:\windows\System32\cbfsMntNtf4.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2014-02-17 384344]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2013-05-29 60920]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2010-12-17 281448]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2014-03-14 63832]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
"tpcexTray"="c:\program files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe" [2013-09-25 77368]
"TC2Tray"="c:\windows\system32\TC2Tray.exe" [2012-07-18 629656]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-30 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-30 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-30 442352]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1894063F-D990-48F1-9E09-1B7337AF5955}"= "c:\windows\system32\cbfsMntNtf4.dll" [2013-07-03 182632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{0221703C-6E84-4915-9960-593A66B3D84E} - c:\program files (x86)\ELOoffice\EloArcConnect.exe
IE: {{39FC0E7F-84EA-4962-AB58-33913BC63CAB} - c:\program files (x86)\ELOoffice\EloInternetExplorer.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.19
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 5016
FF - prefs.js: network.proxy.type - 1
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
SSODL-EldosMountNotificator-cbfs4    REG_SZ    {1894063F-D990-48F1-9E09-1B7337AF5955}- - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020101}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\progra~1\Lenovo\Zoom\TPSCREX.EXE
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files\Lenovo\Lenovo Solution Center\LSCNotify.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-10-07  10:14:37 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-10-07 08:14
.
Vor Suchlauf: 14 Verzeichnis(se), 215.641.706.496 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 215.191.527.424 Bytes frei
.
- - End Of File - - 70F2B9F7B6FDDF2FEF7193135B503BE9
         
ERGÄNZUNG zur COMBOFIX.tx

Habe den Rechner "alleine" gelassen für ca. 30 Minuten, in der Zeit hat ein Absturz stattgefunden. Die in der Windoiws-Meldung erwähnten Dateien minidump (dmp) und WER-xxx.sysdata.xml lassen sich nicht öffnen (Zugriff verweigert). Soll ich versuchen, diese Dateien zu posten?

Danke.

chic (o
__________________

Alt 08.10.2014, 11:12   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz - Standard

Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.10.2014, 16:38   #5
chic
 
Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz - Standard

Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz



Moinmoin oder Servus.
Sorry, habe ein bisschen länger gebraucht.
Sehr gerne:

mbam:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 08.10.2014
Scan Time: 13:17:09
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.08.03
Rootkit Database: v2014.09.19.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 460489
Time Elapsed: 14 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}, Quarantined, [0d3679998bf155e1e480587c06fced13], 
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2727355821-1189829001-2483972847-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [ab988e849edefd3981285f38be44b34d], 
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, Quarantined, [043f7a98bebe989ea0f273aeda292fd1], 
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2727355821-1189829001-2483972847-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCHPROTECTINT, Quarantined, [e0638c86fb811d19de34c680cd362dd3], 
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-2727355821-1189829001-2483972847-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, Quarantined, [2c17a072fc8033030c856ab730d327d9], 

Registry Values: 1
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2727355821-1189829001-2483972847-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCHPROTECTINT|Install, 1, Quarantined, [e0638c86fb811d19de34c680cd362dd3]

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.SystemSpeedup, C:\Users\admin\AppData\Roaming\Systweak\ssd, Quarantined, [083bab67d1abbd79f40f15e879891ae6], 
PUP.Optional.Updater.A, C:\Users\admin\AppData\Roaming\DigitalSites\UpdateProc, Quarantined, [85bed24073094fe78767dc2534cf738d], 

Files: 4
PUP.Optional.Outbrowse, C:\Users\admin\Downloads\Java.exe, Quarantined, [c47f6ca669131d1936361b73e61e01ff], 
PUP.Optional.OpenCandy, C:\Users\admin\Downloads\FreeFileSync_6.4_Windows_Setup.exe, Quarantined, [a3a0a66c0f6dba7ca7c7ba82c83d867a], 
PUP.Optional.OpenCandy, C:\Users\admin\Downloads\FreeFileSync_6.9_Windows_Setup.exe, Quarantined, [a79c759da8d4e353016dc478f510df21], 
PUP.Optional.SystemSpeedup, C:\Users\admin\AppData\Roaming\Systweak\ssd\SSDPTstub.exe, Quarantined, [083bab67d1abbd79f40f15e879891ae6], 

Physical Sectors: 0
(No malicious items detected)


(end)
         
AdWCleaner
Code:
ATTFilter
# AdwCleaner v3.311 - Bericht erstellt am 08/10/2014 um 14:15:48
# Aktualisiert 30/09/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : admin - ZI_PORTABLE
# Gestartet von : C:\Users\admin\Desktop\AdwCleaner_3.311.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\Mobogenie
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Users\admin\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\admin\Documents\Mobogenie
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\admin\daemonprocess.txt
Datei Gelöscht : C:\Users\nadmin\AppData\Roaming\Mozilla\Firefox\Profiles\tij56hem.default\searchplugins\ask-search.xml
Datei Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\user.js

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.3 (x86 de)

[ Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\prefs.js ]


[ Datei : C:\Users\nadmin\AppData\Roaming\Mozilla\Firefox\Profiles\tij56hem.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2478 octets] - [08/10/2014 13:56:13]
AdwCleaner[S0].txt - [2288 octets] - [08/10/2014 14:15:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2348 octets] ##########
         
JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.1 (10.06.2014:1)
OS: Windows 7 Professional x64
Ran by admin on 08.10.2014 at 14:21:58,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\admin\appdata\local\pc_drivers_headquarters"
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{11D9AFC5-7E63-44F1-9D78-42846E04366C}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{1D9BD776-A830-45FF-9B4D-4C888FD93D0C}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{3DA70979-8D38-4550-AFA4-3C8CCE611F09}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{3E4173E6-87FB-4EDB-9068-B97C350B32FD}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{5BF11B54-8D03-48F6-AA46-A1E426F1F99E}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{9918A404-E2EB-499F-B70B-B8B9DC8E9F5C}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{A1D754FD-AACC-4356-8E62-0B50477C7288}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{F40EA0CD-A94B-4543-96FB-8EBC30EB6663}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{F412292C-54A2-4A16-ACB9-DB71960FC02E}



~~~ FireFox

Successfully deleted the following from C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\oqj5821y.default\prefs.js

user_pref("browser.search.useDBForOrder", true);
Emptied folder: C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\oqj5821y.default\minidumps [102 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.10.2014 at 14:25:58,01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Und 'ne frische FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by admin (administrator) on ZI_PORTABLE on 08-10-2014 14:36:24
Running from C:\Users\admin\Desktop
Loaded Profiles: UpdatusUser & admin (Available profiles: UpdatusUser & admin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(BUFFALO INC.) C:\Windows\System32\TC2Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(BUFFALO INC.) C:\Windows\System32\TC2Tray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\FRITZVPN.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
(Health Info Net AG) C:\Program Files (x86)\HIN Client\hinclient.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2014-02-17] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281448 2010-12-17] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [tpcexTray] => C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe [77368 2013-09-25] (BUFFALO INC.)
HKLM\...\Run: [TC2Tray] => C:\Windows\system32\TC2Tray.exe [629656 2012-07-18] (BUFFALO INC.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [X-Rite Legacy Device] => C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe [105984 2010-09-28] (X-Rite Inc.)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-31] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
HKLM-x32\...\Run: [HIN Client] => C:\Program Files (x86)\HIN Client\hinclient.exe [243432 2013-11-28] (Health Info Net AG)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ACTray] => C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe [432472 2014-03-14] (Lenovo)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [759712 2014-09-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [241472 2012-03-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202560 2012-03-05] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk
ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!Fernzugang.lnk
ShortcutTarget: FRITZ!Fernzugang.lnk -> C:\Program Files\FRITZ!Fernzugang\FRITZVPN.exe (AVM Berlin)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk
ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\nadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8100 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8100 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
SSODL: EldosMountNotificator-cbfs4 - {1894063F-D990-48F1-9E09-1B7337AF5955} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {1894063F-D990-48F1-9E09-1B7337AF5955} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {E524A5A6-F0DD-48EA-8BB0-5DC00ECA5388} => C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {E524A5A6-F0DD-48EA-8BB0-5DC00ECA5388} => C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {CE403DA5-2AB4-462D-B794-220F15EDD0F4} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.19

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default
FF SearchEngineOrder.1: Ask Search
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 5016
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1,192.168.1.19,hxxp://swissmedap.ch/,hxxp://postfinance.ch, hxxp://www.swiss.ch, hxxp://www.sbb.ch, hxxp://switchplus.ch, https://www.typmed.eu, hxxp://ga1.dyndns-remote.com/,hxxp://www.dyndns.org/,hxxp://www.swisscom.ch, https://www.yahoo.com/,http:dict.leo.org:80/*.*"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-eng-deu-v20.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-fra-deu.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-ita-deu.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-por-deu.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-spa-deu.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: HP Smart Print - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\Extensions\hpwebprint@hpwebprint.com [2013-11-27]
FF Extension: Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-05]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-11-27]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-02-16]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1044784 2014-10-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [805112 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [337824 2012-11-28] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143776 2012-11-28] (AVM Berlin)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-03-07] (Lenovo.)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-09-03] ()
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
S4 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [251760 2012-03-29] (BUFFALO INC.)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [191328 2013-06-10] (AVM Berlin)
R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2012-03-05] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 TC2Service; C:\Windows\system32\TC2Service.exe [308120 2012-07-18] (BUFFALO INC.)
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-12-11] (Lenovo Group Limited) [File not signed]
S4 tpcexdccs; C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe [134712 2013-09-25] (BUFFALO INC.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
S4 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-12-11] (Lenovo Group Limited)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [648744 2011-08-12] (Ericsson AB)
R2 xritedeviced; C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe [142848 2010-09-28] (X-Rite Inc.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-09-11] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-09-11] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R0 bftpdskc; C:\Windows\System32\drivers\bftpdskc64.sys [72016 2011-07-13] (BUFFALO INC.)
S3 bftpusbx; C:\Windows\System32\drivers\bftpusbx64.sys [20608 2010-10-21] (BUFFALO INC.)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [385728 2013-07-03] (EldoS Corporation)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-03-03] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-03-03] (Ericsson AB)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation)
S3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2011-07-01] (Ericsson AB)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-04-29] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-04-29] (MCCI Corporation)
S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-04-29] (MCCI Corporation)
S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-04-29] (MCCI Corporation)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2011-07-05] (AVM Berlin)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-04-16] ()
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)
S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [30088 2008-06-18] ()
S3 SWNC8U80; C:\Windows\System32\DRIVERS\swnc8u80.sys [196608 2008-06-24] (Sierra Wireless Inc.)
S3 SWUMX80; C:\Windows\System32\DRIVERS\swumx80.sys [191744 2008-06-24] (Sierra Wireless Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-03-26] (TuneUp Software)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2013-07-03] (EldoS Corporation)
S3 wtsmpadap; C:\Windows\System32\DRIVERS\wtsmpadap.sys [56104 2008-04-29] (Swisscom)
S3 WtSmpFlt; C:\Windows\System32\DRIVERS\wtsmpflt.sys [378664 2008-04-29] (Swisscom)
S3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [268840 2011-08-12] (Ericsson AB)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-08 14:36 - 2014-10-08 14:36 - 00027250 _____ () C:\Users\admin\Desktop\FRST.txt
2014-10-08 14:25 - 2014-10-08 14:25 - 00002029 _____ () C:\Users\admin\Desktop\JRT.txt
2014-10-08 14:21 - 2014-10-08 14:21 - 00000000 ____D () C:\Windows\ERUNT
2014-10-08 14:20 - 2014-10-08 14:20 - 00002432 _____ () C:\Users\admin\Desktop\AdwCleaner[S0].txt
2014-10-08 14:14 - 2014-10-08 14:14 - 01705141 _____ (Thisisu) C:\Users\admin\Desktop\JRT.exe
2014-10-08 14:12 - 2014-10-08 14:12 - 00002478 _____ () C:\Users\admin\Desktop\AdwCleaner[R0].txt
2014-10-08 14:03 - 2014-10-08 14:03 - 00000629 _____ () C:\Users\admin\Desktop\TRANSFERS.lnk
2014-10-08 13:56 - 2014-10-08 14:20 - 00000000 ____D () C:\AdwCleaner
2014-10-08 13:52 - 2014-10-08 13:52 - 01375089 _____ () C:\Users\admin\Desktop\AdwCleaner_3.311.exe
2014-10-08 13:51 - 2014-10-08 13:51 - 00002846 _____ () C:\mbam.txt
2014-10-08 13:16 - 2014-10-08 14:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-08 13:16 - 2014-10-08 13:16 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-08 13:16 - 2014-10-08 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-08 13:16 - 2014-10-08 13:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-08 13:16 - 2014-10-08 13:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-08 13:16 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-08 13:16 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-08 13:16 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-08 13:11 - 2014-10-08 13:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\admin\Desktop\mbam-setup-2.0.2.1012.exe
2014-10-07 12:18 - 2014-10-07 12:18 - 01957888 _____ () C:\Windows\Minidump\100714-15303-01.dmp
2014-10-07 10:27 - 2014-10-07 10:27 - 00000101 ____H () C:\.~lock.ComboFix.txt#
2014-10-07 10:14 - 2014-10-07 10:14 - 00032617 _____ () C:\ComboFix.txt
2014-10-07 09:57 - 2014-10-07 10:14 - 00000000 ____D () C:\Qoobox
2014-10-07 09:57 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-07 09:57 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-07 09:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-07 09:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-07 09:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-07 09:57 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-07 09:57 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-07 09:57 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-07 09:56 - 2014-10-07 10:13 - 00000000 ____D () C:\Windows\erdnt
2014-10-07 09:55 - 2014-10-07 09:55 - 05582481 _____ (Swearware) C:\Users\admin\Downloads\ComboFix(1).exe
2014-10-07 09:42 - 2014-10-07 09:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-07 08:47 - 2014-10-07 08:47 - 00002002 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-10-06 23:48 - 2014-10-06 23:48 - 00462288 _____ () C:\Windows\Minidump\100614-14710-01.dmp
2014-10-06 21:18 - 2014-10-08 14:36 - 00000000 ____D () C:\FRST
2014-10-06 21:16 - 2014-10-06 21:16 - 02109952 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-10-06 21:14 - 2014-10-06 21:14 - 00000000 _____ () C:\Users\admin\defogger_reenable
2014-10-04 09:46 - 2014-10-04 09:46 - 00000000 _____ () C:\Windows\Minidump\100414-15568-01.dmp
2014-10-01 17:19 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 17:19 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-26 19:35 - 2014-09-26 19:35 - 00001697 _____ () C:\Users\Public\Desktop\ShakeHands Kontor 2014.lnk
2014-09-26 19:35 - 2014-09-26 19:35 - 00000000 ____D () C:\Users\admin\AppData\Local\ProSaldo
2014-09-26 19:35 - 2014-09-26 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShakeHands
2014-09-26 19:34 - 2014-09-26 19:34 - 00000000 ____D () C:\Users\admin\Documents\ProSaldo
2014-09-26 19:34 - 2014-09-26 19:34 - 00000000 ____D () C:\Programme
2014-09-25 17:43 - 2014-09-25 17:43 - 43868392 _____ (Health Info Net AG) C:\Users\admin\Downloads\hin_client_windows.exe
2014-09-25 11:33 - 2014-09-25 11:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 01:14 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 01:14 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 19:21 - 2014-09-23 19:21 - 00000082 _____ () C:\Windows\odbc_merge.INI
2014-09-23 19:17 - 2014-09-23 19:22 - 00000000 ____D () C:\Users\admin\Documents\Taxpool-Buchhalter
2014-09-23 19:07 - 2014-09-23 19:07 - 00003186 _____ () C:\Windows\System32\Tasks\{56643D1F-761C-478F-A31F-24E83B3880B1}
2014-09-23 19:01 - 2014-09-23 19:01 - 63249048 _____ () C:\Users\admin\Downloads\taxpool_buchhalter_mini_installation.exe
2014-09-23 18:59 - 2014-09-23 18:59 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-23 18:59 - 2014-09-23 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-21 10:55 - 2014-09-21 10:55 - 00000000 _____ () C:\Windows\Minidump\092114-15210-01.dmp
2014-09-17 15:07 - 2014-09-17 15:07 - 00000000 ____D () C:\Users\admin\.jfreereport
2014-09-16 18:55 - 2014-10-08 14:18 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-09-16 12:54 - 2014-09-23 19:04 - 00001972 _____ () C:\Users\admin\Documents\SyncSettings_F_DESKTOP_FUER_ARCHIV.ffs_gui
2014-09-16 12:38 - 2014-09-16 12:38 - 00000000 _____ () C:\Windows\Minidump\091614-15022-01.dmp
2014-09-14 04:39 - 2014-09-23 19:04 - 00001942 _____ () C:\Users\admin\Documents\SyncSettings_F_NAS2.ffs_gui
2014-09-13 18:10 - 2014-09-13 18:10 - 00000000 ____D () C:\Users\admin\Documents\2XPDFStore
2014-09-12 10:38 - 2014-09-12 10:41 - 224940032 _____ () C:\Users\admin\Downloads\LibreOffice_4.3.1_Win_x86.msi
2014-09-12 10:38 - 2014-09-12 10:38 - 07393280 _____ () C:\Users\admin\Downloads\LibreOffice_4.3.1_Win_x86_helppack_de.msi
2014-09-11 09:45 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 09:45 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 09:45 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 09:45 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 09:45 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 09:45 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 09:45 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 09:45 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 09:45 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 09:45 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 09:45 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 09:45 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 09:45 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 09:45 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 09:45 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 09:45 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 09:45 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 09:45 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 09:45 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 09:45 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 09:45 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 09:45 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 09:45 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 09:45 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 09:45 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 09:45 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 09:45 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 09:45 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 09:45 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 09:45 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 09:45 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 09:45 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 09:45 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 09:45 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 09:44 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 09:44 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 09:44 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 09:44 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 09:44 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 09:44 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 09:44 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 09:44 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 09:44 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 09:44 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 09:44 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 09:44 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 09:44 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 09:44 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 09:44 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 09:44 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 09:44 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 09:44 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 09:44 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 09:44 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 09:44 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 09:44 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 09:42 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 09:42 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 09:17 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 09:17 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 09:13 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 09:13 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-11 09:12 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 09:12 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 09:12 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 09:12 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 09:12 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 17:35 - 2014-09-10 17:35 - 00000962 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-09-10 16:15 - 2014-09-10 16:15 - 06057862 _____ (Tim Kosse) C:\Users\admin\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2014-09-09 22:04 - 2014-09-09 22:04 - 00000112 _____ () C:\Windows\system32\snetcfg.log
2014-09-09 22:00 - 2014-09-09 22:00 - 03784904 _____ (WiseCleaner.com ) C:\Users\admin\Downloads\WPCASetup.exe
2014-09-09 21:17 - 2014-09-13 18:21 - 00000000 ____D () C:\Users\admin\AppData\Roaming\2XClient
2014-09-09 21:17 - 2014-09-09 21:17 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2X
2014-09-09 21:08 - 2014-09-09 21:08 - 00003062 _____ () C:\Windows\System32\Tasks\{9C1E5AC2-E0C0-4B42-8618-219886BB0EA1}
2014-09-09 21:04 - 2014-09-09 21:04 - 00003062 _____ () C:\Windows\System32\Tasks\{DB6587ED-4C05-4A0C-BE9B-8DEF9BE88B98}
2014-09-09 21:04 - 2014-09-09 21:04 - 00003062 _____ () C:\Windows\System32\Tasks\{4A81435E-D2E9-4F92-B4A5-C3C08F938B8B}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-08 14:37 - 2011-04-16 09:42 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-10-08 14:34 - 2011-04-16 09:42 - 00000382 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-10-08 14:29 - 2009-07-14 06:51 - 00173392 _____ () C:\Windows\setupact.log
2014-10-08 14:24 - 2009-07-14 06:45 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-08 14:24 - 2009-07-14 06:45 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-08 14:21 - 2011-04-16 09:31 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-10-08 14:21 - 2011-04-16 09:31 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-10-08 14:21 - 2011-04-16 09:19 - 01715827 _____ () C:\Windows\WindowsUpdate.log
2014-10-08 14:21 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-08 14:20 - 2013-09-11 08:12 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Skype
2014-10-08 14:17 - 2011-04-16 09:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-08 14:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-08 14:16 - 2011-04-16 09:36 - 00192580 _____ () C:\Windows\PFRO.log
2014-10-08 14:15 - 2013-08-19 13:51 - 00000000 ____D () C:\Users\admin
2014-10-08 14:05 - 2013-08-19 13:53 - 00000000 ____D () C:\Users\admin\AppData\Local\Lenovo
2014-10-08 13:56 - 2014-05-12 10:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-08 13:38 - 2009-07-24 19:29 - 00000000 ____D () C:\Windows\Panther
2014-10-08 13:37 - 2014-02-10 19:55 - 00000000 ____D () C:\Users\admin\AppData\Roaming\FileZilla
2014-10-08 13:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-10-08 13:12 - 2014-04-20 10:37 - 00000000 ____D () C:\Users\admin\Desktop\verwaltung
2014-10-07 12:34 - 2013-09-11 16:27 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-07 12:34 - 2013-09-11 16:25 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-07 12:34 - 2013-09-11 16:25 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-07 12:18 - 2014-09-05 18:51 - 535049227 _____ () C:\Windows\MEMORY.DMP
2014-10-07 12:18 - 2013-12-22 21:07 - 00000000 ____D () C:\Windows\Minidump
2014-10-07 10:10 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-07 10:08 - 2009-07-14 04:34 - 69992448 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-10-07 10:08 - 2009-07-14 04:34 - 24379392 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-10-07 10:08 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-10-07 10:08 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-10-07 10:08 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-10-07 08:47 - 2014-07-15 18:26 - 00000000 ____D () C:\Users\admin\AppData\Roaming\LSC
2014-10-07 08:47 - 2012-07-17 12:25 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-10-07 08:47 - 2011-04-16 09:23 - 00000000 ____D () C:\Program Files\Lenovo
2014-10-07 08:46 - 2011-04-16 09:42 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-10-06 22:54 - 2014-06-12 11:34 - 00000085 _____ () C:\Users\admin\AppData\Roaming\WB.CFG
2014-10-06 10:06 - 2013-11-27 17:16 - 00000000 ____D () C:\Users\admin\AppData\Roaming\HpUpdate
2014-10-04 13:38 - 2014-05-07 23:35 - 00001863 _____ () C:\Users\admin\Desktop\20140512_RA_007_SVA_Bern_11341.lnk
2014-10-04 10:52 - 2014-02-19 07:56 - 00000600 _____ () C:\Users\admin\AppData\Local\PUTTY.RND
2014-09-29 18:16 - 2013-09-29 17:26 - 00002282 ____H () C:\Users\admin\Documents\Default.rdp
2014-09-29 17:25 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-29 11:46 - 2014-05-05 14:34 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-09-25 19:02 - 2013-08-19 14:12 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Adobe
2014-09-25 17:58 - 2013-10-27 11:41 - 00001937 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HIN Client.lnk
2014-09-25 17:58 - 2013-10-27 11:41 - 00001937 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HIN Client Deinstallationsprogramm.lnk
2014-09-25 17:58 - 2013-10-27 11:40 - 00000000 ____D () C:\Program Files (x86)\HIN Client
2014-09-25 16:42 - 2013-08-19 15:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 18:26 - 2014-02-16 15:37 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2014-09-24 18:26 - 2014-02-16 15:37 - 00002221 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2014-09-24 18:26 - 2014-02-16 15:37 - 00002060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-09-24 15:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-23 19:04 - 2014-08-20 16:42 - 00001945 _____ () C:\Users\admin\Documents\SyncSettings_F_ZENTRALE.ffs_gui
2014-09-23 19:03 - 2014-06-20 10:34 - 00000943 _____ () C:\Users\Public\Desktop\FreeFileSync.lnk
2014-09-23 19:03 - 2014-06-20 10:34 - 00000933 _____ () C:\Users\Public\Desktop\RealtimeSync.lnk
2014-09-23 19:03 - 2014-04-17 18:11 - 00000955 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
2014-09-23 19:03 - 2014-04-17 18:11 - 00000945 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealtimeSync.lnk
2014-09-23 18:59 - 2014-04-01 18:31 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-23 18:59 - 2013-09-11 08:12 - 00000000 ____D () C:\ProgramData\Skype
2014-09-21 15:15 - 2014-08-28 18:03 - 00000000 ____D () C:\Users\admin\Desktop\für POSTBOX
2014-09-21 14:43 - 2013-08-23 20:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 22:07 - 2013-10-18 14:59 - 00000000 ____D () C:\ProgramData\32nd America's Cup
2014-09-16 18:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-16 12:53 - 2013-11-25 16:35 - 00000000 ____D () C:\Users\admin\Desktop\für ARCHIVDATA
2014-09-15 08:27 - 2013-08-19 18:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-15 08:21 - 2012-07-17 14:00 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-12 12:45 - 2014-05-05 14:34 - 00003676 _____ () C:\Windows\System32\Tasks\HP-Online-Aktualisierungsprogramm
2014-09-11 09:53 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-11 09:43 - 2013-12-22 11:40 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 13:57 - 2014-05-12 10:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 13:56 - 2013-08-23 20:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 13:56 - 2013-08-23 20:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-09 22:18 - 2014-09-05 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Fernzugang
2014-09-09 22:18 - 2014-09-05 13:23 - 00000000 ____D () C:\Program Files\FRITZ!Fernzugang
2014-09-09 22:02 - 2014-06-13 10:13 - 00000000 ____D () C:\Users\admin\AppData\Roaming\WiseUpdate

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\avgnt.exe
C:\Users\admin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-06 00:51

==================== End Of Log ============================
         
--- --- ---


Brauchst Du die ADDITION auch? Sicherheitshalber:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by admin at 2014-10-08 14:37:20
Running from C:\Users\admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: FireWall (Disabled) {753F9273-B322-2907-AC37-03D0F1702F22}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32nd America's Cup Patch1 (HKLM-x32\...\VskAC32_is1) (Version:  - Nadeo)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.73.00 - )
Avira Internet Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Boxcryptor Classic 1.6 (HKLM-x32\...\{8978A896-993E-451B-81FB-D11CAC402F91}) (Version: 1.6.400.65 - Secomba GmbH)
BUFFALO NAS Navigator2 (HKLM-x32\...\UN060501) (Version:  - )
BUFFALO TeraStation(WS-VL Series) Setup Guide (HKLM-x32\...\UN110308) (Version:  - )
BUFFALO TurboPC EX Series (HKLM-x32\...\UN110613) (Version:  - )
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon CanoScan Toolbox 5.0 (HKLM-x32\...\CanoScan Toolbox 5.0) (Version:  - )
CanoScan LiDE 70 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411) (Version:  - )
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.808 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DDS Viewer (HKLM-x32\...\{707333E0-C796-4E2D-B0DA-5A429706C361}_is1) (Version:  - IdeaMK)
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
DPM Player (HKLM-x32\...\{BA495217-1475-47A8-AB83-B7DC2A59B49E}) (Version: 1.00.0000 - Philips Speech Processing)
DPMCtrl.dll 2009.3 (HKLM-x32\...\DMPCTRL_is1) (Version: 2009.3 - James M. Voelker)
Driver Whiz (HKLM-x32\...\{0B540DA4-41AE-4B79-BEAB-0F07E09669AB}) (Version: 8.1 - Driver Whiz)
DSS to Wave Converter 2011.1 (HKLM-x32\...\DSS2Wave_is1) (Version: 2011.1 - James M. Voelker)
ELO Pdf Drucker (HKLM-x32\...\{C7ACA1FD-E1A7-42D1-93C2-6EBD868584E9}) (Version: 8.0 - ELO Digital Office GmbH)
ELOoffice (HKLM-x32\...\{C08EF2EB-27C6-4E99-B5C3-15AE8210B614}) (Version: 9.0 - ELO Digital Office GmbH)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
FreeFileSync 6.9 (HKLM-x32\...\FreeFileSync) (Version: 6.9 - Zenju)
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FRITZ!Fernzugang (HKLM\...\{DD57CC22-8864-4CCA-94D4-600D024C1207}) (Version: 1.3.1 - AVM Berlin)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
HIN Client (HKLM-x32\...\6993-3411-2195-6139) (Version: 1.4.0 - Health Info Net AG)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8100 - Grundlegende Software für das Gerät (HKLM\...\{312A65D1-64B1-4E81-85C0-85BE743A6550}) (Version: 25.0.617.0 - Hewlett-Packard Co.)
HP Officejet Pro 8100 Hilfe (HKLM-x32\...\{65038824-6DC7-4A44-828A-D7A7F04CD61B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB7A}) (Version: 1.0.16.0 - Hewlett Packard)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)
Intel(R) Identity Protection Technology 1.2.28.0 (HKLM-x32\...\{A87263E8-26CB-1016-8F2F-C04708B17CE2}) (Version: 1.2.28.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) PRO/Wireless Driver (Version: 16.10.0000.1228 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.6.0.0128 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{728985C5-A04B-457C-9D62-15360F3EAF85}) (Version: 3.1.29.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{86b86e21-7c9b-4baa-b284-69ce4a918661}) (Version: 16.10.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.10.0.0307 - Intel Corporation) Hidden
Java 7 Update 10 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217010FF}) (Version: 7.0.100 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Mobile Broadband Activation (HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.2.1003.00 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.3.2.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Screen Reading Optimizer (HKLM-x32\...\{91A29166-4E1B-4664-B70B-4C4A3B6B3372}) (Version: 1.16 - Lenovo)
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.4.0 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{13BD494D-9ACD-420B-A291-E145DED92EF6}) (Version: 2.6.001.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5717.39 - PC-Doctor, Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)
LibreOffice 4.2 Help Pack (German) (HKLM-x32\...\{2EC623B7-3559-4058-B4AC-14DC018FC0B7}) (Version: 4.2.6.3 - The Document Foundation)
LibreOffice 4.2.6.3 (HKLM-x32\...\{14DB1822-00B5-4820-86B5-EF893CA46B53}) (Version: 4.2.6.3 - The Document Foundation)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (HKLM\...\{BBBE35B2-9349-3C48-BD3D-F574B17C7924}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 6.5.1.5 - Ericsson AB)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 11.030.01.02.51 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Northspace VSK Courses 1.0 (HKLM-x32\...\{9F4281A5-75F2-43C4-839E-511A715F58CB}_is1) (Version:  - Northspace)
NVIDIA 3D Vision Driver 276.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 276.58 - NVIDIA Corporation)
NVIDIA Control Panel 276.58 (Version: 276.58 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 276.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 276.58 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.24.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.24.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.275.82.0 - NVIDIA Corporation) Hidden
NVIDIA nView 135.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.64 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (Version: 6.14.10.13564 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.3.12 (Version: 1.3.12 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.7658 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.3.12 - NVIDIA Corporation) Hidden
Philips DPM Player Hot Fix (HKLM-x32\...\Philips DPM Player Hot Fix_is1) (Version:  - )
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.64.4 - Lenovo Group Limited)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RapidBoot (HKLM-x32\...\InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}) (Version: 1.00 - Lenovo)
RapidBoot (x32 Version: 1.00 - Lenovo) Hidden
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.31.0010.00 - Lenovo Group Limited)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RICOH Media Driver v2.10.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.10.18.02 - RICOH)
ScanSoft OmniPage SE 4.0 (HKLM-x32\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
ShakeHands Kontor 2014 Release 11.2.1 (HKLM-x32\...\{868EDAD1-2C43-4E0B-972A-55BFAB0E56E0}}_is1) (Version:  - ShakeHands Software Ltd)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.60 - NCH Software)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 6.5.38.0 - 2BrightSparks)
Taxpool-Buchhalter Mini 8.20 (HKLM-x32\...\Taxpool-Buchhalter Mini) (Version: 8.20 - psynetic® Software)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.41 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.13 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.21 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.05 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version: 2.80 - Lenovo)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
Windows Driver Package - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Windows Driver Package - Intel (MEIx64) System  (10/19/2010 7.0.0.1144) (HKLM\...\90FD26A77B849AE03FF5F07A1CDA7F950406A8D8) (Version: 10/19/2010 7.0.0.1144 - Intel)
Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\A513FC5E5A08D4EF27F234E91E0E942A0234210B) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System  (10/04/2010 9.2.0.1015) (HKLM\...\FE1BEBFD475BB832AAF104F5C63348E98A9286DF) (Version: 10/04/2010 9.2.0.1015 - Intel)
Windows Driver Package - Intel USB  (09/16/2010 9.2.0.1013) (HKLM\...\D97688B8E3830BF9820E15EB8D9552DCBF988CFD) (Version: 09/16/2010 9.2.0.1013 - Intel)
Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse  (02/17/2011 15.2.14.0) (HKLM\...\77A943AB876C131591E0EA5DB6AB08D89EE2EA9E) (Version: 02/17/2011 15.2.14.0 - Synaptics)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Wise Registry Cleaner 8.23 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.23 - WiseCleaner.com, Inc.)
X-Rite Device Manager (HKLM-x32\...\{9ACEA9CD-63B9-4784-807B-EA295E96A7C3}_is1) (Version: 1.0 - X-Rite Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2727355821-1189829001-2483972847-1001_Classes\CLSID\{F5DF8D65-559D-4b75-8562-5302BD2F5F20}\InprocServer32 -> C:\Users\admin\AppData\Roaming\2XClient\TuxClientSystem.dll (2X Software Ltd.)

==================== Restore Points  =========================

22-09-2014 04:00:11 Windows-Sicherung
23-09-2014 04:00:10 Windows-Sicherung
24-09-2014 06:57:08 Windows Update
24-09-2014 06:57:26 Windows-Sicherung
25-09-2014 07:21:16 Windows-Sicherung
26-09-2014 08:56:39 Windows-Sicherung
01-10-2014 15:23:33 Windows-Sicherung
02-10-2014 01:00:12 Windows Update
06-10-2014 04:00:14 Windows-Sicherung
07-10-2014 06:35:15 Windows-Sicherung
07-10-2014 06:47:00 Installed Lenovo Solution Center.
07-10-2014 07:44:01 Revo Uninstaller's restore point - Update for Audio Converter
07-10-2014 07:48:53 Revo Uninstaller's restore point - VO Package
08-10-2014 07:29:02 Windows-Sicherung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-10-07 10:08 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {016EDBE6-7142-48BE-B625-2E27458372BA} - System32\Tasks\{C4C7140F-FA99-42CF-8CFA-8C91D3A43985} => C:\Program Files (x86)\LibreOffice 4\program\soffice.exe
Task: {08A4438C-B0FF-4CA7-ACBB-1372E95ACD9B} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {098BBB6E-C9BE-4B51-AE21-042880E6C468} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-10] ()
Task: {10AC1274-37B4-44BB-912B-986A84F9EB5C} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-09-03] (Lenovo)
Task: {162C5A7F-52FB-48B6-9145-A198BE6FEAF1} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-09-03] ()
Task: {255FDC70-F297-4E67-AB0E-562B2D75519C} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: {45A6DF59-FFC9-4CD8-B3E1-8AC820456C01} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {47E8C257-BC97-41D7-935E-C584358276B5} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\pcdrcui.exe [2010-12-10] (PC-Doctor, Inc.)
Task: {4AC1D23B-0EF2-406D-859E-587CDD1DDDDA} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-03] (Lenovo)
Task: {4E825668-3EC3-4118-B503-EECBDB5421CF} - System32\Tasks\Driver Whiz-RTMScan => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe [2013-09-19] (PC Drivers Headquarters)
Task: {622D35A6-C21E-4D89-BF66-7C71B3BC42D1} - System32\Tasks\ScanSoft Background Update => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28] (Nuance Communications, Inc.)
Task: {65E72476-F31C-436E-95D0-A67DFDD66AB6} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {6675D8CF-9B28-4CEB-ABA3-4BDCD777285E} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {6CEA1429-76EF-4EAC-A298-B89E16E4C644} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-09-03] (Lenovo)
Task: {80B53E5E-7FFE-44D6-9979-E42E591BF8AF} - System32\Tasks\Driver Whiz-RTMRules => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe [2013-09-19] (PC Drivers Headquarters)
Task: {96E0118B-8B97-403B-95D2-F2E05DCF5A84} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {9E381594-8B29-4EAF-B0F6-54F91AFA725B} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-09-03] ()
Task: {A20B1E84-E43E-48D3-8B49-CC39983003D7} - System32\Tasks\{9C1E5AC2-E0C0-4B42-8618-219886BB0EA1} => C:\Windows\system32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {A2343AFA-0720-4AD1-9F70-EE2620821137} - System32\Tasks\Driver Whiz-RTMScanRunOnce => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe [2013-09-19] (PC Drivers Headquarters)
Task: {B2089EDE-154D-41FF-B014-8AD072A51D18} - System32\Tasks\Lenovo\SROptimizer => %TRPATH%\SRORest.exe
Task: {B27C9916-1D0D-43E6-9719-FDF1C4DFFA11} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {B41FE74A-40FF-4F59-A7CA-A8246B9BA408} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-09-03] ()
Task: {C4886425-9EC2-40D9-94D7-8299C6AFD210} - System32\Tasks\TVT\LaunchRnR => C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrcmd.exe [2010-12-11] (Lenovo Limited Group Corporation)
Task: {C644179C-EF57-4C69-B214-B24967A287A8} - System32\Tasks\Driver Whiz-RTMUpdater => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe [2013-09-19] (PC Drivers Headquarters)
Task: {CAC2D343-46CA-41B7-A4DE-D596DFDA6BEE} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2010-12-10] ()
Task: {CC24DBE3-F751-462A-B1F4-0B24A5FD4AF3} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {CE9301A4-8DA2-4FC1-B1E5-1F2227BC968D} - System32\Tasks\{DB6587ED-4C05-4A0C-BE9B-8DEF9BE88B98} => C:\Windows\system32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {DD020A19-F1CF-40A6-8A52-71FBC30B2CDD} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {EBA0FC2C-7CDB-4CBA-B5B4-67FD4437D7A1} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-03-07] (Lenovo Group Limited)
Task: {F25DF6A3-E502-4DEA-B35B-6A8B9A8516F1} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
Task: {F4082DC2-0577-4574-B104-567B6C5BEB98} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-05-27] (Lenovo)
Task: {F417C958-E224-46CE-869F-6681179C0ECA} - System32\Tasks\{4A81435E-D2E9-4F92-B4A5-C3C08F938B8B} => C:\Windows\system32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {F802ACC2-3676-4D5F-9574-EE6557A78A5C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2010-12-10] (PC-Doctor, Inc.)
Task: {FB5F56B2-7B62-4C68-AD89-2BC74C07F52D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {FD30C93A-C399-4C61-A929-8FACA6ACE19F} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\pcdrcui.exe

==================== Loaded Modules (whitelisted) =============

2014-07-16 10:24 - 2014-07-16 10:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2011-04-16 09:32 - 2010-10-26 10:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2011-04-16 09:34 - 2011-03-06 13:07 - 00094208 ____N () C:\Windows\System32\IccLibDll_x64.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2011-04-16 09:37 - 2014-03-07 06:04 - 00117248 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2026-04-19 14:06 - 2014-05-01 21:29 - 00098304 _____ () F:\Programme\FileZillaPortable\FileZilla FTP Client\fzshellext_64.dll
2009-05-28 07:09 - 2009-05-28 07:09 - 00049976 ____N () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2014-03-14 17:47 - 2014-03-14 17:47 - 00092504 ____N () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2011-04-16 09:33 - 2011-05-27 02:17 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll
2011-04-16 09:39 - 2010-04-06 18:05 - 02085888 ____N () C:\Program Files\Lenovo\AutoLock\cv210.dll
2011-04-16 09:39 - 2010-04-06 18:04 - 02201088 ____N () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-23 21:43 - 2012-09-23 21:43 - 00010240 ____N () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 ____N () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-09-25 11:33 - 2014-09-25 11:33 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-03-04 22:16 - 2012-03-04 22:16 - 00249664 ____N () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
2014-09-10 13:56 - 2014-09-10 13:56 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

admin (S-1-5-21-2727355821-1189829001-2483972847-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-2727355821-1189829001-2483972847-500 - Administrator - Disabled)
Gast (S-1-5-21-2727355821-1189829001-2483972847-501 - Limited - Disabled)
nadmin (S-1-5-21-2727355821-1189829001-2483972847-1003 - Administrator - Enabled)
UpdatusUser (S-1-5-21-2727355821-1189829001-2483972847-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-10-07 10:07:32.836
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-10-07 10:07:32.756
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-26 15:47:14.696
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-05 18:21:39.027
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-20 19:14:17.895
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-06 19:56:56.218
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-04 14:20:29.577
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-03 19:08:09.864
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-03 18:54:27.128
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-03 18:25:25.378
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 47%
Total physical RAM: 3979.23 MB
Available physical RAM: 2078.16 MB
Total Pagefile: 7956.65 MB
Available Pagefile: 5576.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:281.29 GB) (Free:199.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (GA EINS) (Removable) (Total:29.5 GB) (Free:15.23 GB) FAT32
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.63 GB) (Free:2.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 80047904)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=281.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 29.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Statt langer Sprüche: DANKESCHÖN !

Grüsse chic (o


Alt 09.10.2014, 10:52   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz - Standard

Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz

Alt 10.10.2014, 13:47   #7
chic
 
Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz - Standard

Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz



Komisch, dachte, das hätte ich Dir gesternm schon geschickt.
Servus Schrauber:

eset.txt
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=22d3e600f441c245bbc6c9bb566f819b
# engine=20514
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-09 01:31:51
# local_time=2014-10-09 03:31:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1805 16777213 100 100 54002 33952164 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 33961622 164491361 0 0
# scanned=184110
# found=12
# cleaned=0
# scan_time=11105
sh=D3A8BFF5D05F4911365D78E2DEF448FE9FD5599D ft=1 fh=b891977c560c1b9e vn="Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Switch\switch.exe.vir"
sh=1E588BCBFC7C2F2115692014ACBA196E232ACE5F ft=1 fh=45a244a40fc9550e vn="Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Switch\switchsetup_v4.60.exe.vir"
sh=61897FE467FE567D4E93C0E87AF1899DB5416CA2 ft=1 fh=2b4e98822df8a714 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=9C1F74613924FCC1259DC3E2BE0BDB31EA2590D9 ft=1 fh=83932a9109e1e39c vn="Variante von Win32/InstallCore.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\AudioConverter\AudioConverter.exe"
sh=FD0483A45EF23EB4DEF1523906A28A4A5D3C0D77 ft=1 fh=fcf2e467b851cbbd vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe"
sh=16A03B7D45BCB09786444DFC41AD58DE8136DB8D ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Windows\Installer\3dcac2e.msi"
sh=FECAF7BBAEEF3ED39DD29D8910E57E6FF253928C ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[1].7z"
sh=CFC7DA2932ABA2A91E4D5CFD3F187E81A1289571 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[2].7z"
sh=23E643C6B8C6A664F05BF9B8843CE8E7F1B342F1 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[4].7z"
sh=FECAF7BBAEEF3ED39DD29D8910E57E6FF253928C ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[1].7z"
sh=CFC7DA2932ABA2A91E4D5CFD3F187E81A1289571 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[2].7z"
sh=23E643C6B8C6A664F05BF9B8843CE8E7F1B342F1 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[4].7z"
         
checkup.txt
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 TuneUp Utilities 2014   
 TuneUp Utilities 2014 (de-DE)  
 TuneUp Utilities 2014   
 Wise Registry Cleaner 8.23  
 Java 7 Update 10  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 15.0.0.152  
 Adobe Reader XI  
 Mozilla Firefox (32.0.3) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRISCH: FRST.txt

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by admin (administrator) on ZI_PORTABLE on 09-10-2014 16:09:16
Running from C:\Users\admin\Desktop
Loaded Profiles: UpdatusUser & admin (Available profiles: UpdatusUser & admin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(BUFFALO INC.) C:\Windows\System32\TC2Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(BUFFALO INC.) C:\Windows\System32\TC2Tray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\FRITZVPN.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
(Health Info Net AG) C:\Program Files (x86)\HIN Client\hinclient.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
() F:\Programme\Thunderbird-Portable\20131228_unpack\Thunderbird-Portable.exe
(Mozilla Corporation) F:\Programme\Thunderbird-Portable\20131228_unpack\Thunderbird31x\thunderbird.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2014-02-17] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281448 2010-12-17] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [tpcexTray] => C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe [77368 2013-09-25] (BUFFALO INC.)
HKLM\...\Run: [TC2Tray] => C:\Windows\system32\TC2Tray.exe [629656 2012-07-18] (BUFFALO INC.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [X-Rite Legacy Device] => C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe [105984 2010-09-28] (X-Rite Inc.)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-31] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
HKLM-x32\...\Run: [HIN Client] => C:\Program Files (x86)\HIN Client\hinclient.exe [243432 2013-11-28] (Health Info Net AG)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ACTray] => C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe [432472 2014-03-14] (Lenovo)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-1644491937-484763869-1060284298-1114-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [Wallpaper] D:\background\ronja3.jpg
HKU\S-1-5-21-1644491937-484763869-1060284298-1114-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [WallpaperStyle] 0
HKU\S-1-5-21-1644491937-484763869-1060284298-1114-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKU\S-1-5-21-1644491937-484763869-1060284298-1114-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [Intellimenus] 1
HKU\S-1-5-21-1644491937-484763869-1060284298-1114-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoWindowsUpdate] 1
HKU\S-1-5-21-1644491937-484763869-1060284298-1114-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-1644491937-484763869-1060284298-1114-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoThumbnailCache] 1
HKU\S-1-5-21-1644491937-484763869-1060284298-1114-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {421f9ac6-67f9-11e0-bea3-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-1644491937-484763869-1060284298-1613-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {421f9ac6-67f9-11e0-bea3-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [759712 2014-09-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-2727355821-1189829001-2483972847-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [241472 2012-03-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202560 2012-03-05] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk
ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!Fernzugang.lnk
ShortcutTarget: FRITZ!Fernzugang.lnk -> C:\Program Files\FRITZ!Fernzugang\FRITZVPN.exe (AVM Berlin)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk
ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\nadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8100 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8100 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
SSODL: EldosMountNotificator-cbfs4 - {1894063F-D990-48F1-9E09-1B7337AF5955} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {1894063F-D990-48F1-9E09-1B7337AF5955} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {E524A5A6-F0DD-48EA-8BB0-5DC00ECA5388} => C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {E524A5A6-F0DD-48EA-8BB0-5DC00ECA5388} => C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {CE403DA5-2AB4-462D-B794-220F15EDD0F4} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.19

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default
FF SearchEngineOrder.1: Ask Search
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 5016
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1,192.168.1.19,hxxp://swissmedap.ch/,hxxp://postfinance.ch, hxxp://www.swiss.ch, hxxp://www.sbb.ch, hxxp://switchplus.ch, https://www.typmed.eu, hxxp://ga1.dyndns-remote.com/,hxxp://www.dyndns.org/,hxxp://www.swisscom.ch, https://www.yahoo.com/,http:dict.leo.org:80/*.*"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-eng-deu-v20.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-fra-deu.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-ita-deu.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-por-deu.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\searchplugins\leo-spa-deu.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: HP Smart Print - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\Extensions\hpwebprint@hpwebprint.com [2013-11-27]
FF Extension: Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqj5821y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-05]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-11-27]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-02-16]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1044784 2014-10-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [805112 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [337824 2012-11-28] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143776 2012-11-28] (AVM Berlin)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-03-07] (Lenovo.)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-09-03] ()
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
S4 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [251760 2012-03-29] (BUFFALO INC.)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [191328 2013-06-10] (AVM Berlin)
R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2012-03-05] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 TC2Service; C:\Windows\system32\TC2Service.exe [308120 2012-07-18] (BUFFALO INC.)
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-12-11] (Lenovo Group Limited) [File not signed]
S4 tpcexdccs; C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe [134712 2013-09-25] (BUFFALO INC.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
S4 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-12-11] (Lenovo Group Limited)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [648744 2011-08-12] (Ericsson AB)
R2 xritedeviced; C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe [142848 2010-09-28] (X-Rite Inc.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-09-11] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-09-11] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R0 bftpdskc; C:\Windows\System32\drivers\bftpdskc64.sys [72016 2011-07-13] (BUFFALO INC.)
S3 bftpusbx; C:\Windows\System32\drivers\bftpusbx64.sys [20608 2010-10-21] (BUFFALO INC.)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [385728 2013-07-03] (EldoS Corporation)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-03-03] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-03-03] (Ericsson AB)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation)
S3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2011-07-01] (Ericsson AB)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-04-29] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-04-29] (MCCI Corporation)
S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-04-29] (MCCI Corporation)
S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-04-29] (MCCI Corporation)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2011-07-05] (AVM Berlin)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-04-16] ()
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)
S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [30088 2008-06-18] ()
S3 SWNC8U80; C:\Windows\System32\DRIVERS\swnc8u80.sys [196608 2008-06-24] (Sierra Wireless Inc.)
S3 SWUMX80; C:\Windows\System32\DRIVERS\swumx80.sys [191744 2008-06-24] (Sierra Wireless Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-03-26] (TuneUp Software)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2013-07-03] (EldoS Corporation)
S3 wtsmpadap; C:\Windows\System32\DRIVERS\wtsmpadap.sys [56104 2008-04-29] (Swisscom)
S3 WtSmpFlt; C:\Windows\System32\DRIVERS\wtsmpflt.sys [378664 2008-04-29] (Swisscom)
S3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [268840 2011-08-12] (Ericsson AB)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-09 16:09 - 2014-10-09 16:09 - 00029113 _____ () C:\Users\admin\Desktop\FRST.txt
2014-10-09 16:08 - 2014-10-06 21:16 - 02109952 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-10-09 15:57 - 2014-10-09 15:57 - 00854417 _____ () C:\Users\admin\Desktop\SecurityCheck.exe
2014-10-09 12:20 - 2014-10-09 12:20 - 02347384 _____ (ESET) C:\Users\admin\Desktop\esetsmartinstaller_deu.exe
2014-10-08 14:21 - 2014-10-08 14:21 - 00000000 ____D () C:\Windows\ERUNT
2014-10-08 14:03 - 2014-10-08 14:03 - 00000629 _____ () C:\Users\admin\Desktop\TRANSFERS.lnk
2014-10-08 13:56 - 2014-10-08 14:20 - 00000000 ____D () C:\AdwCleaner
2014-10-08 13:51 - 2014-10-08 13:51 - 00002846 _____ () C:\mbam.txt
2014-10-08 13:16 - 2014-10-09 14:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-08 13:16 - 2014-10-08 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-08 13:16 - 2014-10-08 13:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-08 13:16 - 2014-10-08 13:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-08 13:16 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-08 13:16 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-08 13:16 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-07 12:18 - 2014-10-07 12:18 - 01957888 _____ () C:\Windows\Minidump\100714-15303-01.dmp
2014-10-07 10:27 - 2014-10-07 10:27 - 00000101 ____H () C:\.~lock.ComboFix.txt#
2014-10-07 10:14 - 2014-10-07 10:14 - 00032617 _____ () C:\ComboFix.txt
2014-10-07 09:57 - 2014-10-07 10:14 - 00000000 ____D () C:\Qoobox
2014-10-07 09:57 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-07 09:57 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-07 09:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-07 09:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-07 09:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-07 09:57 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-07 09:57 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-07 09:57 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-07 09:56 - 2014-10-07 10:13 - 00000000 ____D () C:\Windows\erdnt
2014-10-07 09:55 - 2014-10-07 09:55 - 05582481 _____ (Swearware) C:\Users\admin\Downloads\ComboFix(1).exe
2014-10-07 09:42 - 2014-10-07 09:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-07 08:47 - 2014-10-07 08:47 - 00002002 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-10-06 23:48 - 2014-10-06 23:48 - 00462288 _____ () C:\Windows\Minidump\100614-14710-01.dmp
2014-10-06 21:18 - 2014-10-09 16:09 - 00000000 ____D () C:\FRST
2014-10-06 21:14 - 2014-10-06 21:14 - 00000000 _____ () C:\Users\admin\defogger_reenable
2014-10-04 09:46 - 2014-10-04 09:46 - 00000000 _____ () C:\Windows\Minidump\100414-15568-01.dmp
2014-10-01 17:19 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 17:19 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-26 19:35 - 2014-09-26 19:35 - 00001697 _____ () C:\Users\Public\Desktop\ShakeHands Kontor 2014.lnk
2014-09-26 19:35 - 2014-09-26 19:35 - 00000000 ____D () C:\Users\admin\AppData\Local\ProSaldo
2014-09-26 19:35 - 2014-09-26 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShakeHands
2014-09-26 19:34 - 2014-09-26 19:34 - 00000000 ____D () C:\Users\admin\Documents\ProSaldo
2014-09-26 19:34 - 2014-09-26 19:34 - 00000000 ____D () C:\Programme
2014-09-25 17:43 - 2014-09-25 17:43 - 43868392 _____ (Health Info Net AG) C:\Users\admin\Downloads\hin_client_windows.exe
2014-09-25 11:33 - 2014-09-25 11:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 01:14 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 01:14 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 19:21 - 2014-09-23 19:21 - 00000082 _____ () C:\Windows\odbc_merge.INI
2014-09-23 19:17 - 2014-09-23 19:22 - 00000000 ____D () C:\Users\admin\Documents\Taxpool-Buchhalter
2014-09-23 19:07 - 2014-09-23 19:07 - 00003186 _____ () C:\Windows\System32\Tasks\{56643D1F-761C-478F-A31F-24E83B3880B1}
2014-09-23 19:01 - 2014-09-23 19:01 - 63249048 _____ () C:\Users\admin\Downloads\taxpool_buchhalter_mini_installation.exe
2014-09-23 18:59 - 2014-09-23 18:59 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-23 18:59 - 2014-09-23 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-21 10:55 - 2014-09-21 10:55 - 00000000 _____ () C:\Windows\Minidump\092114-15210-01.dmp
2014-09-17 15:07 - 2014-09-17 15:07 - 00000000 ____D () C:\Users\admin\.jfreereport
2014-09-16 18:55 - 2014-10-08 15:44 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-09-16 12:54 - 2014-09-23 19:04 - 00001972 _____ () C:\Users\admin\Documents\SyncSettings_F_DESKTOP_FUER_ARCHIV.ffs_gui
2014-09-16 12:38 - 2014-09-16 12:38 - 00000000 _____ () C:\Windows\Minidump\091614-15022-01.dmp
2014-09-14 04:39 - 2014-09-23 19:04 - 00001942 _____ () C:\Users\admin\Documents\SyncSettings_F_NAS2.ffs_gui
2014-09-13 18:10 - 2014-09-13 18:10 - 00000000 ____D () C:\Users\admin\Documents\2XPDFStore
2014-09-12 10:38 - 2014-09-12 10:41 - 224940032 _____ () C:\Users\admin\Downloads\LibreOffice_4.3.1_Win_x86.msi
2014-09-12 10:38 - 2014-09-12 10:38 - 07393280 _____ () C:\Users\admin\Downloads\LibreOffice_4.3.1_Win_x86_helppack_de.msi
2014-09-11 09:45 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 09:45 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 09:45 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 09:45 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 09:45 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 09:45 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 09:45 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 09:45 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 09:45 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 09:45 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 09:45 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 09:45 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 09:45 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 09:45 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 09:45 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 09:45 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 09:45 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 09:45 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 09:45 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 09:45 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 09:45 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 09:45 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 09:45 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 09:45 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 09:45 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 09:45 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 09:45 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 09:45 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 09:45 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 09:45 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 09:45 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 09:45 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 09:45 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 09:45 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 09:44 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 09:44 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 09:44 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 09:44 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 09:44 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 09:44 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 09:44 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 09:44 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 09:44 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 09:44 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 09:44 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 09:44 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 09:44 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 09:44 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 09:44 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 09:44 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 09:44 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 09:44 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 09:44 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 09:44 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 09:44 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 09:44 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 09:42 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 09:42 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 09:17 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 09:17 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 09:13 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 09:13 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-11 09:12 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 09:12 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 09:12 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 09:12 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 09:12 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 17:35 - 2014-09-10 17:35 - 00000962 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-09-10 16:15 - 2014-09-10 16:15 - 06057862 _____ (Tim Kosse) C:\Users\admin\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2014-09-09 22:04 - 2014-09-09 22:04 - 00000112 _____ () C:\Windows\system32\snetcfg.log
2014-09-09 22:00 - 2014-09-09 22:00 - 03784904 _____ (WiseCleaner.com ) C:\Users\admin\Downloads\WPCASetup.exe
2014-09-09 21:17 - 2014-09-13 18:21 - 00000000 ____D () C:\Users\admin\AppData\Roaming\2XClient
2014-09-09 21:17 - 2014-09-09 21:17 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2X
2014-09-09 21:08 - 2014-09-09 21:08 - 00003062 _____ () C:\Windows\System32\Tasks\{9C1E5AC2-E0C0-4B42-8618-219886BB0EA1}
2014-09-09 21:04 - 2014-09-09 21:04 - 00003062 _____ () C:\Windows\System32\Tasks\{DB6587ED-4C05-4A0C-BE9B-8DEF9BE88B98}
2014-09-09 21:04 - 2014-09-09 21:04 - 00003062 _____ () C:\Windows\System32\Tasks\{4A81435E-D2E9-4F92-B4A5-C3C08F938B8B}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-09 16:06 - 2011-04-16 09:42 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-10-09 16:05 - 2011-04-16 09:42 - 00000382 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-10-09 16:01 - 2013-09-11 08:12 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Skype
2014-10-09 15:56 - 2014-05-12 10:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-09 15:42 - 2014-04-20 10:37 - 00000000 ____D () C:\Users\admin\Desktop\verwaltung
2014-10-09 15:41 - 2011-04-16 09:19 - 01753198 _____ () C:\Windows\WindowsUpdate.log
2014-10-09 15:41 - 2009-07-14 06:51 - 00174474 _____ () C:\Windows\setupact.log
2014-10-09 15:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-10-08 20:28 - 2014-02-10 19:55 - 00000000 ____D () C:\Users\admin\AppData\Roaming\FileZilla
2014-10-08 15:51 - 2009-07-14 06:45 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-08 15:51 - 2009-07-14 06:45 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-08 15:42 - 2011-04-16 09:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-08 15:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-08 15:37 - 2011-04-16 09:31 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-10-08 15:37 - 2011-04-16 09:31 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-10-08 15:37 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-08 14:16 - 2011-04-16 09:36 - 00192580 _____ () C:\Windows\PFRO.log
2014-10-08 14:15 - 2013-08-19 13:51 - 00000000 ____D () C:\Users\admin
2014-10-08 14:05 - 2013-08-19 13:53 - 00000000 ____D () C:\Users\admin\AppData\Local\Lenovo
2014-10-08 13:38 - 2009-07-24 19:29 - 00000000 ____D () C:\Windows\Panther
2014-10-07 12:34 - 2013-09-11 16:27 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-07 12:34 - 2013-09-11 16:25 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-07 12:34 - 2013-09-11 16:25 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-07 12:18 - 2014-09-05 18:51 - 535049227 _____ () C:\Windows\MEMORY.DMP
2014-10-07 12:18 - 2013-12-22 21:07 - 00000000 ____D () C:\Windows\Minidump
2014-10-07 10:10 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-07 10:08 - 2009-07-14 04:34 - 69992448 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-10-07 10:08 - 2009-07-14 04:34 - 24379392 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-10-07 10:08 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-10-07 10:08 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-10-07 10:08 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-10-07 08:47 - 2014-07-15 18:26 - 00000000 ____D () C:\Users\admin\AppData\Roaming\LSC
2014-10-07 08:47 - 2012-07-17 12:25 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-10-07 08:47 - 2011-04-16 09:23 - 00000000 ____D () C:\Program Files\Lenovo
2014-10-07 08:46 - 2011-04-16 09:42 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-10-06 22:54 - 2014-06-12 11:34 - 00000085 _____ () C:\Users\admin\AppData\Roaming\WB.CFG
2014-10-06 10:06 - 2013-11-27 17:16 - 00000000 ____D () C:\Users\admin\AppData\Roaming\HpUpdate
2014-10-04 13:38 - 2014-05-07 23:35 - 00001863 _____ () C:\Users\admin\Desktop\20140512_RA_007_SVA_Bern_11341.lnk
2014-10-04 10:52 - 2014-02-19 07:56 - 00000600 _____ () C:\Users\admin\AppData\Local\PUTTY.RND
2014-09-29 18:16 - 2013-09-29 17:26 - 00002282 ____H () C:\Users\admin\Documents\Default.rdp
2014-09-29 17:25 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-29 11:46 - 2014-05-05 14:34 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-09-25 19:02 - 2013-08-19 14:12 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Adobe
2014-09-25 17:58 - 2013-10-27 11:41 - 00001937 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HIN Client.lnk
2014-09-25 17:58 - 2013-10-27 11:41 - 00001937 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HIN Client Deinstallationsprogramm.lnk
2014-09-25 17:58 - 2013-10-27 11:40 - 00000000 ____D () C:\Program Files (x86)\HIN Client
2014-09-25 16:42 - 2013-08-19 15:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 18:26 - 2014-02-16 15:37 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2014-09-24 18:26 - 2014-02-16 15:37 - 00002221 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2014-09-24 18:26 - 2014-02-16 15:37 - 00002060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-09-24 15:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-23 19:04 - 2014-08-20 16:42 - 00001945 _____ () C:\Users\admin\Documents\SyncSettings_F_ZENTRALE.ffs_gui
2014-09-23 19:03 - 2014-06-20 10:34 - 00000943 _____ () C:\Users\Public\Desktop\FreeFileSync.lnk
2014-09-23 19:03 - 2014-06-20 10:34 - 00000933 _____ () C:\Users\Public\Desktop\RealtimeSync.lnk
2014-09-23 19:03 - 2014-04-17 18:11 - 00000955 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
2014-09-23 19:03 - 2014-04-17 18:11 - 00000945 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealtimeSync.lnk
2014-09-23 18:59 - 2014-04-01 18:31 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-23 18:59 - 2013-09-11 08:12 - 00000000 ____D () C:\ProgramData\Skype
2014-09-21 15:15 - 2014-08-28 18:03 - 00000000 ____D () C:\Users\admin\Desktop\für POSTBOX
2014-09-21 14:43 - 2013-08-23 20:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 22:07 - 2013-10-18 14:59 - 00000000 ____D () C:\ProgramData\32nd America's Cup
2014-09-16 18:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-16 12:53 - 2013-11-25 16:35 - 00000000 ____D () C:\Users\admin\Desktop\für ARCHIVDATA
2014-09-15 08:27 - 2013-08-19 18:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-15 08:21 - 2012-07-17 14:00 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-12 12:45 - 2014-05-05 14:34 - 00003676 _____ () C:\Windows\System32\Tasks\HP-Online-Aktualisierungsprogramm
2014-09-11 09:53 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-11 09:43 - 2013-12-22 11:40 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 13:57 - 2014-05-12 10:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 13:56 - 2013-08-23 20:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 13:56 - 2013-08-23 20:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-09 22:18 - 2014-09-05 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Fernzugang
2014-09-09 22:18 - 2014-09-05 13:23 - 00000000 ____D () C:\Program Files\FRITZ!Fernzugang
2014-09-09 22:02 - 2014-06-13 10:13 - 00000000 ____D () C:\Users\admin\AppData\Roaming\WiseUpdate

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\avgnt.exe
C:\Users\admin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-06 00:51

==================== End Of Log ============================
         
--- --- ---

--- --- ---



Ergebnis VIEL besser: explorer.exe "wächst" jetzt auf 57.000 kB, scheint aber (toi toi toi) die Grösse stabil zu halten - hatte seit gestern nachmittag keinen Neustart des explorers mehr nötig.

Magst Du mir noch einmal zusammenfassen, was "versifft" war? Und was Du mir zum besseren Schutz anrätst? Das wäre super.



Grüsse chic (o

Alt 11.10.2014, 11:26   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz - Standard

Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz



Java und Adobe updaten.


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 5016
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1,192.168.1.19,hxxp://swissmedap.ch/,hxxp://postfinance.ch, hxxp://www.swiss.ch, hxxp://www.sbb.ch, hxxp://switchplus.ch, https://www.typmed.eu, hxxp://ga1.dyndns-remote.com/,hxxp://www.dyndns.org/,hxxp://www.swisscom.ch, https://www.yahoo.com/,http:dict.leo.org:80/*.*"
FF NetworkProxy: "type", 0
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Da war jede Menge Adware


Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.10.2014, 10:15   #9
chic
 
Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz - Standard

Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz



Moinmoin Schrauber.

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-10-2014 01
Ran by admin at 2014-10-12 10:13:19 Run:1
Running from C:\Users\admin\Desktop
Loaded Profiles: UpdatusUser & admin (Available profiles: UpdatusUser & admin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 5016
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1,192.168.1.19,hxxp://swissmedap.ch/,hxxp://postfinance.ch, hxxp://www.swiss.ch, hxxp://www.sbb.ch, hxxp://switchplus.ch, https://www.typmed.eu, hxxp://ga1.dyndns-remote.com/,hxxp://www.dyndns.org/,hxxp://www.swisscom.ch, https://www.yahoo.com/,http:dict.leo.org:80/*.*"
FF NetworkProxy: "type", 0
         
*****************

Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.

==== End of Fixlog ====
         
Danke nochmal. Toll. Thread bitte abhaken.

Beste Grüsse chic (o

Alt 13.10.2014, 09:15   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz - Standard

Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz
converter, desktop, explorer frisst speicher, feedback, fehlercode 0x3, fehlercode 0x40000015, fehlercode 0x81000006, fehlercode 0xc0000005, flash player, hotspot, mobogenie, mobogenie entfernen, msiexec.exe, officejet, pup.optional.opencandy, pup.optional.outbrowse, pup.optional.searchprotect.a, pup.optional.systemspeedup, pup.optional.updater.a, pwmtr64v.dll, sierra, speicherplatz, svchost.exe, win32/bundled.toolbar.ask.d, win32/bundled.toolbar.ask.f, win32/bundled.toolbar.google.c, win32/installcore.a, win64/systweak.a, windows



Ähnliche Themen: Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz


  1. IE-Explorer funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 04.11.2015 (20)
  2. Speichern nicht mehr möglich, Speicherplatz angeblich voll, Internal Error
    Plagegeister aller Art und deren Bekämpfung - 16.11.2014 (11)
  3. Win 7 : Kein Speicherplatz mehr auf C und nach Loeschen von Dateien wird C schnell gefuellt - aber wovon?
    Plagegeister aller Art und deren Bekämpfung - 09.03.2014 (38)
  4. Explorer.exe funktioniert nicht mehr
    Alles rund um Windows - 31.01.2014 (4)
  5. WIN7 Absturz, CHKDSK erzeugt kurzfristig mehr Speicherplatz auf SSD
    Alles rund um Windows - 22.10.2013 (2)
  6. explorer.exe frisst sich mehr und mehr Speicher an
    Log-Analyse und Auswertung - 29.03.2013 (22)
  7. Keine Anmeldung bei Windows mehr möglich. Passwort feld fehlt. Kein Internet mehr. Kein Admin mehr.
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (5)
  8. IBM-Sicherheitsreport: Mehr komplexe, mehr mobile und mehr zielgerichtete Angriffe
    Nachrichten - 01.10.2011 (0)
  9. Windows-Explorer funktioniert nicht mehr - explorer.exe
    Alles rund um Windows - 21.12.2009 (0)
  10. Programme starten nicht mehr / Explorer nicht mehr durch Firewall blockiert
    Log-Analyse und Auswertung - 08.10.2009 (11)
  11. Hacking at Random: Mehr Bandbreite, mehr Weitsicht, mehr Zukunft
    Nachrichten - 18.08.2009 (0)
  12. Win explorer funktioniert nicht mehr
    Mülltonne - 09.11.2008 (0)
  13. internet explorer funzt net mehr.....
    Log-Analyse und Auswertung - 10.06.2008 (1)
  14. Explorer will nicht mehr
    Log-Analyse und Auswertung - 26.10.2007 (9)
  15. kein explorer mehr!?
    Log-Analyse und Auswertung - 07.12.2006 (5)
  16. explorer.exe startet nicht mehr
    Log-Analyse und Auswertung - 13.07.2006 (2)
  17. explorer will net mehr
    Log-Analyse und Auswertung - 25.08.2004 (3)

Zum Thema Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz - Guten Tag. Auf meinem Laptop (Lenovo t420i) verwendet explorer.exe nach dem start ~ 25.000 K, was dann beim standardmässigen Arbeiten (installierte Programme ANTIVIR, FIREFOX, THUNDERBIRD, LIBRE OFFICE, ACROBAT) langsam auf - Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz...
Archiv
Du betrachtest: Win 7 Pro - explorer.exe belegt mehr und mehr Speicherplatz auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.